Analysis Overview
SHA256
c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d
Threat Level: Known bad
The file c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks computer location settings
Identifies Wine through registry keys
Executes dropped EXE
Checks BIOS information in registry
Adds Run key to start application
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-09 14:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-09 14:47
Reported
2024-09-09 14:50
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\99cc787ee0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\99cc787ee0.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\99cc787ee0.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000033001\99cc787ee0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\99cc787ee0.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe
"C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe
"C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\99cc787ee0.exe"
C:\Users\Admin\AppData\Local\Temp\1000033001\99cc787ee0.exe
"C:\Users\Admin\AppData\Local\Temp\1000033001\99cc787ee0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbee1246f8,0x7ffbee124708,0x7ffbee124718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11510054031048855456,336799601486973634,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7324 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/3600-0-0x0000000000E00000-0x00000000012A9000-memory.dmp
memory/3600-1-0x0000000077A54000-0x0000000077A56000-memory.dmp
memory/3600-2-0x0000000000E01000-0x0000000000E2F000-memory.dmp
memory/3600-3-0x0000000000E00000-0x00000000012A9000-memory.dmp
memory/3600-4-0x0000000000E00000-0x00000000012A9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | d5fcf8cf3ca99a694ee9b8a97776e64a |
| SHA1 | 07542ce45f902bdc773702e17621cc600d3df50b |
| SHA256 | c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d |
| SHA512 | 90da999cc41cef8a44a3b0186b2de606567414024a60e1467f970e39d64f67af254067e11ac19c7f8f7e1e270c3a71cd9214de4773044e68616dfb053c058e2e |
memory/3600-17-0x0000000000E00000-0x00000000012A9000-memory.dmp
memory/4664-18-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-19-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-20-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-21-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-22-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-23-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-24-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/3880-26-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/3880-27-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/3880-28-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/3880-29-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-30-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-31-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-32-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-33-0x0000000000D90000-0x0000000001239000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe
| MD5 | 110750350e3f833d4de59ed0c7dd1b08 |
| SHA1 | ff21c68dad2c4733ced39aabd130e0406a56ed58 |
| SHA256 | d89f747d96c84dcd1a704731dd4261f6eb69f1498a05cae00a4635169ce5ec20 |
| SHA512 | df963df25b627e0aa446c0170acbfd3589d0b243eae8c34d84cd77940ee1d58b90f4a4739c10053eedd3dc1036a20aaf8cf202c8ed991b487712137ec0d52493 |
