Analysis Overview
SHA256
ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e
Threat Level: Known bad
The file ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Identifies Wine through registry keys
Checks computer location settings
Checks BIOS information in registry
Executes dropped EXE
Adds Run key to start application
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-10 01:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-10 01:38
Reported
2024-09-10 01:41
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\a174aaa6a9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a174aaa6a9.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\a174aaa6a9.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\baf7b9c504.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\baf7b9c504.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000030001\a174aaa6a9.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\a174aaa6a9.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe
"C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe
"C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\a174aaa6a9.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\a174aaa6a9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2604 -ip 2604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 1016
C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab67246f8,0x7ffab6724708,0x7ffab6724718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3668 -ip 3668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 1052
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11195205177690644493,3004723207907661899,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3872 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/1156-0-0x0000000000BC0000-0x0000000001078000-memory.dmp
memory/1156-1-0x0000000077D34000-0x0000000077D36000-memory.dmp
memory/1156-2-0x0000000000BC1000-0x0000000000BEF000-memory.dmp
memory/1156-3-0x0000000000BC0000-0x0000000001078000-memory.dmp
memory/1156-4-0x0000000000BC0000-0x0000000001078000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 4141269cc71160518d53bd4232546645 |
| SHA1 | f6cab15b6c4cba08991ad7ef9c0143ef62bc8992 |
| SHA256 | ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e |
| SHA512 | 3f18ccaff54ea45bc560bc33db9ae00051423f22835f366c9991e8459157d4d22c2f33d090164f589b7e8f42648a624e799e3165faf7550448f85632b876589a |
memory/3656-18-0x0000000000450000-0x0000000000908000-memory.dmp
memory/1156-17-0x0000000000BC0000-0x0000000001078000-memory.dmp
memory/3656-19-0x0000000000451000-0x000000000047F000-memory.dmp
memory/3656-20-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-22-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-21-0x0000000000450000-0x0000000000908000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe
| MD5 | f47cc7dc355ae01926f6065316c3bd68 |
| SHA1 | 6b575930185f216e4fa5116fdcc8906eb9f53af9 |
| SHA256 | 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794 |
| SHA512 | cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e |
memory/2604-55-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe
| MD5 | 38f98be80e6670f46efc8544d762cfd4 |
| SHA1 | fcad2e65d0977f0ab297049d5c9c32450b230d2a |
| SHA256 | fb5cdb8d0f5558d5544c7722e616fbb498b501484f6ad0d1e2a2fe8118574996 |
| SHA512 | 60a0c8f5516b41faa57ec4010eaed39a255ad2c96e58d7ae1273d3ef44196ea50b4f64c52e8301a95e45139ccd52bd9b52d177121ad1c77289bed89ac49c04cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 08b2b94cd30296020231e01afd46cb66 |
