Malware Analysis Report

2024-10-23 21:50

Sample ID 240909-ql4k9szekl
Target 2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476
SHA256 2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476
Tags
amadey stealc c7817d rave discovery evasion persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476

Threat Level: Known bad

The file 2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476 was found to be: Known bad.

Malicious Activity Summary

amadey stealc c7817d rave discovery evasion persistence stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Identifies Wine through registry keys

Checks BIOS information in registry

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-09 13:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-09 13:21

Reported

2024-09-09 13:24

Platform

win7-20240903-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Wine C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\b939a4f269.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\b939a4f269.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2112 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2112 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2112 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2112 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2856 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe
PID 2856 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe
PID 2856 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe
PID 2856 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe
PID 2856 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe
PID 2856 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe
PID 2856 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe
PID 2856 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe
PID 2856 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe
PID 2856 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe
PID 2856 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe
PID 2856 wrote to memory of 660 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe

"C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe

"C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\b939a4f269.exe"

C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe

"C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe"

Network

Country Destination Domain Proto
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 185.215.113.103:80 185.215.113.103 tcp
RU 185.215.113.103:80 185.215.113.103 tcp

Files

memory/2112-0-0x0000000000020000-0x00000000004DA000-memory.dmp

memory/2112-1-0x0000000077D00000-0x0000000077D02000-memory.dmp

memory/2112-2-0x0000000000021000-0x000000000004F000-memory.dmp

memory/2112-3-0x0000000000020000-0x00000000004DA000-memory.dmp

memory/2112-5-0x0000000000020000-0x00000000004DA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 34c7ab92d1a35ce4ba88bc394e2a25f2
SHA1 72cec5d2f3bcd4c72a8bac0824655446220d0cf7
SHA256 2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476
SHA512 e77e2efa1db8152eb8fdbd5247e6e399930ef77d3dc6fba0cf6098308415292949884f59fc895e3882baa2e333ecd0c55f9d55c043cfa846e3edddfab77076c0

memory/2112-14-0x0000000000020000-0x00000000004DA000-memory.dmp

memory/2856-16-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-17-0x0000000000A51000-0x0000000000A7F000-memory.dmp

memory/2856-18-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-19-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-22-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-21-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-23-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-24-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-25-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-26-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-27-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-28-0x0000000000A50000-0x0000000000F0A000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\783b44f53c.exe

MD5 c06c4e6ed6f4c67541e9cdacb508f653
SHA1 0a587b8151e8634a48dd686157b45a2e0477093c
SHA256 75406b44f46f30aed814150ed323b10f34d6e68b585a75b6e9796f556f1cd691
SHA512 93f7d6ee59b28bf72d1bfe16c5482d9fa0e1eb0f8ce9b901dc31a66b07e2e65cf21972723c90d5f86826d2cad53d126f18f1ae085416cc203059fa3c13d71440

memory/1968-47-0x0000000000930000-0x0000000000FB8000-memory.dmp

memory/2856-45-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2856-44-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2856-64-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2856-63-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-66-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2108-67-0x0000000000FF0000-0x0000000001678000-memory.dmp

memory/1968-69-0x0000000000930000-0x0000000000FB8000-memory.dmp

memory/2108-70-0x0000000000FF0000-0x0000000001678000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000033001\ecd7a7f447.exe

MD5 0df4978ab22502c7ae122ab13a255448
SHA1 845169633a45d0bc64c4799c0b5118ce6148131f
SHA256 e2a03fd46d56cb79ec4c0cbef9e6fe2bd3067418f81f77355c908cfeae03ee76
SHA512 d1b2a6ac51348f698f4d06ba62be48150fc7e1c0fdb1a99853caf555c3afcf76eea26a5862768c54a113bef2d5ee84d8c5f49c1903fecc7e15ee0282b903a69a

memory/2856-85-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2856-86-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2856-87-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2856-88-0x0000000006620000-0x0000000006CA8000-memory.dmp

memory/2856-89-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-90-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-91-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-92-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-93-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-94-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-95-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-96-0x0000000000A50000-0x0000000000F0A000-memory.dmp

memory/2856-97-0x0000000000A50000-0x0000000000F0A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-09 13:21

