Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/09/2024, 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe

  • Size

    1.8MB

  • MD5

    30ac84841a731fa47a3ce25033db8449

  • SHA1

    7c2c107362576bd653e0dc6f96be4d7295d70889

  • SHA256

    07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4

  • SHA512

    d56c10c8af777e516ed343544c7b17eb5b1a9553c283da53728013adf1e5d572cf290be6502d25b42f8b617b36a754c39a320dfa4eb545e382de3689a3547e9f

  • SSDEEP

    49152:g5kAmXhdOEgEjSVfpIfEA9fXK92mGWuYn7KU5:gW/sVsdWLnGU

Score
10/10
amadeystealcc7817dravediscoveryevasionpersistencestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

c7817d

C2

http://31.41.244.10

Attributes
  • install_dir

    0e8d0864aa

  • install_file

    svoutse.exe

  • strings_key

    5481b88a6ef75bcf21333988a4e47048

  • url_paths

    /Dem7kTu/index.php

rc4.plain

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 6 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 12 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 6 IoCs
  • Identifies Wine through registry keys 2 TTPs 6 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe
    "C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
      "C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe
        "C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2308
      • C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe
        "C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:3944
      • C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe
        "C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4720
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
          4⤵
          • Enumerates system info in registry
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:4232
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe178c3cb8,0x7ffe178c3cc8,0x7ffe178c3cd8
            5⤵
              PID:2760
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1784 /prefetch:2
              5⤵
                PID:4952
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                5⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1948
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
                5⤵
                  PID:2104
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                  5⤵
                    PID:3564
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
                    5⤵
                      PID:3608
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
                      5⤵
                        PID:872
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
                        5⤵
                          PID:2500
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
                          5⤵
                            PID:4108
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
                            5⤵
                              PID:3376
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
                              5⤵
                                PID:1084
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
                                5⤵
                                  PID:4208
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 /prefetch:8
                                  5⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2380
                                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
                                  5⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3856
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4896 /prefetch:2
                                  5⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3484
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1508
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1296
                            • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                              C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                              1⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3132
                            • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                              C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                              1⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4900

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              e8b8372959ee1f46be404badbdd0b21c

                              SHA1

                              830c17fdc7782a5dd6b5982dbbadf153b58147b8

                              SHA256

                              043798539667c427ad9eaa9420c299cecb3549cf8316d8bc9b9bd68f24c425c9

                              SHA512

                              0d270585f309d26c5f8570af60558e002e58794ee48c01228b370714f49e5073525c8edf42c05e52213cb889801916b13f61843e63c059a2cfad81c74d1ac394

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              f44ef8a0a14e479c483151a02fbf4305

                              SHA1

                              6901158841c8ede3f0be616470c42a120418ad6d

                              SHA256

                              ce80f4d9b834b8e4275229a6d22485552921c933d810e8350f5796d5886c17d5

                              SHA512

                              1da387a1f4ae8205d92c03771fe97010ff7dedca1751758c201480eacd1e883f126758a9eaa780ac045310664ef16092c363283d3b7bf3a51df0ed4738502f87

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              ac43ce448c62affea5b48fefba4b6b76

                              SHA1

                              27684d10c56036269073228edd0057284ea0273e

                              SHA256

                              dd482010f2a2a842cd6712baa54217d328cf7244a4ba76b8690e78c06f836096

                              SHA512

                              89932e2e5e347922044d7efedfa59fe392f290d8957e982bc3d13881c199db8ba4f77d270f1909ebf6643914a0e1993039a106e4e3b1c5914f6fbf4e8b3a8c5b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
                              Filesize

                              20B

                              MD5

                              9e4e94633b73f4a7680240a0ffd6cd2c

                              SHA1

                              e68e02453ce22736169a56fdb59043d33668368f

                              SHA256

                              41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                              SHA512

                              193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              48B

                              MD5

                              5f12e0fc50e25a9aa4b4eecc870ee589

                              SHA1

                              9f3a973493a7d06796df336758e3888c48d662b3

                              SHA256

                              ecb13a0da044bde01cdf6a8a4b226b3454fb006f04d3d3a9c7b07d76da082714

                              SHA512

                              868c946ab6d8ced866f8634758c998f392f9b0230e32eb4608adc7403b8eeddec982454906366d078628f501e5b18fde7e7618deb308b498fedbe14d06985deb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              336B

                              MD5

                              6df0add7d189a15c2bed935b3574d897

                              SHA1

                              c5f740105ecf031241a14de89dfa8b409d9dc34c

                              SHA256

                              4bd1c2e8f0967a7199232f6a425104c0e1716434beb292bcfbd0da7b7d9ee6be

                              SHA512

                              5afdde9f827a2785fdd76aed737f246a483fa8020a4eddf5994d90f55dac722ab73025569b3004afcc898e155354eb6a8271be063b3e79bc86c32743c700a88d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
                              Filesize