memory/1372-49-0x0000000000FB0000-0x0000000001619000-memory.dmp
memory/4844-65-0x0000000000F70000-0x00000000015D9000-memory.dmp
memory/1372-66-0x0000000000FB0000-0x0000000001619000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000033001\99cc787ee0.exe
| MD5 | 80351281b65e08b2ce36f4f40df8a5f1 |
| SHA1 | fc5458c1c2b72403509f9c9c0a33801d92650424 |
| SHA256 | e597fb772319a806f79e33ebe4faaeca8497afbbc3081c9379ea6e9b3c1756b7 |
| SHA512 | e9aa6ac8cc70a1e8af9d0620906e9f53999bab86965e21affbb53bc6e52a28ab3da8d5924c2f877262e8103807762cd6ffea82e0262fa907fbc3fac159734973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 90aff6a94b27c8982017de5cbff48294 |
| SHA1 | 9b14bf60854936580fdd10bd9b4ffeb76bc38e44 |
| SHA256 | eb9839b44fa1cde42a687000023f6b6cfa4ed58a6a0720054c6e633f55addb67 |
| SHA512 | cf619e0e9dff2a8bb11156c66a84addb8de296326e953469102100a3b1cf17f7dd71fdea56dd783c96050b395185c67ae0f61cdf5e7d618bb8e772a4dc28bdc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | e9f216ace133839e4796862f246813e2 |
| SHA1 | d794fd916c59a21ff13adfb0654769e7e038b71b |
| SHA256 | b5f873cf68b5dbf6646ba38d782a4181f55e3c82c38631c2986e62d5b7a890c6 |
| SHA512 | c3171c2a871be7fe06eefd923da61dd092b215b1e91058084cc137bd0b9d2f042ee7d0a402792c977ee5dec2643746e60a1705bb2f7622c33c32c8609eaef7fb |
\??\pipe\LOCAL\crashpad_4416_BFGNKYSTUVQJSCTM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 48f21a709a35429a693230ddf7f40dd5 |
| SHA1 | 124fac3753fb327c36a64e1a0cef8470948d8322 |
| SHA256 | 7f0b1bae29fc94c6a6210f3a73bb871c91ffa2428dac1b55965cd5db17bec9ee |
| SHA512 | 3fa13d590b9d5e57941ce36ab17bd7e341de0d7aa08fb16d267f6abf7167c36abb0b1fd39e2f3b7c430d8f3c6930683cce2b0f1ac52afe99b76a15ba6b3ab669 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | f49fce02b09c71eee081bd13f9a633e0 |
| SHA1 | 3e6291fad2ccfb9567fb9489b28661682347d88e |
| SHA256 | 04c42c7d8ce5893e0ac6c09ca092d08161c2b218f26b40b6f46e5f003b572b95 |
| SHA512 | c616f6ccd898f8177de40fd3925f8c797d00e6da0438996994f39ebb8362e771b34186bd01b7ffdf3e8ddf300c3ddc498877648ac00a598893c45cadba6222a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe5839a9.TMP
| MD5 | 811262096e001a5244e12b9b39dffbef |
| SHA1 | dfd0286763f22c77164a60446d2fe233a91ca1b6 |
| SHA256 | 5889fdf6c90449b0b31d537a1dc0645f45e3ad79c8b14fcc3a2f0c63e40cb51b |
| SHA512 | 31c5b922f40da2d99329b33a88ce67fd93041ca430675d71cce253316817885c06c1c6ed0360058ba9686ce0e0637bf968be279fa8373d61cf006d5c884bb8f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | cc119fc8aa3bcb5117d64652a051d9e1 |
| SHA1 | 7209dd4eac13c7ab02190624c8b6e2a9a51cf12d |
| SHA256 | 197dd6cc2c5f9f88ea6290e9a5b4af762c17cbc0dabc662d1995caf03d75ead1 |
| SHA512 | fb139e1b1dff92b14798bcea5557f18b7d811720647b88251c8131513a9d4a7a5e76c738532f10b69b7a4d282dfbbe5025a79229a7721192e62b542f1726e143 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T9VNYHSHNAWQADGVBNXA.temp
| MD5 | 3591e00e7ae8ef9dc10d7aa138aa8856 |
| SHA1 | 3b8b4a5c03d42ab236f35c4da527e6ab80eac733 |
| SHA256 | b7c067b98c11595f989f033b6a51c44a55abec9091256402562aa577c808baaf |
| SHA512 | 116152e89de2b8817df2bd8eaffbac523642f862a877c4c87b3bb1bd596fdd173da9f90608db47435d20587128ca6deb6e4c0b1d3ddccf30d1acc85928ff89d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/4844-279-0x0000000000F70000-0x00000000015D9000-memory.dmp
