Analysis Overview
SHA256
07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4
Threat Level: Known bad
The file 07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4 was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Executes dropped EXE
Identifies Wine through registry keys
Checks computer location settings
Checks BIOS information in registry
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-09 15:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-09 15:37
Reported
2024-09-09 15:40
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\df653ec2bd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\690a15d7bf.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\690a15d7bf.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000033001\df653ec2bd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\df653ec2bd.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe
"C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe
"C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\690a15d7bf.exe"
C:\Users\Admin\AppData\Local\Temp\1000033001\df653ec2bd.exe
"C:\Users\Admin\AppData\Local\Temp\1000033001\df653ec2bd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc534446f8,0x7ffc53444708,0x7ffc53444718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7532 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9891914956084530997,12756883425256968112,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7452 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 52.111.229.48:443 | tcp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
memory/3344-0-0x00000000003C0000-0x000000000086D000-memory.dmp
memory/3344-1-0x0000000077D44000-0x0000000077D46000-memory.dmp
memory/3344-3-0x00000000003C0000-0x000000000086D000-memory.dmp
memory/3344-2-0x00000000003C1000-0x00000000003EF000-memory.dmp
memory/3344-4-0x00000000003C0000-0x000000000086D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 30ac84841a731fa47a3ce25033db8449 |
| SHA1 | 7c2c107362576bd653e0dc6f96be4d7295d70889 |
| SHA256 | 07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4 |
| SHA512 | d56c10c8af777e516ed343544c7b17eb5b1a9553c283da53728013adf1e5d572cf290be6502d25b42f8b617b36a754c39a320dfa4eb545e382de3689a3547e9f |
memory/3344-17-0x00000000003C0000-0x000000000086D000-memory.dmp
memory/2840-18-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-20-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-19-0x00000000008C1000-0x00000000008EF000-memory.dmp
memory/2840-21-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-22-0x00000000008C0000-0x0000000000D6D000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\6367b20d77.exe
| MD5 | 110750350e3f833d4de59ed0c7dd1b08 |
| SHA1 | ff21c68dad2c4733ced39aabd130e0406a56ed58 |
| SHA256 | d89f747d96c84dcd1a704731dd4261f6eb69f1498a05cae00a4635169ce5ec20 |
| SHA512 | df963df25b627e0aa446c0170acbfd3589d0b243eae8c34d84cd77940ee1d58b90f4a4739c10053eedd3dc1036a20aaf8cf202c8ed991b487712137ec0d52493 |
memory/2716-38-0x0000000000740000-0x0000000000DA9000-memory.dmp
memory/4516-55-0x00000000000F0000-0x0000000000759000-memory.dmp
memory/2716-54-0x0000000000740000-0x0000000000DA9000-memory.dmp
memory/2716-57-0x0000000000740000-0x0000000000DA9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000033001\df653ec2bd.exe
| MD5 | 2801358ac519754c48b748365a57fdc0 |
| SHA1 | c8e7b39b9172409eabcabe54b2a224d1a24e328a |
| SHA256 | 563f6936421d587af73cab59d466deb7bfe961fd7bb119b3366f20bb5be45915 |