| SHA1 | 961b6956c4be4050857bfdd399ca12e95fcf07bf |
| SHA256 | 5ae3a504b031b041558e25cac2430b79618e38c966be2b1bd683ece236599812 |
| SHA512 | 1a2dde0fa4a1a545af3d1be93972e060be7ea6d1d17547d781a2586f1ab0c908d8bba5e695ec62b0a6688935b99bc82aa806b7bc25c3f849cbc9719af40b1a38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | fa6bd9852e04f257a92df92fc0fa8ecd |
| SHA1 | 6a06d78824be9fb2185fd9f47772ead7c86cc457 |
| SHA256 | 9cd58267953888ea88ca7a66384da137cab4d09b0904800b5fd4b34bb1054d7b |
| SHA512 | 468497966165d6e82c4f9e5a216095f16eca74b27202cbcad262682375f59af7b72a7c2de12d022fa4a20840a141b5dea8ceedee6d60c4a511e5f9f6517be8e2 |
\??\pipe\LOCAL\crashpad_4228_OUGGPJGHMJVNQBOU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | af6090f2dd9e25199a7f6bb47e938a9b |
| SHA1 | 89e5d620a3bda39278e4a9ca6ca0edd938f9a8f4 |
| SHA256 | f369a8828e2d1db1968f422e6f9b80644d4f7985088f8480fd29a3394d5eb1c4 |
| SHA512 | 5cdca8fa94b910c94d796739db7333e82df45bd3d2cbd5810482bf3ad85a9bb4371814823b27ec8a477d64280e7c2289af2eb9417dfe52278f89d42d6d7d5e7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\762e9b3b-b9b8-4a9f-ae83-3a8a483446fa.tmp
| MD5 | 27410bff153209c88dfd620bd7f23fe8 |
| SHA1 | f0f049c07cd0f8e884b78e12087540d9636c8e05 |
| SHA256 | 7e5242626112d6843c8d9c930c8f1b2b2a59a121955fc61b7b6bc87e6f2105e9 |
| SHA512 | 3826427364a172c868355a2eeae49d48b3be131762a39e22c0404107964c325ea497ced4eac400dd7bee7ecc75c45264570fadc5b2b0d817e79f1f58a2a58f1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 7e6bcc457e3c43726cf7bcf630aa8ea8 |
| SHA1 | 0f9e9c8b1b3228e270da37e99f2d8aace4dfddbf |
| SHA256 | a323f0e2c40b2d22e3429750198a513af6327501bd667f4e82d5229ab2a3c43f |
| SHA512 | ed65b01961a2cf5dda83077a0c16f209c8f5c7da99bb2b1e052b4382205b4ea7903a7b91634368c16adc40c4b472384d312aed104fc22742b751e7ec1f6fdf63 |
memory/3656-229-0x0000000000450000-0x0000000000908000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2ZOJSX6PFFKCB4LK401E.temp
| MD5 | 50f8b2ce3c806aa14f8f7fb4909a5ca7 |
| SHA1 | 13ccd684b9ea4e273e3a0df8204be2d5c885368b |
| SHA256 | 2a7ad222dfdb8258663721f3f2874e75ece302c8d2875f2641fde6bc773b9e72 |
| SHA512 | b5970fd0863ffc02be76be5500f595ac4fc86a89c8fd27590e3f278cdea0eec89a121916fbcedecbb9cac4a3099a1da7d3ed0533848ac2bc2ea8e711ab333f52 |
memory/3656-266-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-267-0x0000000000450000-0x0000000000908000-memory.dmp
memory/5052-268-0x0000000000450000-0x0000000000908000-memory.dmp
memory/5052-270-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3668-271-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 210d952e2f9364acde2c6555dfad6c50 |
| SHA1 | ce11294866ab4a5d674f7cde5bbd30e2ea89181d |
| SHA256 | d641041c90c43637fd678154a61ac869b8486c4a06256baa3a08f63dab40a6ed |
| SHA512 | be21e2e4ee139dc3c7f92ef48f792e3a48582c4e82488073ebdce5b2e659c9d58ab3de648d03964b379af3e351893afad74bad8f92c1bb0cb777154f8dc79da6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 23e960241c1009461dbd242ddc402de1 |
| SHA1 | 6c803ea1659c3be7e80b85a9a62031ae73b8007d |
| SHA256 | 9e980bf9dc39aa8724e9c36e428b0d715fa15eb14bb40a64aa9d5abaf976de25 |
| SHA512 | a5aee198a7356adc6f95080e30aa4beb8065852f2bb79972ced7dbd943b61fe765aecfbf780e68365eecd8826548c621aae073dea94505662ff13232c13be251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe5b9660.TMP
| MD5 | 2e401292ae2ea403fc16459c7ffde051 |
| SHA1 | 157872abe5fae6c4ccde32a79649cefff6666f8c |