memory/4664-280-0x0000000000D90000-0x0000000001239000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | a0f31586fd598328abfdd35e9f4d5429 |
| SHA1 | aa21a42a940e656351c7b90099dff8e5f731540f |
| SHA256 | 557bb9ad4bacd96fdc927b10a7b3f59ddfb7a29bc0431a20aa9d9b9866ba7675 |
| SHA512 | aa8b2289b721dbb0f24a54c62410b7f1aa599b95a234766afb06a817c3e064625823c1c16b5e9885e66fba4202d6ad76cfc9408b6f6f52ffde566b407d4391e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe5861f1.TMP
| MD5 | 504237ad0e94e644e5c3447a70cb04bc |
| SHA1 | 88fc321a17ce27a0d8c6db8edc69cde07e399f08 |
| SHA256 | 9a954565832f5fef87dfc0fe239fe83ad780c31ed0dbb4142e8e076be947c2d4 |
| SHA512 | d0107966dbf53f2fe581091c7987d841525d8ef5db9f593aad6a473fc9957a93e3bad976d758ac0a4be622e292200613510c00d295316a054bcf7590e1553731 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | d59110565d09167e68d51600cd44f599 |
| SHA1 | 3316f8462bc6fcef854ae47471eb220e89c755b9 |
| SHA256 | c42ede860eb783aa2a7df379b787857058482238a46e42c15c43cb2d7c4608a9 |
| SHA512 | a92d84dabe11b6fd73b689681c4081727116edf9f021614fd1469a7602ba38726840de6ddec462c89734b544b2c9a69c3f0d08d9fc9e16654c9e40ccebbd77e5 |
memory/4664-305-0x0000000000D90000-0x0000000001239000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/3972-359-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-360-0x0000000000D90000-0x0000000001239000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\44aa2434-d031-44a6-9495-2b340a781e67.tmp
| MD5 | ca23024e18b5abfcc0f97adb75d62170 |
| SHA1 | 86af723c1c75fa76c80d6ccb0e57a5b7a1fa41d2 |
| SHA256 | 724299d7840dae5302522bf256ac1764fa07090d7ad47f9e7fc4215200d019b2 |
| SHA512 | a10874e7ddd3ecf979bdf89c956cb1954305e70b13c94407226532863c3fd4cc195adeb40c25db890587c5ecba296adc7ec8b77dd66573be912cec8745a1b627 |
memory/4664-379-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-380-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-390-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-400-0x0000000000D90000-0x0000000001239000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 08718aba83d1699ff19eb56e643e4d14 |
| SHA1 | ea2e687f112c4d8c48167cfd76d4bc2ede36be88 |
| SHA256 | 1fbf0f6c61622c39cc16720cf1129893ec1f28a2b59367ae0c26bf45ef944a42 |
| SHA512 | 22932cc357ca58bae4dc97a3e59713eca576856f3c14a2996cb942d0c4405738f55db7b36a2526aa1470650afb3277e9915ceeeb745746d6f7fcb8b936780c22 |
memory/4664-419-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/2884-421-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/2884-422-0x0000000000D90000-0x0000000001239000-memory.dmp
memory/4664-423-0x0000000000D90000-0x0000000001239000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-09 14:47
Reported
2024-09-09 14:50
Platform
win11-20240802-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\4ca0dfc0b9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Windows\CurrentVersion\Run\2553f2e7d0.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\2553f2e7d0.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000033001\4ca0dfc0b9.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\4ca0dfc0b9.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe
"C:\Users\Admin\AppData\Local\Temp\c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe"
C:\Users\Admin\AppData\Local\Temp\1000033001\4ca0dfc0b9.exe