| SHA512 | 2b21599bd4d9035e3b2c367342c824c52133c28e0b4103ce1bd5933bc15b6380d56a694fa97fad973fe2b8a37115b3cbb9ab4a5c13fabd76a6c750e97d04c2db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 25647f6274eef6e912d14f4278414579 |
| SHA1 | eff66589f6bc98ff07e869aea4fd09c75e576078 |
| SHA256 | f58e19241538c9527b24c814a3fce8ec6b07113af9991c7eacaeea9bcf2885f4 |
| SHA512 | d9cc0ce117a648dc39bb4df26028a134911fea9402219af6b985df56c973d24d31b1aaeab0f61727a5cc4d477c18e5aef9bc83661f55a8246f001cc5c136a8e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 1de2eb7fcc57c2bbe63b9ca0a3f983c7 |
| SHA1 | ff1de34bc3052ac9084863936aad87e7eb56adff |
| SHA256 | 9e401769488a7b963693d5d8d56daefe31eae027f35f270a86ce9f614bbfe3ec |
| SHA512 | 6ab5469bf48c0a6e3cb0ba864b7887ee6f0d03c142c09e1b1e33e4935260b15bb876e5a24312fe589d5ac1f8c77eb4499da974e1d06748a3d4c9797e402c0b66 |
\??\pipe\LOCAL\crashpad_3004_XRWNJIBLHHGHIEKE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | a1c39ed1aa80793a3d95e26980593dbb |
| SHA1 | 9226fd38d1ac36c2332d982a3451a959d107ab0c |
| SHA256 | 5611bf6098ed7d6515259e43bfada824b76651cf9be2aad431155d3785933862 |
| SHA512 | 6ef37bb8e03cb644fa103f6947755259b85365a9746f7c3509f116ba0dd6c41940c19a45ceabacb57701db333666b8ad6d2167e884ec4b0a5c8955936967b460 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | bda084fe39376bd527b531854068505f |
| SHA1 | 14bff307ba4bd0270a931a541890f34c96f570bf |
| SHA256 | db9761d28434d99f2f4897aaed6afa8e0155ba1245966bc2bdabeaef51391755 |
| SHA512 | 1b49f7c37b3fc18dbcb9fd732b7058c41ece402ea51b2422996c878d2bc2985a08d18605c92f850f7e5af342c55241389abcfbf76d94ac0356abb8851f1f1336 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57e186.TMP
| MD5 | bd6d14af8f82fdc2ae2b294448473041 |
| SHA1 | d5073df8a121420f784d37cf7dc562afc5d013a4 |
| SHA256 | 9d897408698a5eccb75abf886d7bdb20900da7b8785f9309ef02a0f19e201d90 |
| SHA512 | bcd7d0e14582d258d9777611bd10b7f67e20164526bf18c51a65752a1431bb8e9e52da81a657363291755982601a9994630939eee4bfc7b9136a70bc5a490fb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | feeeb2dc87f22a466d8eca4c4d283de3 |
| SHA1 | 001156d321bfddeb4ed8854173321f857a86fc4a |
| SHA256 | 7ba9613d323325b4e03d90238947755824429d226d59e34130c5686a6684cd43 |
| SHA512 | a97da410dae3944a054acdb8c8278eae4b87f53ab776f77de0b7ab862051aec70eabe15fe47e9760defb72d862d0263f68faf5258c65241ab4c96f3aaa06828e |
memory/2840-205-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-224-0x00000000008C0000-0x0000000000D6D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ORTNC7QIN0EWFN5RXXSL.temp
| MD5 | 14ad7690471a8041a0774fe1fc0492b0 |
| SHA1 | 4a01f217c101fe6b85be112121d89d98a6ff5e93 |
| SHA256 | be434fa1893124b1874a5dc94a5389302ae7947ac588dad73568768b26cf518b |
| SHA512 | 8c7a22e48dd751fb373ab52260c0dd1df44501389d3208477cbebdda34b41af05821d27cee118750841105b88c48f2d17be999d72e01601f0a889f4df53e6e58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/2840-260-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/4516-261-0x00000000000F0000-0x0000000000759000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | bbb34c01beee2f55191f7440c14875de |
| SHA1 | 00d2670029645b409a7f06534f9baf886e5f4781 |
| SHA256 | 083e1777873f3fb5807c83e97a2991e840a10d9611b4e0f0cb83f6adee85f292 |
| SHA512 | 4d447e32afb20f84189866495a9e57b389d109fc51ae4297c8f0cbe5500cb034f3b78042f275c4341dfadbc0219124e29d379710709925177da8a70bc847771d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 36116314883d7247f3bc6cc89610263d |
| SHA1 | ba65b26a2498d0004080ce515e7e45a7b6075210 |