Reported

2024-09-09 13:24

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\96783aaf7c.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\96783aaf7c.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703617726891803" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{10C16691-5760-4565-AC34-855441DF5CEF} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4832 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 4832 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 4832 wrote to memory of 728 N/A C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 728 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe
PID 728 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe
PID 728 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe
PID 728 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe
PID 728 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe
PID 728 wrote to memory of 4844 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe
PID 728 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe
PID 728 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe
PID 728 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe
PID 4752 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 4488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1796 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe

"C:\Users\Admin\AppData\Local\Temp\2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3708,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8

C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe

"C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\96783aaf7c.exe"

C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe

"C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff95e63d198,0x7ff95e63d1a4,0x7ff95e63d1b0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2228,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1844,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2500,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=2524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3500,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3508,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4508,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5004,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5020,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5288,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4092,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4024,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5468,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5852,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5916,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6120,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6140,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6156,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6460,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5628,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6408,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7256,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7244,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7272,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7300,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7284,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7356,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7348,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=8000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7648,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8120,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=7528,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6544,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6544,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6444,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6916,i,10327928235102282704,15032659608670167995,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 8.8.8.8:53 10.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 103.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 88.221.135.81:443 bzib.nelreports.net tcp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 184.28.198.162:443 www.bing.com tcp
GB 184.28.198.65:443 www.bing.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 81.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.198.28.184.in-addr.arpa udp
US 8.8.8.8:53 65.198.28.184.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com udp

Files

memory/4832-0-0x0000000000A90000-0x0000000000F4A000-memory.dmp

memory/4832-1-0x0000000076F94000-0x0000000076F96000-memory.dmp

memory/4832-2-0x0000000000A91000-0x0000000000ABF000-memory.dmp

memory/4832-3-0x0000000000A90000-0x0000000000F4A000-memory.dmp

memory/4832-5-0x0000000000A90000-0x0000000000F4A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 34c7ab92d1a35ce4ba88bc394e2a25f2
SHA1 72cec5d2f3bcd4c72a8bac0824655446220d0cf7
SHA256 2202197b7208d7fc9a9984699081c74721cebd620a6672868ac7948ec2e05476
SHA512 e77e2efa1db8152eb8fdbd5247e6e399930ef77d3dc6fba0cf6098308415292949884f59fc895e3882baa2e333ecd0c55f9d55c043cfa846e3edddfab77076c0

memory/728-16-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/4832-15-0x0000000000A90000-0x0000000000F4A000-memory.dmp

memory/728-18-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-19-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-20-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/1052-22-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/1052-23-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/1052-26-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/1052-25-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/1052-27-0x0000000000A11000-0x0000000000A3F000-memory.dmp

memory/728-28-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-29-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-30-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-31-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-32-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-33-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-34-0x0000000000A10000-0x0000000000ECA000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\df41356fb1.exe

MD5 c06c4e6ed6f4c67541e9cdacb508f653
SHA1 0a587b8151e8634a48dd686157b45a2e0477093c
SHA256 75406b44f46f30aed814150ed323b10f34d6e68b585a75b6e9796f556f1cd691
SHA512 93f7d6ee59b28bf72d1bfe16c5482d9fa0e1eb0f8ce9b901dc31a66b07e2e65cf21972723c90d5f86826d2cad53d126f18f1ae085416cc203059fa3c13d71440

memory/5084-50-0x0000000000C40000-0x00000000012C8000-memory.dmp

memory/4844-66-0x0000000000610000-0x0000000000C98000-memory.dmp

memory/5084-67-0x0000000000C40000-0x00000000012C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000033001\5486b08c45.exe

MD5 0df4978ab22502c7ae122ab13a255448
SHA1 845169633a45d0bc64c4799c0b5118ce6148131f
SHA256 e2a03fd46d56cb79ec4c0cbef9e6fe2bd3067418f81f77355c908cfeae03ee76
SHA512 d1b2a6ac51348f698f4d06ba62be48150fc7e1c0fdb1a99853caf555c3afcf76eea26a5862768c54a113bef2d5ee84d8c5f49c1903fecc7e15ee0282b903a69a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

MD5 b3609d3ffb4f086643a750f55455572e
SHA1 e6d24c9e310d3e4158c8a9f1354bb41354e9f7d6
SHA256 2e286f0dad1cabebb97d0263a63bac374f2b00737e7766eb9fb916826ad5b751
SHA512 57856dda527458c2bbaa480436f0b09213bb4e5d31f47e31f813764172c5627f9c766dfd9d31707c8c68e49b30c2abca80648496d4a907c9dc35ef563dffc2e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

