Analysis Overview
SHA256
4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f
Threat Level: Known bad
The file 4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Identifies Wine through registry keys
Checks computer location settings
Executes dropped EXE
Checks BIOS information in registry
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-09 13:01
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-09 13:01
Reported
2024-09-09 13:04
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\bab3876a48.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f929341d7b.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\f929341d7b.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000033001\bab3876a48.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\bab3876a48.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe
"C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe
"C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\f929341d7b.exe"
C:\Users\Admin\AppData\Local\Temp\1000033001\bab3876a48.exe
"C:\Users\Admin\AppData\Local\Temp\1000033001\bab3876a48.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdda0446f8,0x7ffdda044708,0x7ffdda044718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16532355173340251854,17467562972430369413,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/2652-0-0x0000000000590000-0x0000000000A2C000-memory.dmp
memory/2652-1-0x0000000077764000-0x0000000077766000-memory.dmp
memory/2652-2-0x0000000000591000-0x00000000005BF000-memory.dmp
memory/2652-3-0x0000000000590000-0x0000000000A2C000-memory.dmp
memory/2652-4-0x0000000000590000-0x0000000000A2C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 26166cfdb67a25db0273b7840ca4d9f7 |
| SHA1 | b61401f3e1e789d805aa23137a3e9e3b78da59bd |
| SHA256 | 4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f |
| SHA512 | 66ef7f10c1d5bcdac62891b14ee09eb75211712dc1f2283a0db1317500facc17de9e6e652f0d03c5469fc0edaf6b362b57ab720b162facdc369b48d20e4ce36a |
memory/1404-16-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/2652-18-0x0000000000590000-0x0000000000A2C000-memory.dmp
memory/1404-19-0x0000000000CA1000-0x0000000000CCF000-memory.dmp
memory/1404-20-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-21-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-22-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-23-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-24-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-26-0x0000000000CA0000-0x000000000113C000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\6872f6481d.exe
| MD5 | c06c4e6ed6f4c67541e9cdacb508f653 |
| SHA1 | 0a587b8151e8634a48dd686157b45a2e0477093c |
| SHA256 | 75406b44f46f30aed814150ed323b10f34d6e68b585a75b6e9796f556f1cd691 |
| SHA512 | 93f7d6ee59b28bf72d1bfe16c5482d9fa0e1eb0f8ce9b901dc31a66b07e2e65cf21972723c90d5f86826d2cad53d126f18f1ae085416cc203059fa3c13d71440 |
memory/3460-42-0x0000000000B40000-0x00000000011C8000-memory.dmp
memory/3460-51-0x0000000000B40000-0x00000000011C8000-memory.dmp
memory/3460-52-0x0000000000B40000-0x00000000011C8000-memory.dmp
memory/3460-53-0x0000000000B40000-0x00000000011C8000-memory.dmp
memory/384-61-0x00000000003B0000-0x0000000000A38000-memory.dmp
memory/3460-63-0x0000000000B40000-0x00000000011C8000-memory.dmp
memory/384-64-0x00000000003B0000-0x0000000000A38000-memory.dmp