| SHA256 | 85bde54bdf8e01effd94cc14797bfec6d02b3edc34d9174086605235144621d2 |
| SHA512 | a1fb492cee17f78879660af87a2fb483f31110d63664c45d71420c5655523cbe72006e7d1cb8825e3e86194018714d1950e2aa58437df345069442b36d693b07 |
memory/3656-296-0x0000000000450000-0x0000000000908000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/3656-349-0x0000000000450000-0x0000000000908000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\3d5c5318-276f-4551-b7ce-278b2a589311.tmp
| MD5 | f80328543d5cfac9812ef0543a633f3e |
| SHA1 | 09c23d195797c90d2b13a87bcb06f3200f406698 |
| SHA256 | d8609a9291859961b9e68cbb255fa4e73ba9cf38e58ffc9809f15623ded25b3c |
| SHA512 | d9992a143b2b0326428882d40678908840c329624b3259a2bd08a76c618ebfe4e0c786fe9ac90a1531dcb78f6e4fa7286faab10431fbba304c22871ae9f11485 |
memory/3656-368-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-369-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-379-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-390-0x0000000000450000-0x0000000000908000-memory.dmp
memory/4448-391-0x0000000000450000-0x0000000000908000-memory.dmp
memory/4448-392-0x0000000000450000-0x0000000000908000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | b3c9fcffd8857bd56544d42f50844b92 |
| SHA1 | d31bd4be03798a1f4305d6af389e43928f27d746 |
| SHA256 | 821434decd92b369909d8eb237d17de5d56549f77d7d3945f01af24807aa2eb5 |
| SHA512 | b6ecce27d5e8a395412632a09965eeaba3a738a122d4d5f3090acc19319f418a8d4beab8d7ce9e3f62e2ebf27f874db7ac3df47cc820ac9e8e4b192747cb630f |
memory/3656-411-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-412-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-413-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-414-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-415-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-419-0x0000000000450000-0x0000000000908000-memory.dmp
memory/5480-420-0x0000000000450000-0x0000000000908000-memory.dmp
memory/5480-421-0x0000000000450000-0x0000000000908000-memory.dmp
memory/3656-424-0x0000000000450000-0x0000000000908000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-10 01:38
Reported
2024-09-10 01:41
Platform
win11-20240802-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\baf7b9c504.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows\CurrentVersion\Run\baf7b9c504.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\baf7b9c504.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows\CurrentVersion\Run\baf7b9c504.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\baf7b9c504.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000030001\baf7b9c504.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\baf7b9c504.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe
"C:\Users\Admin\AppData\Local\Temp\ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe
"C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\baf7b9c504.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\baf7b9c504.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3024 -ip 3024
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 1372
C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffee2f13cb8,0x7ffee2f13cc8,0x7ffee2f13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4464 -ip 4464
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 1344