| SHA256 | 37325232bbc7c978d7235f30f2574b430f2ee9798eb1760091274f35e61bddb1 |
| SHA512 | 1c0310266e1cec78873bf006b036a1a340bc8c2454e7c5da1454fcd1690b44485298504c5834e2c89c8afe0be242c204ab762cfeb021457c0128f32ab20e61fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe580b36.TMP
| MD5 | c1bc1417e8f6e80e97ebaaf862691498 |
| SHA1 | a45b84b5f3b7d86f03173111e730521e4d05eee1 |
| SHA256 | 56bb26315cc5a838d168b0a7d1e98fec101ade243c95554b4ec28c5b7551207b |
| SHA512 | 9813cbe0519d91d3bee32de7e4d68a71048180ec7b4ae5f24e30b8b109f4726e82743d3896e08358e68d86759bbe2a906397264adf834a4fce50dc84f4935631 |
memory/2840-286-0x00000000008C0000-0x0000000000D6D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/2840-339-0x00000000008C0000-0x0000000000D6D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
| MD5 | 8adb35df45869ff2cee07cd137588ed9 |
| SHA1 | a9a590866d743d5604a58554cacb33943baa3de8 |
| SHA256 | 374801056821c2229cc719bc4324d43373031d5f3a491c2b5bf707740eae8d77 |
| SHA512 | d29af73da829500a8a7e4de842d8d8911c83664e225725429e8e3b3eb24f2befa32ba27b169bcd60130599344c022f49cd9e3afb5d1100c876c729edf2db5497 |
memory/2840-358-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-359-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/5184-361-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/5184-362-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-372-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-382-0x00000000008C0000-0x0000000000D6D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 209f7f31a1c8f9791f73b47f112fa97c |
| SHA1 | 0a1cff940ec773a12dc0ce2b4fcb5a42acfe006c |
| SHA256 | eb3041fc3667fed5d24cd78cc5794b52b37b062434130b8e5a15453e981f62ed |
| SHA512 | 574fa8e6660adf40cb57294d72a8eeb691c496752f0b1b819106e709823b4ac466a274b7cd78325a097f2033b9a48a8cd87bb932892042295009d728ad41fefd |
memory/2840-401-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-402-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-403-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-404-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/1768-406-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-407-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-410-0x00000000008C0000-0x0000000000D6D000-memory.dmp
memory/2840-413-0x00000000008C0000-0x0000000000D6D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-09 15:37
Reported
2024-09-09 15:40
Platform
win11-20240802-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Windows\CurrentVersion\Run\df653ec2bd.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\df653ec2bd.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe
"C:\Users\Admin\AppData\Local\Temp\07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe
"C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\df653ec2bd.exe"
C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe
"C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe178c3cb8,0x7ffe178c3cc8,0x7ffe178c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1784 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,9690956006253067385,15657046595924859457,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4896 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/1824-0-0x0000000000C60000-0x000000000110D000-memory.dmp
memory/1824-1-0x0000000077486000-0x0000000077488000-memory.dmp
memory/1824-2-0x0000000000C61000-0x0000000000C8F000-memory.dmp
memory/1824-3-0x0000000000C60000-0x000000000110D000-memory.dmp
memory/1824-5-0x0000000000C60000-0x000000000110D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 30ac84841a731fa47a3ce25033db8449 |