memory/1404-65-0x0000000000CA0000-0x000000000113C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000033001\bab3876a48.exe
| MD5 | 0df4978ab22502c7ae122ab13a255448 |
| SHA1 | 845169633a45d0bc64c4799c0b5118ce6148131f |
| SHA256 | e2a03fd46d56cb79ec4c0cbef9e6fe2bd3067418f81f77355c908cfeae03ee76 |
| SHA512 | d1b2a6ac51348f698f4d06ba62be48150fc7e1c0fdb1a99853caf555c3afcf76eea26a5862768c54a113bef2d5ee84d8c5f49c1903fecc7e15ee0282b903a69a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | a00d8b83c4426ea66170a7ca0f553dd2 |
| SHA1 | 0375913efc98fd4c1fdddcf81dadd3ad74c1ee15 |
| SHA256 | 400052567110765d9756094fb0c75567916d37554eceb60be73b0cb6afb9e609 |
| SHA512 | bfbcb985ae0d1ab6106538b529719c4bb23746277b440b4a06e1aeaec98d9b370e0432e4587ca38b6c286ed9f508344de5f334865efc1d3aff9113e5a084a5f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 6aeaff6a4b292bbb7fc7ec813e699520 |
| SHA1 | 7045741f571d687b1d9e8d720c0603d5bed5dbad |
| SHA256 | 518b7a540cbfa878c8112dce9692849897945a2236fd9086281e4c034f40ba84 |
| SHA512 | 5410c2e0834e1f678cba1bc0450ac00b91b4867b7d3631da59c9d41bc42435bf1de5ed66a3ba160c57f5307998da915d07ff76c5e229fb473dfa5c4bd7a335c6 |
\??\pipe\LOCAL\crashpad_3972_NWDIBJFVGCAZKIOH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 58901d800fc4e63fc33f29106baf6da5 |
| SHA1 | f3b02f06041706eca702bd4ed5edcda261858783 |
| SHA256 | 514c07a87bada78c12f3631cdd37670096d0190c752da14286330eb605882c82 |
| SHA512 | fbffc6195f71bdb9319ebfa069174a70b420e81f5e0f85a09dc17c47977696e16a9a70bd5f1ed92e8de689d71d283438f76571872cd4b4ee27d22bfa7093d899 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\temp-index
| MD5 | d359dc607d668943a34b54503a8f7bc3 |
| SHA1 | 9139cf8f420ee9de3193eaa6827fdef88a213c7a |
| SHA256 | f1eec44291adc7500341a6cbc030fd055461e7f1192c79b6b4816c6ae4549a98 |
| SHA512 | addb234e4b0c7f0b76ddf33a49ef992bcd8639d113b15502f34021a3b2de1aca4a05779fb74a3c55e3fa59bc69e9b008d2f5ffcfc74a7efa3a6366f55f626368 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\37d88ccd-0ccb-4e19-b116-03aafe0f5f2b.tmp
| MD5 | 95c8fbe793c2983927f1e7fcfbefbd1b |
| SHA1 | c8ce51903f8f124bb470f5898b6825971b3c52aa |
| SHA256 | 525e51e18c0c63bb72e8389a70ee2b3ad17ed024eee8ec8a2064a0a6c3f6c372 |
| SHA512 | 2bc5f7c215efbef8ac401630809474e3f50df78f0d145c5e428514d4bfd24339628fc066fb052d252103110b1d4ad47add57623d30a2c352cfe6a3647897c93f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | d1185ed3277343b7f5042a0b0d3f9034 |
| SHA1 | 3539cf807e0d4b314cc8d57543ba84ca073d7665 |
| SHA256 | 926520b637194833bbd35c63f0d87cb475066f4596fb1dd393bcd01ee94972c2 |
| SHA512 | fc08c1816a751a434cae9b8dedbcab6f00a8f72ced45fd93c3789f1644bbf0b74cb570ce20baad31c2e6e6774ab9b3d4b1af6da47f1ca7e67730f38c4a2fd77c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\30AOUN8UXNZ197R73C8B.temp
| MD5 | cd834b61eeb8375de552adb66405460b |
| SHA1 | 4b09e60d0ec5878bb2543956f5e3021d567c867d |
| SHA256 | ad8490b042937137018b3c9f2ac86a9a65bc5ca9273c3e7c27da632deea1d064 |
| SHA512 | b2b66e02fe8a92db98530064aa2561ddcba928565ff2201a3def59248f567664e87c138c11cf78a058c09c3f3caa05fa64145f01eaa3367e1c251372b11348f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/1404-278-0x0000000000CA0000-0x000000000113C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 5a44344dcaaf098a60e9a3b37d3bf6d1 |
| SHA1 | f27180bdbef56fc7b414750a76f1feb5a0450071 |
| SHA256 | adc7572bb06c595e85194146682f9aa952c80805db10baff4269f4598c7c62a4 |