                              41B

                              MD5

                              5af87dfd673ba2115e2fcf5cfdb727ab

                              SHA1

                              d5b5bbf396dc291274584ef71f444f420b6056f1

                              SHA256

                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                              SHA512

                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
                              Filesize

                              1KB

                              MD5

                              018a798e7329abc4e3fb437f3fe70012

                              SHA1

                              5c9d248a42155bd034636e2d1e7080e41b6a82a1

                              SHA256

                              da3e4d2985ee53ee6594c7e2d51ea07ff475bc1970efc13918e2eb54815de18e

                              SHA512

                              73d252212a716c17537ff011efa7d3b28b123e9b3bff486322422a2c0d615bf0b9d64c14245501e75fce16c1a85047763ffb7d22521bc48ee8a44b08f404296e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              70688a06dfea99b74d708111529f19e5

                              SHA1

                              5f9b229bbaf235c899119af736d896828fe4c723

                              SHA256

                              b7ceb0b80d071714f47e4185f5e117da50c0bef4747e9072ccd3b0ec4149cfae

                              SHA512

                              3b5bcf1a6f3bad4fb1ffcd834c47df70305a3f9d62cc7fe36260d6907adb765bc683e6d85f80749b91149b3f814da9d222c6dd5b084a266db74c7cc3480ae9bc

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
                              Filesize

                              59B

                              MD5

                              2800881c775077e1c4b6e06bf4676de4

                              SHA1

                              2873631068c8b3b9495638c865915be822442c8b

                              SHA256

                              226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                              SHA512

                              e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              17670e0f0edc686a8e12b532293a283c

                              SHA1

                              8ebbb3934bec4f8df1df9cd30bee855cf3578596

                              SHA256

                              97af10bd68fa6c4daa31e329ba1f9d96af2ef7a77adc5d89d26aab95e802d069

                              SHA512

                              ee91f1544f09b5f7735945a3d4e90765caa5e626366befa092ca4578284e066ecd8f04f4921403e5dfa9143f736830254b590ae6b8b56b1168009e52cdb4320d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                              Filesize

                              3KB

                              MD5

                              0d4eed8ff522313bba84bacb40543ef3

                              SHA1

                              ba7ab1cde0696211f40e3dd5423f5cee82858523

                              SHA256

                              95305c39f875e21b91262a0f5d82d87ac4cf1ee24621b3887fff655b33dea22c

                              SHA512

                              779ffeb005dbc00cf2010f16935d71b2c1d9de741f0c0505c37f8a955ad07d4d676307d227d47ba7cffcc55260b3359d241d078e0f9f30a93d3e0387b6c90b31

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                              Filesize

                              4KB

                              MD5

                              03290140c1566b27fb5f747872f37a9e

                              SHA1

                              be9aba6943d119850f0c7742037cee8dd2be3fc0

                              SHA256

                              117429d927c2988291d01ee30c1315671b35025617b93889613931a28cc765b1

                              SHA512

                              45e4a16a2b2566d7e423e485fb087fc371d879d34a4df7061178a8bf8664fcc1bd8ee591001269a00bd3d2d93c854da32889ca6ed7069537389e5383a59517c2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
                              Filesize

                              4KB

                              MD5

                              c48e18d0a7f7757a65b1cd0a498a4db6

                              SHA1

                              37972600b1b675831ac899fbb44c39b19e729446

                              SHA256

                              961190b4e2f87fab699a524d3fee5aafebbfd6b61861714f0fcb55484d5a4626

                              SHA512

                              5e44dd44d2faea70e8c038522b54e962a68ded2e8f07ba9925317f1905ef22d2a5df8613e6a3dc47b14eb61bc04fe4006e0f3c55d92949ddfb973790354d9aa4

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57ae12.TMP
                              Filesize

                              3KB

                              MD5

                              c3c67486273cc86ff3e61c30cda52e08

                              SHA1

                              47aa15d741371465b73f34b7ae4c9c2dc9abc484

                              SHA256

                              71ce95fbe36bd1eff7613a89218b80c1990ef672e3819e914bd3d7a754a05665

                              SHA512

                              152c2ffd46a3c31a2b17dcff02e2879ffea670da8c9ec5aa714312b4a3451fee389a96dfc250658901f6c0f04230cdba6c12c2d2c9e81f6f22cedff5b7a45416

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
                              Filesize