| SHA1 | 7c2c107362576bd653e0dc6f96be4d7295d70889 |
| SHA256 | 07669de4a752e210ee8066a04305d250ba526ff3581b5e3361f30821548dacb4 |
| SHA512 | d56c10c8af777e516ed343544c7b17eb5b1a9553c283da53728013adf1e5d572cf290be6502d25b42f8b617b36a754c39a320dfa4eb545e382de3689a3547e9f |
memory/1824-17-0x0000000000C60000-0x000000000110D000-memory.dmp
memory/1976-18-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-19-0x0000000000531000-0x000000000055F000-memory.dmp
memory/1976-20-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-21-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\65192f416f.exe
| MD5 | 110750350e3f833d4de59ed0c7dd1b08 |
| SHA1 | ff21c68dad2c4733ced39aabd130e0406a56ed58 |
| SHA256 | d89f747d96c84dcd1a704731dd4261f6eb69f1498a05cae00a4635169ce5ec20 |
| SHA512 | df963df25b627e0aa446c0170acbfd3589d0b243eae8c34d84cd77940ee1d58b90f4a4739c10053eedd3dc1036a20aaf8cf202c8ed991b487712137ec0d52493 |
memory/2308-37-0x0000000000A70000-0x00000000010D9000-memory.dmp
memory/2308-38-0x0000000000A71000-0x0000000000A85000-memory.dmp
memory/2308-39-0x0000000000A70000-0x00000000010D9000-memory.dmp
memory/3944-56-0x0000000000280000-0x00000000008E9000-memory.dmp
memory/1976-54-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/2308-57-0x0000000000A70000-0x00000000010D9000-memory.dmp
memory/1976-58-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-59-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000033001\1b138a876d.exe
| MD5 | 2801358ac519754c48b748365a57fdc0 |
| SHA1 | c8e7b39b9172409eabcabe54b2a224d1a24e328a |
| SHA256 | 563f6936421d587af73cab59d466deb7bfe961fd7bb119b3366f20bb5be45915 |
| SHA512 | 2b21599bd4d9035e3b2c367342c824c52133c28e0b4103ce1bd5933bc15b6380d56a694fa97fad973fe2b8a37115b3cbb9ab4a5c13fabd76a6c750e97d04c2db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | ac43ce448c62affea5b48fefba4b6b76 |
| SHA1 | 27684d10c56036269073228edd0057284ea0273e |
| SHA256 | dd482010f2a2a842cd6712baa54217d328cf7244a4ba76b8690e78c06f836096 |
| SHA512 | 89932e2e5e347922044d7efedfa59fe392f290d8957e982bc3d13881c199db8ba4f77d270f1909ebf6643914a0e1993039a106e4e3b1c5914f6fbf4e8b3a8c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | f44ef8a0a14e479c483151a02fbf4305 |
| SHA1 | 6901158841c8ede3f0be616470c42a120418ad6d |
| SHA256 | ce80f4d9b834b8e4275229a6d22485552921c933d810e8350f5796d5886c17d5 |
| SHA512 | 1da387a1f4ae8205d92c03771fe97010ff7dedca1751758c201480eacd1e883f126758a9eaa780ac045310664ef16092c363283d3b7bf3a51df0ed4738502f87 |
\??\pipe\LOCAL\crashpad_4232_NIVLECSJVZBLCVPE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 0d4eed8ff522313bba84bacb40543ef3 |
| SHA1 | ba7ab1cde0696211f40e3dd5423f5cee82858523 |
| SHA256 | 95305c39f875e21b91262a0f5d82d87ac4cf1ee24621b3887fff655b33dea22c |
| SHA512 | 779ffeb005dbc00cf2010f16935d71b2c1d9de741f0c0505c37f8a955ad07d4d676307d227d47ba7cffcc55260b3359d241d078e0f9f30a93d3e0387b6c90b31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57ae12.TMP
| MD5 | c3c67486273cc86ff3e61c30cda52e08 |
| SHA1 | 47aa15d741371465b73f34b7ae4c9c2dc9abc484 |
| SHA256 | 71ce95fbe36bd1eff7613a89218b80c1990ef672e3819e914bd3d7a754a05665 |
| SHA512 | 152c2ffd46a3c31a2b17dcff02e2879ffea670da8c9ec5aa714312b4a3451fee389a96dfc250658901f6c0f04230cdba6c12c2d2c9e81f6f22cedff5b7a45416 |
memory/1976-177-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3
| MD5 | a2314684f81e4f9e40c3889289c0689b |
| SHA1 | 7e2557b6a514170bb5f390b8224a45b8cd2d6104 |