| SHA512 | fd28ccfb1cc894d81dbaa45e971954c93a49c967f855d67eb28e89e0ffba5c84d27eaa924175d9def6d7623bd6dd9d9388465ed28ab8a32c0b25e61be3f86d40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | a2d2317bb7327a9d8e66f8b8faac3222 |
| SHA1 | 8150fbf1be3b685efd833c9c3a759381e84dc2e6 |
| SHA256 | d19204bb5996b65dff1416396d3da491d05c5d4b1fdf01fc4c701f6c494f8d6e |
| SHA512 | 61b63cfac05a243f8e6b9adb5fb8dbd8e4c9f93952c668224a533fe158b51ce44db3e5817a35ba9231f1303d18c34ff8940fe0d3da7da492924331b20731183a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe5824b9.TMP
| MD5 | a1f700cca95c24aee138a506f3a3deeb |
| SHA1 | 016bbfc84bfb81914782d01c1caa045b6edcd5f6 |
| SHA256 | 57f992d3ae579043ab9dec3949b96368a4a36400230fe0eb6f54f079598aa430 |
| SHA512 | ce199ae634d56a26ac91d6c92463110a56267518df5d77e34d0356a640f5e1a04dbf6b270e7fbe89aa29429ab9cf54080eca9aedc5f6a683235d30d64a351234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/1404-355-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/2592-357-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/2592-358-0x0000000000CA0000-0x000000000113C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\10c27bfe-9c0b-4312-9ac4-a8f8d5a9dec8.tmp
| MD5 | 972ca3bba3c97d468a3ee14e1973e56c |
| SHA1 | 9c6b5131c396d108f645a4f158d66c8b0d7a3669 |
| SHA256 | 8deb4288286b799efee87ae13532d50f2609ae1255c3f801615e20f1567711ca |
| SHA512 | f6d38708a2a60d629196258ea1b0ab845ce0dcce329b2295a420ae70453f3576f406a76d916b78dc76f357e9872fa1b8a1be90bb1f072d1a70fa286fe95f4296 |
memory/1404-377-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-378-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-379-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-389-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-399-0x0000000000CA0000-0x000000000113C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 7674d5cb8e4b0f4912f8a32a75bc3a15 |
| SHA1 | 53dc9de5539c3fa67958dcd217664fcb984ff1e9 |
| SHA256 | d8a00552a280034da94ea0330d7383af228394291c6b6291d2a7587d106cdca5 |
| SHA512 | 534857941a2d6cf293e9c4471655cc6aff6394af8184d55cf9a8d3f8efef94d450bf943485f4050d114e39d8b7038fadd517b64dc00de1a69f956a38b9c680ae |
memory/1404-418-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/5748-420-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/5748-422-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-423-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-424-0x0000000000CA0000-0x000000000113C000-memory.dmp
memory/1404-425-0x0000000000CA0000-0x000000000113C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-09 13:01
Reported
2024-09-09 13:04
Platform
win11-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\f5172fca1e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\98e15699d6.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\98e15699d6.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000033001\f5172fca1e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\f5172fca1e.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe
"C:\Users\Admin\AppData\Local\Temp\4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe
"C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\98e15699d6.exe"
C:\Users\Admin\AppData\Local\Temp\1000033001\f5172fca1e.exe