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,14105233351055688199,12939853370624117567,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1700 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/3304-0-0x00000000008B0000-0x0000000000D68000-memory.dmp
memory/3304-1-0x0000000077376000-0x0000000077378000-memory.dmp
memory/3304-2-0x00000000008B1000-0x00000000008DF000-memory.dmp
memory/3304-3-0x00000000008B0000-0x0000000000D68000-memory.dmp
memory/3304-5-0x00000000008B0000-0x0000000000D68000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 4141269cc71160518d53bd4232546645 |
| SHA1 | f6cab15b6c4cba08991ad7ef9c0143ef62bc8992 |
| SHA256 | ba61747e77322718715fb1f01ad332580046b9ed0092a64877c2ae62e90d5c9e |
| SHA512 | 3f18ccaff54ea45bc560bc33db9ae00051423f22835f366c9991e8459157d4d22c2f33d090164f589b7e8f42648a624e799e3165faf7550448f85632b876589a |
memory/4776-16-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/3304-18-0x00000000008B0000-0x0000000000D68000-memory.dmp
memory/4776-19-0x0000000000E01000-0x0000000000E2F000-memory.dmp
memory/4776-20-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-21-0x0000000000E00000-0x00000000012B8000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\99b8991cfa.exe
| MD5 | f47cc7dc355ae01926f6065316c3bd68 |
| SHA1 | 6b575930185f216e4fa5116fdcc8906eb9f53af9 |
| SHA256 | 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794 |
| SHA512 | cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e |
memory/3024-54-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\baf7b9c504.exe
| MD5 | 38f98be80e6670f46efc8544d762cfd4 |
| SHA1 | fcad2e65d0977f0ab297049d5c9c32450b230d2a |
| SHA256 | fb5cdb8d0f5558d5544c7722e616fbb498b501484f6ad0d1e2a2fe8118574996 |
| SHA512 | 60a0c8f5516b41faa57ec4010eaed39a255ad2c96e58d7ae1273d3ef44196ea50b4f64c52e8301a95e45139ccd52bd9b52d177121ad1c77289bed89ac49c04cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 4716b41e64470ab15bd50d1428522fa6 |
| SHA1 | 0f625540bf852986f79462ecc494cc56ff25780a |
| SHA256 | 9b72811ba9c18f352d183265e9086456045b2e7677c47c2000a57c14902809ce |
| SHA512 | b665f1ace06ca1ef4016e3e2ddcf3a990afe6ab56207f33b7eac261754d55ee5da8847c3d2395b8a462f51d31cba3384827f0e6630f11bd9c5ad3c54c234daba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 0b0be72b867ee26859444e748da19d23 |
| SHA1 | 45a98289fb4c16318345424327ef7d28c53a88cf |
| SHA256 | 53505071c3198d82db40b32067da35923c2c662f0dba6eb4d1256490be729a2a |
| SHA512 | 2b8d5cc2ed01e449d3a75bebe404b10dda43b376578cea98bbefcaec96a4188054e55278830e7159ecdd65de8262a6a5dc582031c07f2326f70290a15b176257 |
memory/4776-85-0x0000000000E00000-0x00000000012B8000-memory.dmp
\??\pipe\LOCAL\crashpad_3264_YJBXBDKMFMBCCNNW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | b7066ae46ee384081948443af344058c |
| SHA1 | 7ecae1a75c5942d57a43033fef4bd61fdd369a99 |
| SHA256 | 837372f10b8e1a820dcf505753f8bce81b48e9e4e59e7328c3e28c72ea0c8edd |
| SHA512 | 7d582fb2b813cf9c0aa6c0ffb09eeddfd4750d5f61efe77fa8e2685cbb249699f27cecb6da975356bd8cefd524a0e111ba3c38e2725fef908ad361a2e453c385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe579fca.TMP
| MD5 | 9d69a8c2f4e2b88c5f13162812d1fd3a |
| SHA1 | cb0db7c3831d3ac2a9a8c9b527b6226f5617385a |
| SHA256 | b576f689ff23bad455afcca9eac78193a45be71c0944787fd09713155af9912c |
| SHA512 | e59f9d7cee719d8e598dc136570cd9a176f199fa9a72de54b4b070ba0a8ce596201ba4c9022330c6640e4995e34885176528bca7af591ee312bc07637e629609 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 6c306fcd3799cbf847806a7e70ad3fba |
| SHA1 | 3a3c0982bc46dddc9cc2a2c671925464e54bf95f |