| SHA256 | 5c790b8978f28f055e0cef032354ee6742c745d132737217fb2f110648393ee3 |
| SHA512 | 1962f0815fcfe751b7abb1012ae9c04ab03b0800e7b21cdabb935fe2f7d9d4e06071a2ed9195b12d21ca8c528019ea989b501aa881ee9c795e032069d6236c64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 018a798e7329abc4e3fb437f3fe70012 |
| SHA1 | 5c9d248a42155bd034636e2d1e7080e41b6a82a1 |
| SHA256 | da3e4d2985ee53ee6594c7e2d51ea07ff475bc1970efc13918e2eb54815de18e |
| SHA512 | 73d252212a716c17537ff011efa7d3b28b123e9b3bff486322422a2c0d615bf0b9d64c14245501e75fce16c1a85047763ffb7d22521bc48ee8a44b08f404296e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | e8b8372959ee1f46be404badbdd0b21c |
| SHA1 | 830c17fdc7782a5dd6b5982dbbadf153b58147b8 |
| SHA256 | 043798539667c427ad9eaa9420c299cecb3549cf8316d8bc9b9bd68f24c425c9 |
| SHA512 | 0d270585f309d26c5f8570af60558e002e58794ee48c01228b370714f49e5073525c8edf42c05e52213cb889801916b13f61843e63c059a2cfad81c74d1ac394 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/3944-219-0x0000000000280000-0x00000000008E9000-memory.dmp
memory/1976-220-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 03290140c1566b27fb5f747872f37a9e |
| SHA1 | be9aba6943d119850f0c7742037cee8dd2be3fc0 |
| SHA256 | 117429d927c2988291d01ee30c1315671b35025617b93889613931a28cc765b1 |
| SHA512 | 45e4a16a2b2566d7e423e485fb087fc371d879d34a4df7061178a8bf8664fcc1bd8ee591001269a00bd3d2d93c854da32889ca6ed7069537389e5383a59517c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | b4d2a7099eb0fd172c0389b541a2304f |
| SHA1 | b9289f63196716ea01836cb1cafc779fd1f21129 |
| SHA256 | c13d9bdad4fa26e13624c48580df2d0c5e98c08557bdaea8884c2637cd425b5f |
| SHA512 | e5b967faa5cd2eefba2fcc4d240301e31df0bddcbde8b6f21111f277c69ca18ae09d06093ee0c9a4b8411d0460743fd45060e1b79dc661adc9568a63f19c1b91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57d61c.TMP
| MD5 | 0ca4c1959da7dcce92254406bace6a9e |
| SHA1 | 2049693596073ea7396f92f47c1df26cfd9475a4 |
| SHA256 | e71a4a511d6c332603402d5b0b2a2a24742bdc0ce6d8e5cb5d2fcf67999cac05 |
| SHA512 | 81ccdd44636d467d38cebb0ac0bb5a22f1d5dec0939d9e378bd5aa2af79e9b1ffe27aa59e0172f2f81857cff5a3d0d832422fb9d9ace8ae09ddc9a65b73c829c |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | b0478dba1f18578e00c963d0a9479ff1 |
| SHA1 | aa6e7e2f9921467dafe5b1f916bb8e403b6f9adf |
| SHA256 | 86446373d6ed0833990c272e5114a82cfc4426064e49865d7add36481b276fc1 |
| SHA512 | 7765aac630eb0196b7cf7c1c21a10449e30cd22578e9970c831af96470435e7aa2ffa5a78bccf0d585a7d566de4ffb1f561f724e71efedeb69db50f8a504d1e6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 42ad838c24e0869dfe0c26a57895abcd |
| SHA1 | 6f4ce4f799184bf663bfdde35355eb118d831a84 |
| SHA256 | 342e01575f14c8bef3b15c36eddc69a19715e1cae3e1d9c88cb65c739e4630b5 |
| SHA512 | e4ee9cadc950db7c150dc76d0720377dfa3f0fa1e17764355c9de749803d1c492c565fa84bc4e8973dea6aa909ac492c12a269695b3103f907ff18f259f49301 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/1976-290-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
| MD5 | 55ac5dde42dd6502f830e15772de1dca |
| SHA1 | 50a7a8a0f1d7673b38242e373f105d6d6c009a06 |
| SHA256 | 3ada0f3a7704f195bc691bb342dd8ec8271ea68ad306f84d20d3806da53d3395 |
| SHA512 | eb2b618dffba1c7009c27dd18a4ebb52bb314d74afd4cf69b632292cd08ff2236b020ba205d1fee4a617876162b362ab4a84c3b919f6778d71d07f8d30c35bb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe57fde8.TMP
| MD5 | d27541f0cc872d5c41eecc0af8f59bfa |
| SHA1 | 71ff9806bf32faba2805d39ed3f2b2f711c0167b |
| SHA256 | 47b7f7f79016e154681562ae5bc2f01f31b135fcb2abd43d179caeaf66bc3b32 |