"C:\Users\Admin\AppData\Local\Temp\1000033001\f5172fca1e.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff37cd3cb8,0x7fff37cd3cc8,0x7fff37cd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7588 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9594967392655589251,1375424157973422810,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3548 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/4840-0-0x0000000000120000-0x00000000005BC000-memory.dmp
memory/4840-1-0x0000000077E56000-0x0000000077E58000-memory.dmp
memory/4840-2-0x0000000000121000-0x000000000014F000-memory.dmp
memory/4840-3-0x0000000000120000-0x00000000005BC000-memory.dmp
memory/4840-4-0x0000000000120000-0x00000000005BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 26166cfdb67a25db0273b7840ca4d9f7 |
| SHA1 | b61401f3e1e789d805aa23137a3e9e3b78da59bd |
| SHA256 | 4627b125e316b49fbaa83c3c6132ec06b15d67bb6493552316decae452b9000f |
| SHA512 | 66ef7f10c1d5bcdac62891b14ee09eb75211712dc1f2283a0db1317500facc17de9e6e652f0d03c5469fc0edaf6b362b57ab720b162facdc369b48d20e4ce36a |
memory/4840-17-0x0000000000120000-0x00000000005BC000-memory.dmp
memory/4584-18-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-19-0x0000000000B91000-0x0000000000BBF000-memory.dmp
memory/4584-20-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-21-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-22-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-23-0x0000000000B90000-0x000000000102C000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\5ce92b6c55.exe
| MD5 | c06c4e6ed6f4c67541e9cdacb508f653 |
| SHA1 | 0a587b8151e8634a48dd686157b45a2e0477093c |
| SHA256 | 75406b44f46f30aed814150ed323b10f34d6e68b585a75b6e9796f556f1cd691 |
| SHA512 | 93f7d6ee59b28bf72d1bfe16c5482d9fa0e1eb0f8ce9b901dc31a66b07e2e65cf21972723c90d5f86826d2cad53d126f18f1ae085416cc203059fa3c13d71440 |
memory/3676-39-0x0000000000F90000-0x0000000001618000-memory.dmp
memory/3676-40-0x0000000000F91000-0x0000000000FA5000-memory.dmp
memory/3676-41-0x0000000000F90000-0x0000000001618000-memory.dmp
memory/5008-57-0x0000000000AE0000-0x0000000001168000-memory.dmp
memory/3676-59-0x0000000000F90000-0x0000000001618000-memory.dmp
memory/5008-61-0x0000000000AE0000-0x0000000001168000-memory.dmp
memory/4584-62-0x0000000000B90000-0x000000000102C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000033001\f5172fca1e.exe
| MD5 | 0df4978ab22502c7ae122ab13a255448 |
| SHA1 | 845169633a45d0bc64c4799c0b5118ce6148131f |
| SHA256 | e2a03fd46d56cb79ec4c0cbef9e6fe2bd3067418f81f77355c908cfeae03ee76 |
| SHA512 | d1b2a6ac51348f698f4d06ba62be48150fc7e1c0fdb1a99853caf555c3afcf76eea26a5862768c54a113bef2d5ee84d8c5f49c1903fecc7e15ee0282b903a69a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | cc5c57ad8a7956543a8612fafff76b02 |
| SHA1 | 7472041889feb513669e5c6f3f448763564447fd |
| SHA256 | 2785ac88aa7b1eb23271ad48dd8d1f108e49ef3b4046f4f84cf888d95988baa0 |
| SHA512 | 86850c48ed59df090ae2cc4217036298f8784ed01b02826eb31cecb9f27ca03418fe7977579221e8945dae8900d26acb19cc1a06f2381de65b06c99fecfab97e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 28a3e5f033eb2cddcea27c198c0855da |
| SHA1 | 5914ed429bc6e0dadc5e51c744e864ead7fca54c |
| SHA256 | 22165a9f46851637a1f9bcc123fa4bc2c9a22b6b9927c1f1fabd0af0f4e35a58 |
| SHA512 | 4e7f1533d9dc1ad6166adaa688ad223058366a904e72c9df115576b6c2d8d1edfa2bb6ff84fa524c27ce9fb69295fd5021d0e016e50d6f3ecb668e2734db6ec5 |
\??\pipe\LOCAL\crashpad_5632_MKJFIPOPCJGSCXMP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 4502e91f50323b3100cef6aac4b65c9b |