| SHA256 | 8b55511cff37a7c15c8c5f4b5afe0ddf77f7087abd35b8d766f5a9fb37220cc8 |
| SHA512 | 607446f99b865592598793775b35fa1063bd91332846b1b0ad1d84ca766463d1690d04144663c9692a1792e405acbfd91ec6fb61351c30b455f33d3aafa6f569 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 5c31bc2ebc530b5314ce0e306e0700c0 |
| SHA1 | 4d28c751f06927624f393b41071c2d518bde4b28 |
| SHA256 | 94ff0dfe35988bfe6bf0a651cf7b3d7e36ab739227f5f84392365d204ab4dacf |
| SHA512 | cea42c69e862acd72aa1b5437ce42340b80d9a7d01b36a19363e4b3883a2217aadddbb76ee58c28a8181c5483d3a545fcf54189afd54d88e7c8530cd5bf37e4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/4776-215-0x0000000000E00000-0x00000000012B8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | c1546e2adb63b9be09f65638d5d07431 |
| SHA1 | 7d56b5d89465476f22ca5f2ba7ca33c64419dc05 |
| SHA256 | 7dc923159f3133add84c93a31801fb1cbf46349e2b7efb5c2e099d9eadb39b5c |
| SHA512 | 9e335045776d7fd383c0f431c021a61c68fec3044fa3502dc337ad8740c1c96f08743559846715c4197b8a1adc169f71824c08760793d5563aa4c2b590094780 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | e23d5f3739a472b50d1e2abee1c1d106 |
| SHA1 | 09b198cb3f5b469ab4b8f8a2661a1e190dc708fb |
| SHA256 | b5a9f90cf15fef874253342bc7053230e7ab6badd617aad80dbd7060d0aaef41 |
| SHA512 | 11ffb4442700af6a57c1e57f97b7692262005881cb979ecb378aded5b353349dce8ef721e40f670f257e518314e017b357bf5d6491f593dd870fed88a3cd2178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/3952-246-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-245-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4464-247-0x0000000000400000-0x000000000247A000-memory.dmp
memory/3952-249-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-264-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-263-0x0000000000E00000-0x00000000012B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 9c21c16a022774b4ac8bc5f1078df3fe |
| SHA1 | 7682b59cde9a37252f30befc1d7379eb939f8909 |
| SHA256 | 4db94cba254a98d0b6bac340c5958df53fb89aed18fa97995ccefa6fe7054639 |
| SHA512 | 217e7553c4037600520abda84573a71ffca29acefabaef3a37426d7642f86093a6ae32d8d8a0195318a05d9ab337070b041cd43f84dfe18caa4167f31b70bf79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 8229422204261941864e41372d777984 |
| SHA1 | e583c94317826845d87e8f16279d4707a2568163 |
| SHA256 | 0f4c8747ec486d84fd2ac5097d677be029363e982687505e9195ea162b902eeb |
| SHA512 | 8cea9c837a04cc61a6ae1a16aa0eb83fd415fe277faa1ff542e0c96c239139b9ca280910bdd568e5f5297d4b9cf27a92138bed3d6f86e504400a044a27c0752b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57c7c4.TMP
| MD5 | f65cec3c8465802d71124f91b0298e83 |
| SHA1 | 3c22f090d05a9feda9ea2798a399f8412e7d6e66 |
| SHA256 | 3ab2517aa5bd0d07c2b958c112f58fa3e9ff3e583ebb1844232cbc4353d9ef32 |
| SHA512 | 79d60868962e584aa92e0f91cea5563546c0fffd0d1e9c470a437dfe1b19fd884d00ed44b85084b501e271718a8dd71936b6c2425825b90d49e8e9386df60661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/4776-325-0x0000000000E00000-0x00000000012B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dedcf57fdbbd4b5dab467b84f4ac3c4e |
| SHA1 | fb6d126a692972619d4fba93876c9e93452c06d4 |
| SHA256 | d3035473f362154c8731fe01870b892e2fabb62d0d2baea03d7ecdf5e40aeb77 |
| SHA512 | fdca3672795a1b19f4129a326d76b2eb3f7413c9456aa198cccd3dd3d55332aaf6426cf465f7e91f39a06a274d14871227b947fe086d10ee1788a868bf6c1ff5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 83ced56e6c11a3491bd3eccb0fcf3d4e |