                              26KB

                              MD5

                              b4d2a7099eb0fd172c0389b541a2304f

                              SHA1

                              b9289f63196716ea01836cb1cafc779fd1f21129

                              SHA256

                              c13d9bdad4fa26e13624c48580df2d0c5e98c08557bdaea8884c2637cd425b5f

                              SHA512

                              e5b967faa5cd2eefba2fcc4d240301e31df0bddcbde8b6f21111f277c69ca18ae09d06093ee0c9a4b8411d0460743fd45060e1b79dc661adc9568a63f19c1b91

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57d61c.TMP
                              Filesize

                              25KB

                              MD5

                              0ca4c1959da7dcce92254406bace6a9e

                              SHA1

                              2049693596073ea7396f92f47c1df26cfd9475a4

                              SHA256

                              e71a4a511d6c332603402d5b0b2a2a24742bdc0ce6d8e5cb5d2fcf67999cac05

                              SHA512

                              81ccdd44636d467d38cebb0ac0bb5a22f1d5dec0939d9e378bd5aa2af79e9b1ffe27aa59e0172f2f81857cff5a3d0d832422fb9d9ace8ae09ddc9a65b73c829c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
                              Filesize

                              8KB

                              MD5

                              cf89d16bb9107c631daabf0c0ee58efb

                              SHA1

                              3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                              SHA256

                              d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                              SHA512

                              8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
                              Filesize

                              264KB

                              MD5

                              f50f89a0a91564d0b8a211f8921aa7de

                              SHA1

                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                              SHA256

                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                              SHA512

                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
                              Filesize

                              203B

                              MD5

                              d06dcce8f8eda337f0b220866552e9b8

                              SHA1

                              22b2e5e5ec97542584135e90dc9a1d4017ca702b

                              SHA256

                              6a64efa63b2d8257238c03ef14aa89d1f8416cfaeeb95d41b8fd3b8423d29d43

                              SHA512

                              629cf77e31df9dc47971288d176a8aff5a34ab3b900db03b34c33b4ec00288c3b35f05b243483256914117408d3ef70fed8ab4b150393b3015549daae9b5a9bf

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58d220.TMP
                              Filesize

                              203B

                              MD5

                              bc6b4013d28765b3c335098fef6c2d54

                              SHA1

                              142d744d4863a716b9ab9691d4d797c6262cc43a

                              SHA256

                              63499112407c9dfe4942911ae3832b7b6750fc8bd9fc779378808d85c68816b6

                              SHA512

                              2cb105c801613699b58e3c7d339c18aa65e8f31567696eaae75fb11c117efb798a3341f1d6a9f89531287255bcbe64e93a48f652aa1dbc43783e8fc94b1af7bc

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
                              Filesize

                              8KB

                              MD5

                              0962291d6d367570bee5454721c17e11

                              SHA1

                              59d10a893ef321a706a9255176761366115bedcb

                              SHA256

                              ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                              SHA512

                              f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3
                              Filesize

                              4.0MB

                              MD5

                              a2314684f81e4f9e40c3889289c0689b

                              SHA1

                              7e2557b6a514170bb5f390b8224a45b8cd2d6104

                              SHA256

                              5c790b8978f28f055e0cef032354ee6742c745d132737217fb2f110648393ee3

                              SHA512

                              1962f0815fcfe751b7abb1012ae9c04ab03b0800e7b21cdabb935fe2f7d9d4e06071a2ed9195b12d21ca8c528019ea989b501aa881ee9c795e032069d6236c64

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
                              Filesize

                              9KB

                              MD5

                              55ac5dde42dd6502f830e15772de1dca

                              SHA1

                              50a7a8a0f1d7673b38242e373f105d6d6c009a06

                              SHA256

                              3ada0f3a7704f195bc691bb342dd8ec8271ea68ad306f84d20d3806da53d3395

                              SHA512

                              eb2b618dffba1c7009c27dd18a4ebb52bb314d74afd4cf69b632292cd08ff2236b020ba205d1fee4a617876162b362ab4a84c3b919f6778d71d07f8d30c35bb5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe57fde8.TMP
                              Filesize

                              9KB

                              MD5

                              d27541f0cc872d5c41eecc0af8f59bfa

                              SHA1

                              71ff9806bf32faba2805d39ed3f2b2f711c0167b

                              SHA256

                              47b7f7f79016e154681562ae5bc2f01f31b135fcb2abd43d179caeaf66bc3b32

                              SHA512

                              8484c6570e1964aa7a65aa52c6914429f9772199efcceb9f82dfe02fa314d94b72d11d0be3e90d22f6b3bdbb4047f982addacac69054b55baf26bb0c72194e3d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                              Filesize