| SHA1 | b8607eaf0f6d55e9077639dadc93f9eba806a2d8 |
| SHA256 | 7148375a7cec944b7199fc602529c16ce7d8c737197f9e15c3c53ab6ef3fd74d |
| SHA512 | ddf103abe2c76cfe0ce29b7c61452c7d43039ca49ce0ba15b0f7f7b38f02460c9b152d11601986dae84a2a181dd2ba3ec0727b81be1ccdf5e3cabcb3d4ca1ff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 9f2b895c25f366f63e2d55a74516411c |
| SHA1 | 81e5fa178988e3aa5f3a0aee6cbf1979de9bd875 |
| SHA256 | 58c4bd1756778d35c6744b7677bc62284a4b7e1f2405ec7d325f693ffb1456b9 |
| SHA512 | 05060baaa76c1e2ca07266097572b35d09e00759296215c476d025242d7d9da06ff98b8b833da291070ca2e5c7efee18038fd089bb5a9a09980b44daf6180b66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57e985.TMP
| MD5 | e011ce0164cb1a7753264e2e489eda8c |
| SHA1 | ea0ac92d9af2e731ca7d0865f159f5b1aaa3df38 |
| SHA256 | 6455696c9264a946adf1b4a89e5c7b88271e9b3bc983c3370bbc10e9a783a40e |
| SHA512 | 64c35e1eed7b57a92c83c8400840070b4bbb50dee4401e4f26a827b5944ffec18a70bb621e9645789512c2a4ac81fe9deef5c15bf7542e602ebd33c0fc811fc7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | ffb26e1f5ecd232f2983bdc280035365 |
| SHA1 | 89baabc8f53590d7d481b867fb8569ce404d3f31 |
| SHA256 | 1bb84a53e70a61906860c7f6d40d022ed6717f94a0a47e42c7c7fdc7a2a265ee |
| SHA512 | 769a7c9f96bc53aa1698b7107ca148cd8fa549d1a00785c175af6ee9a59df3adcf4f485b882b783ff55e797d6c7c5e81b97df86a662da11d65c387a3e3b5eba4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3
| MD5 | 2b02a61508b5857937745e7b5a87cb9c |
| SHA1 | 1dd21e40002ec6199751dee6fddd2fe0d79f31c2 |
| SHA256 | 25f6019b7563053b4796dda357d96d106a98aae48b732a9a4b7e598f9aa5e6a8 |
| SHA512 | c8beda8d2c35632700fd719fd656e5d204518ef0568221ce07e4520e0ce1e2d2ac9136f1ddf3e21fddbd7dbd2fc55dd0e71a417cbb6b7bc1182d739b02710b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/4584-219-0x0000000000B90000-0x000000000102C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | 6069832b1d88ce36cc8c18211af59745 |
| SHA1 | d0d654f832c30dbcf9ec190c7179b6a0516ead35 |
| SHA256 | ba604f1cacc0567a72708b8e40601e83a0145a2ecd889c9dc69553325dd1e9f4 |
| SHA512 | 68cbe5c2d1be942c713e8a874e4f50add6d1b57e02b2683340cd7c458ab287321641f079584ff148f78fa89722a76373b0c55b5e8020a82ad410e58cd7f6afbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | e4477a404a213463fb8cb32ed826679a |
| SHA1 | 84f517898635209d8ff41581dcc0d3c0404e2b01 |
| SHA256 | cf98906788cb345f0fbe30d2c56dac4828eab418df0a53f8854835b5f5b74a96 |
| SHA512 | 8b9a3394db19b5b748acb370a7ec63fcaf6e362ad6a19375f55a3dd84ede296199c00218aef8dbbaf1bee1700cc8901f25669575e2f3364cc06b882449aef1e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 6901ff3e306d6216a73603af24d658d5 |
| SHA1 | 71d375303f0cdbd875cf5e65bd54c378a74ed6da |
| SHA256 | 615046cd807d558039fa026f3ec22c038a36c26a277011c031f32bd02bbf3a7c |
| SHA512 | 5374a7fe1a8ce51c64240d8169acb23e5e849fc6df4081312783faecdc7badf9c096dbc478d2f328699ac311653db0496be29c1e4b8c39f3212a95c014290ffb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe581170.TMP
| MD5 | 7cd305734e7580a68023f2a62498e77b |
| SHA1 | 596f93a6a4e1a30369e6138c01a66c134f4f389c |
| SHA256 | 6393accb88fbb19b9861f42a3b5215e18f215b0e0603984137f3e35254766c69 |
| SHA512 | 6f43bee2804e906fca3ee7bf74e9cc59c4d3120ea21197d82ad4ad3db452455f1fb7468eab915012ff0ef03708226a8203ac85afd58c1a8975fcece8c24e00b5 |