| SHA1 | 6b5e705bb05a11b957117d5dfa6920385ef0e544 |
| SHA256 | 9803f4be3ec299625e8d7b7eb9b7e73f2a29cf459239209b8213b8b3b9adb173 |
| SHA512 | ec342d8785750229a626d97d0baef73c288a4c06b779d1e9b0bbdc03ac9c95b277a1891f59957d119f8bb47afa5a65d2ad9b23f1a8dc4c936de7b34fd98a89b1 |
memory/4776-335-0x0000000000E00000-0x00000000012B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\fc207fae-582e-4971-b9f4-d5d6b4ef51c6.tmp
| MD5 | 51fc0c8c912fa5240b1c4434079c06a4 |
| SHA1 | 47503f3cfc46014a288fc1c0e92ba4ffc69cd958 |
| SHA256 | 35edf84182750ecd33ab95db7c749b349c0cada374d03a766330c92c75a03b8c |
| SHA512 | 190c8eb16b8f99985f347ba32108499859fa7aade8a1c2abf70e605a1cad521488a007710cd0e57764d2af6b3594d58c3d7eff712518a3d773cfe7fb5f63999c |
memory/4776-354-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-355-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-365-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-377-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/3344-379-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/3344-380-0x0000000000E00000-0x00000000012B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 0150772bb48a1e66a0d812f34c78f522 |
| SHA1 | f56945379b562537ece88f494d75eafbb5f217d2 |
| SHA256 | a1717be81fbf6d9873d7ed0cffba75ac738d2c8e604c953a198fb27389e87ca4 |
| SHA512 | 62b7c2748141805bd9663caa2da01e40ad3b51906b76e010276f29f9dbf5506b296d6027e1e478c6847aec6bcd37ac93487ce1255747c863f1acba2d43991b54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 89dc9c53756a67735eeb6b121a749add |
| SHA1 | 58e1cf7bbdcbca4efcfb0a67c2e69ec281b018fe |
| SHA256 | 21d4cf6ccba3ba890d438527a383f1d91adac4d8f9010753547118cb6f61a034 |
| SHA512 | e0de45014da973dfb66d3b102e692ead5ef0204924ad0bd1440279246f700d3b1360471cbc21af7bf7173907ac253916bc917ea5c657bf7f129ac714c663f67b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | a4a655d487d3ef66027d342c8455aed3 |
| SHA1 | ccae3e73c3751543a20c83e0edc685646463bf96 |
| SHA256 | a3fcb41cd31888ddcf089092506635c0acf22e89a64f05e84474068a9aecc850 |
| SHA512 | 92e19ea4aaabbbd41459917325cef3494dddb975bdcef035a5cd54051cf080a3de00f80e18ba510712e2ef838b2b704251263dbf0a7048f7218290a03ec18c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58c2af.TMP
| MD5 | 02adaf00d25db370aefb43dc67c74a03 |
| SHA1 | 90174010fdbf68367a7d73c2b41c1fc17f6e5a47 |
| SHA256 | 0d92c6175d17f31b0176b39089947e8d372c533c043b66e9a22af167d96456bb |
| SHA512 | 5e178845f2b668562279bb5bb14e58488c514eddf922c9ba9d87ecabea107ac9696c59c6c62647920806f481da938d1a26806a14173eb8ae93420932232d4508 |
memory/4776-417-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-418-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-419-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-420-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-421-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4776-424-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4720-426-0x0000000000E00000-0x00000000012B8000-memory.dmp
memory/4720-427-0x0000000000E00000-0x00000000012B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 9d3682dfb4ec314182a188fe1f266e1d |
| SHA1 | c119590e314f9bcad3ab0731562fe7d555e444c3 |
| SHA256 | 2e4c3c0f877e4b13d642f8748c20ec1b0daf2a3b00bed4cfc9d3d2120ce60ed3 |
| SHA512 | 603892e41d9967e2ac39d199328405e158c364f11d4bac7788524f0f882abe502a8d620d97ba880b3fbf46115cd2cd3c6ee9b531b8b12f1096d251b8e1555878 |
memory/4776-439-0x0000000000E00000-0x00000000012B8000-memory.dmp