| SHA512 | 8484c6570e1964aa7a65aa52c6914429f9772199efcceb9f82dfe02fa314d94b72d11d0be3e90d22f6b3bdbb4047f982addacac69054b55baf26bb0c72194e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5f12e0fc50e25a9aa4b4eecc870ee589 |
| SHA1 | 9f3a973493a7d06796df336758e3888c48d662b3 |
| SHA256 | ecb13a0da044bde01cdf6a8a4b226b3454fb006f04d3d3a9c7b07d76da082714 |
| SHA512 | 868c946ab6d8ced866f8634758c998f392f9b0230e32eb4608adc7403b8eeddec982454906366d078628f501e5b18fde7e7618deb308b498fedbe14d06985deb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6df0add7d189a15c2bed935b3574d897 |
| SHA1 | c5f740105ecf031241a14de89dfa8b409d9dc34c |
| SHA256 | 4bd1c2e8f0967a7199232f6a425104c0e1716434beb292bcfbd0da7b7d9ee6be |
| SHA512 | 5afdde9f827a2785fdd76aed737f246a483fa8020a4eddf5994d90f55dac722ab73025569b3004afcc898e155354eb6a8271be063b3e79bc86c32743c700a88d |
memory/1976-350-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-360-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-361-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/3132-363-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/3132-364-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-374-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-386-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | c48e18d0a7f7757a65b1cd0a498a4db6 |
| SHA1 | 37972600b1b675831ac899fbb44c39b19e729446 |
| SHA256 | 961190b4e2f87fab699a524d3fee5aafebbfd6b61861714f0fcb55484d5a4626 |
| SHA512 | 5e44dd44d2faea70e8c038522b54e962a68ded2e8f07ba9925317f1905ef22d2a5df8613e6a3dc47b14eb61bc04fe4006e0f3c55d92949ddfb973790354d9aa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 17670e0f0edc686a8e12b532293a283c |
| SHA1 | 8ebbb3934bec4f8df1df9cd30bee855cf3578596 |
| SHA256 | 97af10bd68fa6c4daa31e329ba1f9d96af2ef7a77adc5d89d26aab95e802d069 |
| SHA512 | ee91f1544f09b5f7735945a3d4e90765caa5e626366befa092ca4578284e066ecd8f04f4921403e5dfa9143f736830254b590ae6b8b56b1168009e52cdb4320d |
memory/1976-414-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | d06dcce8f8eda337f0b220866552e9b8 |
| SHA1 | 22b2e5e5ec97542584135e90dc9a1d4017ca702b |
| SHA256 | 6a64efa63b2d8257238c03ef14aa89d1f8416cfaeeb95d41b8fd3b8423d29d43 |
| SHA512 | 629cf77e31df9dc47971288d176a8aff5a34ab3b900db03b34c33b4ec00288c3b35f05b243483256914117408d3ef70fed8ab4b150393b3015549daae9b5a9bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58d220.TMP
| MD5 | bc6b4013d28765b3c335098fef6c2d54 |
| SHA1 | 142d744d4863a716b9ab9691d4d797c6262cc43a |
| SHA256 | 63499112407c9dfe4942911ae3832b7b6750fc8bd9fc779378808d85c68816b6 |
| SHA512 | 2cb105c801613699b58e3c7d339c18aa65e8f31567696eaae75fb11c117efb798a3341f1d6a9f89531287255bcbe64e93a48f652aa1dbc43783e8fc94b1af7bc |
memory/1976-424-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-425-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-426-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/4900-428-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-429-0x0000000000530000-0x00000000009DD000-memory.dmp
memory/1976-432-0x0000000000530000-0x00000000009DD000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 70688a06dfea99b74d708111529f19e5 |
| SHA1 | 5f9b229bbaf235c899119af736d896828fe4c723 |
| SHA256 | b7ceb0b80d071714f47e4185f5e117da50c0bef4747e9072ccd3b0ec4149cfae |
| SHA512 | 3b5bcf1a6f3bad4fb1ffcd834c47df70305a3f9d62cc7fe36260d6907adb765bc683e6d85f80749b91149b3f814da9d222c6dd5b084a266db74c7cc3480ae9bc |
memory/1976-442-0x0000000000530000-0x00000000009DD000-memory.dmp