                              1.8MB

                              MD5

                              30ac84841a731fa47a3ce25033db8449

                              SHA1

                              7c2c107362576bd653e0dc6f96be4d7295d70889

                              SHA256

                              07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4

                              SHA512

                              d56c10c8af777e516ed343544c7b17eb5b1a9553c283da53728013adf1e5d572cf290be6502d25b42f8b617b36a754c39a320dfa4eb545e382de3689a3547e9f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe
                              Filesize

                              896KB

                              MD5

                              2801358ac519754c48b748365a57fdc0

                              SHA1

                              c8e7b39b9172409eabcabe54b2a224d1a24e328a

                              SHA256

                              563f6936421d587af73cab59d466deb7bfe961fd7bb119b3366f20bb5be45915

                              SHA512

                              2b21599bd4d9035e3b2c367342c824c52133c28e0b4103ce1bd5933bc15b6380d56a694fa97fad973fe2b8a37115b3cbb9ab4a5c13fabd76a6c750e97d04c2db

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe
                              Filesize

                              1.7MB

                              MD5

                              110750350e3f833d4de59ed0c7dd1b08

                              SHA1

                              ff21c68dad2c4733ced39aabd130e0406a56ed58

                              SHA256

                              d89f747d96c84dcd1a704731dd4261f6eb69f1498a05cae00a4635169ce5ec20

                              SHA512

                              df963df25b627e0aa446c0170acbfd3589d0b243eae8c34d84cd77940ee1d58b90f4a4739c10053eedd3dc1036a20aaf8cf202c8ed991b487712137ec0d52493

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
                              Filesize

                              1KB

                              MD5

                              b0478dba1f18578e00c963d0a9479ff1

                              SHA1

                              aa6e7e2f9921467dafe5b1f916bb8e403b6f9adf

                              SHA256

                              86446373d6ed0833990c272e5114a82cfc4426064e49865d7add36481b276fc1

                              SHA512

                              7765aac630eb0196b7cf7c1c21a10449e30cd22578e9970c831af96470435e7aa2ffa5a78bccf0d585a7d566de4ffb1f561f724e71efedeb69db50f8a504d1e6

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                              Filesize

                              3KB

                              MD5

                              42ad838c24e0869dfe0c26a57895abcd

                              SHA1

                              6f4ce4f799184bf663bfdde35355eb118d831a84

                              SHA256

                              342e01575f14c8bef3b15c36eddc69a19715e1cae3e1d9c88cb65c739e4630b5

                              SHA512

                              e4ee9cadc950db7c150dc76d0720377dfa3f0fa1e17764355c9de749803d1c492c565fa84bc4e8973dea6aa909ac492c12a269695b3103f907ff18f259f49301

                              Download Submit

                            • memory/1824-17-0x0000000000C60000-0x000000000110D000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1824-5-0x0000000000C60000-0x000000000110D000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1824-0-0x0000000000C60000-0x000000000110D000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1824-3-0x0000000000C60000-0x000000000110D000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1824-2-0x0000000000C61000-0x0000000000C8F000-memory.dmp

                              Filesize

                              184KB

                              Download

                            • memory/1824-1-0x0000000077486000-0x0000000077488000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/1976-220-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-19-0x0000000000531000-0x000000000055F000-memory.dmp

                              Filesize

                              184KB

                              Download

                            • memory/1976-177-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-290-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-59-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-58-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-442-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-54-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-18-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-432-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-350-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-360-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-361-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-429-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-426-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-374-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-386-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-425-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-424-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-21-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-414-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/1976-20-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/2308-37-0x0000000000A70000-0x00000000010D9000-memory.dmp

                              Filesize

                              6.4MB

                              Download

                            • memory/2308-38-0x0000000000A71000-0x0000000000A85000-memory.dmp

                              Filesize

                              80KB

                              Download

                            • memory/2308-39-0x0000000000A70000-0x00000000010D9000-memory.dmp

                              Filesize

                              6.4MB

                              Download

                            • memory/2308-57-0x0000000000A70000-0x00000000010D9000-memory.dmp

                              Filesize

                              6.4MB

                              Download

                            • memory/3132-364-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/3132-363-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download

                            • memory/3944-219-0x0000000000280000-0x00000000008E9000-memory.dmp

                              Filesize

                              6.4MB

                              Download

                            • memory/3944-56-0x0000000000280000-0x00000000008E9000-memory.dmp

                              Filesize

                              6.4MB

                              Download

                            • memory/4900-428-0x0000000000530000-0x00000000009DD000-memory.dmp

                              Filesize

                              4.7MB

                              Download