memory/4584-288-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-321-0x0000000000B90000-0x000000000102C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be9482c10091452e7da615fe34a7dc9e |
| SHA1 | fcaee9fadbb1b12fba2126191795047a6a71219c |
| SHA256 | fcfdb31f5f8aa41a08962a5a13b9e87af8b3cbe9d930fc8a6fc3ce3c25e1da31 |
| SHA512 | 6912be5d2531f6e34ac5b6f4f361708c9b944816b375cd86c4cc68e0f09b1bc81c91e0507324b719cad0f395d0e20963e6449ddddc5830a9682b65591236160b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d1c4a9552cdee342cb8311907d877c8 |
| SHA1 | 1f50cf8b3e722e21ddae72662fe6704b10d76008 |
| SHA256 | 985f1475cab293f7a5d3e91ac7ae41d8acb3f7809777cd222ed95fc9ca3df08f |
| SHA512 | c5bed20ea6ffb1e04ec5f590921f8a2bbff8055d696cdb3b51933f7e79cd0670c998128631aee7555e791998a583b141cecc0503dc3a45173091677df7eb396a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\345302e2-ae87-4348-b2d9-9d82b6041581.tmp
| MD5 | d663b04eb9b5ead2a4e237b03f180f56 |
| SHA1 | b8bb15867aa7a7f75c5c902ead6c1cd689aff940 |
| SHA256 | 1119bddaffefcca2df5698bc1f987303c4f92dde67829ad68089fa369464d3fe |
| SHA512 | 0367101fc10d6f3303c915d9ead87f567cbd733ddb565d56dc2184870c5c8d982ce9766fdae63a882b389b8555b8e31630893a1dfa62b8c2106fd5e671d608fd |
memory/884-350-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/884-351-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-352-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-353-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-363-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-375-0x0000000000B90000-0x000000000102C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 442de33cb37b6f4cb3f472f766824777 |
| SHA1 | 11a1a59f942f5c61323300db5bf3f0bee2f3fc81 |
| SHA256 | 4a5d83f3c9923faf0c74b6e763b62063d61a7a784439510a8716372ef3616a46 |
| SHA512 | a282c27ed04e67375ae0b8edf4c6eb5e2b99fd52f179acd0b11e96cf3005100ceea4854b657360e107f18010148200f5b61a55cafe3c470bb74fc2e0a614299b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 15cdda39161659e8de81c62e91ad30c6 |
| SHA1 | fa5499ff29791f8b8d8b569a63ee5cf64ca2824e |
| SHA256 | b5a71b15c7e8083f38db7e067cd1826c24244d2d2985b8c054f8e18a2b3f7277 |
| SHA512 | d69059ef42e1ff75fb3b904144c250f291e39e6aad33a70fe607aa31296c2b26288f2ca8371a9e009a733a3cfcaa582a8ad19436f0aab9303ceb6ace0bfc30e2 |
memory/4584-403-0x0000000000B90000-0x000000000102C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | e4f013cfb768dffc9f1d225e95441e3f |
| SHA1 | b6e5941575b105d239c88559db6d7f3e81ce5901 |
| SHA256 | 153645c2da7af42b5092b809dd402a8109fcb158389ab7155509211016b8f270 |
| SHA512 | cf53ce6dc58928113214f893452915c5ad5f01dfe67bdd039e7e215127a856582e0a46548dc3fe4f6cc02bd19908919f12c4d6f8fd86c2f279de602b9ff302d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe590ff4.TMP
| MD5 | ae56616d30945abaef6a3b63c6aeaafa |
| SHA1 | 7272682ec9cd4c3581787fbe8dcd1705803c5780 |
| SHA256 | 02ae2e8972acf05cb796f403517dc03661dab0915d478c0c908e0ac769b37a43 |
| SHA512 | 4c83ff10bb69cbd59c2ead2dfaf41b619ab9e3acc8108d7e6fc7b52da73cd71e146a03c61d1ce5ef72b2e433ac9976c9f922c5e3fe29e35274688c17d9d304ad |
memory/4584-413-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/3456-415-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-416-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-417-0x0000000000B90000-0x000000000102C000-memory.dmp
memory/4584-418-0x0000000000B90000-0x000000000102C000-memory.dmp