MD5 cc41fc2c569e63fb8d2d42a328e28969
SHA1 3db1da9e726441c6f0aed985836a860faf30ef08
SHA256 9fed9c6be63a14685b18d455ee1d445bc4326d579f55cfdef0b10a5e486cddb9
SHA512 f6f2bce81c5ea8ce6847362280e8f50d65432dac9308369aded23ea9637271974487c0dd98bd78a1e501fc4003444242dc4f8bc9a9b4fabbad68607c3976bb95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe591a35.TMP

MD5 945b5984f32ac21f06c72f43ed2e466f
SHA1 f305b46170b976556c4afba9801409c56fb3aa47
SHA256 bde6e97aeba349fa546b682672dbf40bb052fc3203caf5979ef154a7fb233543
SHA512 f628baa7cbbdba3f8dc990cda44e1add7dcb4078ae96e39e9358f8569c3e8b762987a486326b4c6134bee47775e119a8e3977360bd139ee440a600e4d54fdfa0

\??\pipe\crashpad_1796_KWHZCFOJBVLQYFGH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

MD5 fd378e12828a601468e10e0e8717ba9f
SHA1 77719bef6afe2751bc310f0e44885105cfebf334
SHA256 cc5feaf6335281788dbf6704a488f142a511838eb92fc75da2b55a35a9f97067
SHA512 fe6d4816de386f388a2415ba59078b93c7f2e7b6119c3005a7b5b3e31087df3cb040730bfc16f0237c60d67a884d306ef9d6e77c1312a5aec7f5bf293408c413

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

MD5 858325d6470b8335cb125062d33c55ff
SHA1 7ade8fc4e9fd43c7f9bd471b9c7efbf720d2c535
SHA256 1b7b4815288544379a048b3b898afc64d325006f74dc545c6d0d8731a2868704
SHA512 befe30ef288321b6b11e5f8dcc8eb6b382dc7f486295792c0ed3e57eac65e52edc41a65297408ec1561fa97a9901433415e98e24331a8fae859e08a865d6ebbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

MD5 e074eb617a04296d6501535edf7f5e61
SHA1 86d271383a1e044ca3658630006785e00276bf80
SHA256 a4b26671a8eb5dd7819841d5877aa7735b4a747cc2b6bcca151f7bd263b26e7d
SHA512 8fe8c941f892800038aa0f3c2dce0589bce167fb1393d66a9eb3e032a7a2c12431e5f28108112ea0e635180b92651fad2b074579c8d270265512af30ba49d9d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Shared Dictionary\cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

memory/728-275-0x0000000000A10000-0x0000000000ECA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4844-325-0x0000000000610000-0x0000000000C98000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 26611dbf21d501cda706e9e66f502401
SHA1 2b5beedfe55e59a50f3bc28b4346736f7a41b96e
SHA256 c43d77ece6dd64c9a3f4bd83d550839e56f790117c72c9ab36a0bc596ef94982
SHA512 8c50fb98615c1776e8796f84914264a5517a1fd9890098e8b2aa4b55cd41a30f834cdb304d5ec151286942171038fc41f797c8a61737a123916e6478bfa2bbf5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 abda5d4cde3d102eaa488a24002ad6c8
SHA1 71b3d712ce43bf0807602e15ad3e5193da7ffec1
SHA256 1b591792d844af3b39c58b4d040d5152f1ddbc5e9d5bdf0ef37ee0e69ce01713
SHA512 446dd9ff61886672ea0a207fe23a15b02bb96f8eb9ec4570c66e5fa66c4ad552faee22be066a6c16cc6b3ad87d010efb5c48d9471fbac18b20a91f03d71b522e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

MD5 7f982d4b1d804321890ce8de8b2cc58d
SHA1 339fb2efee4ae180e1c8d9990e617ea704f8c493
SHA256 73f083e4a5181de1c331ebecbd1ad50d2b78e135c780658001c35606425824a6
SHA512 e36a4fbebef9d759296411b21e2d7da3599e0ead72787d8ab6e648e26e4f80c1559e1726770f3151393d96c3bdcc2079d3385fda0b0c414abae7b794bca713ac

memory/728-378-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/4416-389-0x0000000000A10000-0x0000000000ECA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\c9e40296-92d9-4d58-8d26-0d9d7e5592d9.tmp