"C:\Users\Admin\AppData\Local\Temp\1000033001\4ca0dfc0b9.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffced0a3cb8,0x7ffced0a3cc8,0x7ffced0a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,6598585354493050750,4129063461901014555,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/2892-0-0x0000000000530000-0x00000000009D9000-memory.dmp
memory/2892-1-0x0000000077B46000-0x0000000077B48000-memory.dmp
memory/2892-2-0x0000000000531000-0x000000000055F000-memory.dmp
memory/2892-3-0x0000000000530000-0x00000000009D9000-memory.dmp
memory/2892-4-0x0000000000530000-0x00000000009D9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | d5fcf8cf3ca99a694ee9b8a97776e64a |
| SHA1 | 07542ce45f902bdc773702e17621cc600d3df50b |
| SHA256 | c583d2baee3ad40a8ce2f25b2427f20e9a6a95d811ca1deef408d6a238278b8d |
| SHA512 | 90da999cc41cef8a44a3b0186b2de606567414024a60e1467f970e39d64f67af254067e11ac19c7f8f7e1e270c3a71cd9214de4773044e68616dfb053c058e2e |
memory/1068-16-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/2892-18-0x0000000000530000-0x00000000009D9000-memory.dmp
memory/1068-19-0x0000000000E31000-0x0000000000E5F000-memory.dmp
memory/1068-20-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-21-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-22-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-23-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-24-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-25-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-26-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/5068-28-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/5068-31-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/5068-30-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/5068-32-0x0000000000E31000-0x0000000000E5F000-memory.dmp
memory/1068-33-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-34-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-35-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-36-0x0000000000E30000-0x00000000012D9000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\08ad955ded.exe
| MD5 | 34a47ed7f5085b9356f39de4dadf714a |
| SHA1 | cd930bd313247817c84198f8edf1e26ef4acab62 |
| SHA256 | 334f24670ab4d6fb54e5bfd2ee1b035f707d570ba9e9177bfd148fd92ecd459f |
| SHA512 | d85ab82ac35d9db7e3b1561302079e1fd65411cbeb118a3e205dc2f71119c8c7b579a184fa45c623bbb8c8f679e1c179ddb793ce698834d88f4a92b07104d6d9 |
C:\Users\Admin\AppData\Local\Temp\1000030001\2553f2e7d0.exe
| MD5 | 110750350e3f833d4de59ed0c7dd1b08 |
| SHA1 | ff21c68dad2c4733ced39aabd130e0406a56ed58 |
| SHA256 | d89f747d96c84dcd1a704731dd4261f6eb69f1498a05cae00a4635169ce5ec20 |
| SHA512 | df963df25b627e0aa446c0170acbfd3589d0b243eae8c34d84cd77940ee1d58b90f4a4739c10053eedd3dc1036a20aaf8cf202c8ed991b487712137ec0d52493 |
memory/3184-67-0x0000000000060000-0x00000000006C9000-memory.dmp
memory/3184-69-0x0000000000060000-0x00000000006C9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000033001\4ca0dfc0b9.exe
| MD5 | 80351281b65e08b2ce36f4f40df8a5f1 |
| SHA1 | fc5458c1c2b72403509f9c9c0a33801d92650424 |
| SHA256 | e597fb772319a806f79e33ebe4faaeca8497afbbc3081c9379ea6e9b3c1756b7 |
| SHA512 | e9aa6ac8cc70a1e8af9d0620906e9f53999bab86965e21affbb53bc6e52a28ab3da8d5924c2f877262e8103807762cd6ffea82e0262fa907fbc3fac159734973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | e7f165f900d4716a5ededd7db3d81c7f |
| SHA1 | 99ef63b4b9a5a4a35e4c0ba331cdfcbc2d1f06d5 |
| SHA256 | 6e7b23ae2718f38318eaf25476148dbdfd9ec3708603682184e58bf6d99a3662 |