MD5 a2f17808a0267739aa027a46e8111199
SHA1 82fba0c3fb602d835de0f227fee48e921aa2e51c
SHA256 bb9c0cc9038a3702d0e08b0e71782abfb69ae955d32589c24a5256aca307a1a4
SHA512 d1545225195434f5fa900b58c712581738e2450b36a30c690b5aef166d9f41b1900625dbe536518dba5748c2b4910eb6499b1350ed2976ce2f5a6b456a646718

memory/728-495-0x0000000000A10000-0x0000000000ECA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index

MD5 1ad050e836ed26c2d03545467873823d
SHA1 2a078ca68939662266e73b72c84723774189aa9f
SHA256 b5171722557a16570e21f4b0aa6e5f8e4573e1ff00479283047ed4ad2e6c244a
SHA512 6f4205889521a467da91278fdaf061110f637d3881e2fd730bb7179dab02351428eb834c704aa20703ed622ebb2dc9c7d81d18553e4a1ef756a4ae0b3eebf0a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index

MD5 286246b987d65087b18fa8779f909592
SHA1 d9a8be8b722913fa20e9f0768ed222102aee43f3
SHA256 4c037e012a2a585b7087d2af86f44d5565c9f4b3fb5ab921ef5a2c284c090a8b
SHA512 2be2e9dd31048528312781525d6e51db06637d9e36d6155c3fe7573d1805a417b9e96711c80edd3e6c1b3d6f133c24a428c379f19390f177ba7583aebbbd23a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

MD5 784fe5c23f9e86683e2d498aaefa8598
SHA1 37602903e8a5ef506c2dba253abbd5dab051abdd
SHA256 cb47062998a6e9cb61434c02db4c9cc59897b08d6ee0a8b45f96a6484d6d64d3
SHA512 61b3d5e9a9f4f3557f4c2ce4be29c66510501e1ab7b24ffc44670d9d63b2ceaebdfcbb8e6c48d0eadde153f0b50099d0788d7cfa7637758b30cf1d6bfca3da2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index~RFe596e02.TMP

MD5 6a4e4a238dce439cf8178e7d30ae5661
SHA1 8c10166805ce530f987a7b582a81bd2f15e226ad
SHA256 6f1158652683e2e89e541923600ee522c4ceefe03facd8ddac433b6d303ec5d6
SHA512 d762c978ff123c719498b4131a14c4916f509206e52f3c203d3b8aea7f5afd77eac6790ed9189dcd5ce767b9862f12f1929708ef8e2e341eb8e9eceffd54d5a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\0dbbbc12-fd6f-4601-81ea-ea1d917cb71c.tmp

MD5 de341bdf00e66d51459180e23645b5f5
SHA1 58bf7e75921972703616d5cad5bed8029ef32412
SHA256 950989df71d3e66b15f206154cdd33c2b6acf9c93f65db10128b8c0c177c247c
SHA512 158b1f87a91a9dcf487952f440ac15de6b04d6576d4b6c2904a7e88f018890b074ca9a13de58c337f9741508f5fa6039a16cff3d35a9305d1644b2fef3f773c5

memory/728-525-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-550-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-551-0x0000000000A10000-0x0000000000ECA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

MD5 48b562cf57f8e3b33d9ad9a9b32b4b4c
SHA1 d3421c28d88986dba1301e291b920dd23f73b689
SHA256 31b565854b971c9a0df9c9a70ea0dfa367359608594764f13f4f431920d5b1b9
SHA512 c8bda1c7a04d409f478a4b7d16d7e5cc8ad33f00d8b19c913ef74504d6bd764a5b037d748bbe6b9c24a19e8284a5527cea4ee70662869ad975005e2e3908f173

memory/728-562-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-581-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/3580-583-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/3580-585-0x0000000000A10000-0x0000000000ECA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State

MD5 0474af744c5b19175399e919e6528252
SHA1 b0716c65a9ee3512d1a056be1090f331bfb62674
SHA256 1f36c2844d4af2b4bd76c4aea1db365fc2433657b937efcf8de99c670cdb6564
SHA512 c94a043684093601847b20b30dae59e12d3cc9e14f9d703ec928872adc890de2b7a741e988bd18dcb90703d4ff8032f9418b6da5d5d0fa6cb98d85247052236e

memory/728-595-0x0000000000A10000-0x0000000000ECA000-memory.dmp

memory/728-597-0x0000000000A10000-0x0000000000ECA000-memory.dmp