| SHA512 | 35fa4e03f602efa850923916277cd83b7bbf5172f343f750073720d357faca418d769a45cdb5fce80efffcc697c4f309e2b4a167618d1a90a516c8645e97072b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | ff2592d99c287564ebcd7ce485698af8 |
| SHA1 | a5945b83d344b22cff36c3132fe93a8b8e763371 |
| SHA256 | a3174c195aca26977465f5b8709e9fb0be36074767dd8c064122adfef29c6f82 |
| SHA512 | 085568a507de2acb2426939dd9dd19a08964bc6240891658c2c685abe41317fc19c2770066e63b57b0e004e1335f16fcc30800a12a6882015659bc8cca9f16b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | f3bfe4b401bcbfe84262555152829cd4 |
| SHA1 | 2d0c340e83d1f14a69edc1cc8f0948e9b35e932a |
| SHA256 | aeec28a9f7a8f94b3f4594c41065c39b01eb2b2f915c6bf726ba9a9c19c651f4 |
| SHA512 | 136607ffcbc456447f3f00101a45b09520182d082576a29f37041cb76b48007f2e78c51fc7d3859f443f670b7c94cc453ada4dd7fe04c29a8532984be0b20a49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 37837bb960c7f20b292201b8d7e5f862 |
| SHA1 | edce02bbbb026e39cd4208ba9e3dc8db517d11f4 |
| SHA256 | a07fd32a06073e723ff9e8af55b988a4362a5b1b2e5984a4eb91b93c04fc548e |
| SHA512 | e9573a507217e0c0ece5e4389c31ec7144ccd8ca2aad568190f16cd512fe5c8b4e3d7aaf38343cfc0fd7c3a030cdc607fff3f2950aafcef7babab16e079b7914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe5857cf.TMP
| MD5 | 92f5f0a849bc3a6a4cd6d89c36e77aa9 |
| SHA1 | a0f1ad79d83c710ce79bcb45e2b59b0196ab2413 |
| SHA256 | bcf3d66cce1226c484b0b6fa36e54aef2dece0c7412435f659e2e401c4111550 |
| SHA512 | dab0fa9d0ce2cf7d79b99ce2307db8aa06a913ebe629a318a59398b1828f7b1b20243e7483da88d9a0a1d1ce764d84b3f4f72bd270f1914df8d713332666aeb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 611922e5b5c4e39231a3472357be5d96 |
| SHA1 | e57a41381f7fa935d704b7b94494ee6a1fe861bd |
| SHA256 | 3720d433bba2a182197885ea47e3c7aea72ff40daeb9c30b0b86f7c3a5c5b764 |
| SHA512 | f948c2e1a79972f7bd1672011479ace537dec50f4eb1c0cffe6e48ef41e8744dbd4e335e3ddb212333ef80eef6bfbabe33278c5825aba586f40e8549abdec665 |
memory/1068-216-0x0000000000E30000-0x00000000012D9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | c5861e056ce648e4f35ce74baa338d7b |
| SHA1 | ea57614f97d70da8fd1be10af0ad776049fea818 |
| SHA256 | 21494ce232384ac38c06ef68a0ad7327f206c05937394873b92fe273ff3e5c3d |
| SHA512 | 7ef3ac49cd17d57c3a1c535b1aa74f35d890b52792fd4c208c4fafa645da94c87317051e43af6308b0598f64f8f1eccc8fbf0fe768611e32a0358ae197d219ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 1605619dbd77b6f2ddab5283a4ab543c |
| SHA1 | e916ce7dc93a095042f907873aebde618e850565 |
| SHA256 | ff31183539f0ecec4b1ce9e05eb64c585dc7581a93bc6c0f917551cdec408a37 |
| SHA512 | bc1f60c05ac4d3d3c027d7fcb5ada1533244d1a331efcba7335f2fb157aa9cce02ece9ce575969ad3973cc4f090a4bd88c4d55df9df9fb49fc78c1f091dcf84d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | bc0a19a9d63381d1f55652ec51ecc90d |
| SHA1 | e0309b94be6497935c7a572962e28261958c6d4b |
| SHA256 | a97cb3753d517a62f3228dbf1c32366348823bb6c33fa4e14e9d413953d726d7 |
| SHA512 | 6a0a1454bae0fcb3179857223b1a52843a3bcc908a22917214494ce20244efa96b3b9c3e1228e39e6f86cc5636b693304da377d48df4a6b0b61d0de76ce7aeaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe587f8b.TMP
| MD5 | c1ef24d50754e059ef581547d7ef0aa6 |
| SHA1 | 85af98b01d25a63ddc84be09f6067d01b1588893 |
| SHA256 | 259e49a7f2127def4f738a0f3970930dee027ecd2c350873684f02290215c27a |
| SHA512 | 17173e10a204fa24095a936b57f5f594a228d73ff69433266df3917a7bea9180ffe41f6615c4078afa53ed025d4913fa12c1b1877e9c00ae3bc80ce54083c7b3 |
memory/1068-295-0x0000000000E30000-0x00000000012D9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/2588-330-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-331-0x0000000000E30000-0x00000000012D9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 47bcc11702900b6caff5dc218ed2ea20 |
| SHA1 | 7dd7354910d6cf68e98497f13741b200aef77c29 |
| SHA256 | 6537569baed20d07b71e88de9bb4491e536a7dbad030695ef7463c5b3b2e2224 |
| SHA512 | 5fadc0b5950b976c4d33ca3c6eea7f0307289d46b2d57a211d18df397e7086f364a290afa46fe4bf5241c347c2b4927a784afb85f0c776efac3b391800bf015b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a426ddf7538f3b9b875dd40aa0efefab |
| SHA1 | c04490586388476dc0ab8683958dcc25e3f751dc |
| SHA256 | 8d8f67ebbd4a4baf0b2fb4dd2bbd46f1fdd18c30b83bfe1361836a32196857ab |
| SHA512 | f8bd27bb409393d62f1c359250c8df43767cda2dd87f8f9e1dccbcf81c29e071158f93673b040f73e0260b6631a141c4a12a11821271767efb409b604e78479b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\e3a4975b-659b-40b3-9f7d-71dd2fb4f223.tmp
| MD5 | 14d7d3ae2eedff2fe9465a7eafa35df3 |
| SHA1 | 677a30da0eda27a0e1853ee75b81327f69c0efae |
| SHA256 | 60e1808dc9ea227517943b4d528c0f83fb1fcc0870e00572a3dfd51130dc66db |
| SHA512 | 7b02141b5c0a4e84fd79bad46a8217e4b848253d5c6f1f5a20f85ab65c006e1293c65515d71ad679b0c817fabceae344bbc1eec39ec657e0acc82c443ad6883d |
memory/1068-359-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-360-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-370-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-382-0x0000000000E30000-0x00000000012D9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\6d713d61-d68b-4966-a1cd-09bafd244f28.tmp
| MD5 | 5e1eb1a3dd97f412a8cb2d2855baa864 |
| SHA1 | cfcda3fcd223c17e80fcdbae058deca731cd2eb3 |
| SHA256 | 8348b6044a0748893c60841c229fb4117284ed7bf101e60581079e03affb32ea |
| SHA512 | 018280f8683333edb9be4ecbcd6a5a42486462a094a58cdb7c05b9325e790153e82834d9f3be1badb20bd2f21ba09f3c0e6d674785f8284399cff4321cf1fc9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 68af472a280f68a5196e231e4bab75af |
| SHA1 | e57f6a09d52a3b8759fc5296ec2f6a47370862d4 |
| SHA256 | 0a4230c6f901563aa5d8949994aa4be0e3c6facc1d22dc1988ad39474b0fa298 |
| SHA512 | bb7fbbbf9150eef302ebf79873061aad2f4417d480056b87990bec9cbc7e0b53e43ba04cc1e0149415cfbf963d7f502af6921166de962d0a4bcac1b32bd391e5 |
memory/1068-410-0x0000000000E30000-0x00000000012D9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe597323.TMP
| MD5 | 97133a00b1adb1a737d93bc54d6edc56 |
| SHA1 | c18538f78fca4d67141c69ab66eb59906f8e52b5 |
| SHA256 | 51c31f83440e110534b9fcfd8a47c657373f27c41ca071eb66b4d89d2495383d |
| SHA512 | c3915ec8e2a249f54b3d43e2989dcd8cdf8c05e8e286ec14077e77623458374776b004adc4c403d380151437ac9c70d895f6e81580615cc8977cc833126781e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | 9b2632edcdb7dca43e795c83e299dfaa |
| SHA1 | 4cfcae01d0772a22b6497bbbeeb6b5b8cea8e62b |
| SHA256 | 8689e9796e86dd7e19ae8b4eed0664f0f34008e6a0eebc5d834196aa5e3b023d |
| SHA512 | f92f4bd2a9fad79d9c09bad1b2f01f3a7e0bc63217f893a9bd64f95f0716846c8c15c7ba93bbfa81666860b0703956419dc2ce2bc54f8bbbd18cc86c397cabc1 |
memory/3644-421-0x0000000000E30000-0x00000000012D9000-memory.dmp
memory/1068-422-0x0000000000E30000-0x00000000012D9000-memory.dmp