Analysis Overview
SHA256
d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469
Threat Level: Known bad
The file d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469 was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Credentials from Password Stores: Credentials from Web Browsers
Downloads MZ/PE file
Reads user/profile data of web browsers
Reads data files stored by FTP clients
Checks BIOS information in registry
Unsecured Credentials: Credentials In Files
Loads dropped DLL
Identifies Wine through registry keys
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Program crash
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-10 04:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-10 04:28
Reported
2024-09-10 04:30
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\08708a82a9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\292feb6f6e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\799de67533.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\799de67533.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\292feb6f6e.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\292feb6f6e.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\1000026000\08708a82a9.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\292feb6f6e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\08708a82a9.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\292feb6f6e.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe
"C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\08708a82a9.exe
"C:\Users\Admin\AppData\Roaming\1000026000\08708a82a9.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3896 -ip 3896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 1220
C:\Users\Admin\AppData\Local\Temp\1000036001\292feb6f6e.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\292feb6f6e.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92fcb46f8,0x7ff92fcb4708,0x7ff92fcb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2408 -ip 2408
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 1068
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2523303224153515344,14056151755642219465,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
memory/5100-0-0x0000000000690000-0x0000000000B20000-memory.dmp
memory/5100-1-0x0000000077EA4000-0x0000000077EA6000-memory.dmp
memory/5100-2-0x0000000000691000-0x00000000006BF000-memory.dmp
memory/5100-3-0x0000000000690000-0x0000000000B20000-memory.dmp
memory/5100-5-0x0000000000690000-0x0000000000B20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 1f168ecf05a514a49417ac8cf81523f1 |
| SHA1 | 4675d4458cdd7b48bdeaaedb954e17b28afc5503 |
| SHA256 | d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469 |
| SHA512 | cec0800341c266fe8edfbae52b8f098f3e474ee4c2912f23abb08bf3184e5f70dc191cd0257e6356b5bf193b8da9140c9dc5286a6da32abb7b403f1e8cd59722 |
memory/5100-17-0x0000000000690000-0x0000000000B20000-memory.dmp
memory/3228-18-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-19-0x0000000000E91000-0x0000000000EBF000-memory.dmp
memory/3228-20-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-21-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-22-0x0000000000E90000-0x0000000001320000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\08708a82a9.exe
| MD5 | f47cc7dc355ae01926f6065316c3bd68 |
| SHA1 | 6b575930185f216e4fa5116fdcc8906eb9f53af9 |
| SHA256 | 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794 |
| SHA512 | cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e |
memory/3896-55-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\292feb6f6e.exe
| MD5 | 38f98be80e6670f46efc8544d762cfd4 |
| SHA1 | fcad2e65d0977f0ab297049d5c9c32450b230d2a |
| SHA256 | fb5cdb8d0f5558d5544c7722e616fbb498b501484f6ad0d1e2a2fe8118574996 |
| SHA512 | 60a0c8f5516b41faa57ec4010eaed39a255ad2c96e58d7ae1273d3ef44196ea50b4f64c52e8301a95e45139ccd52bd9b52d177121ad1c77289bed89ac49c04cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | e9ebb8a980cdec87927e3ab67fc713d1 |
| SHA1 | d93a07c2e041e5530a87af64fe44dab3d8ed2a5d |
| SHA256 | af8f5c327f2df7f13605bf3110bab80dc23ad822f98133930239017b8d044ac8 |
| SHA512 | e3cac121d843aa6206ee304071850df8dc159b4211b32030136286439d652a8de294ce3cd50e04800cd86d0ca7ba3467c39b4d03ef62e8fea8c946e180302b9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | add833069b75a0fa0e26b3624909709f |
| SHA1 | a766c651e47538e8b19cb01f6191293f537690b8 |
| SHA256 | 223a142cf7848020d51c4eafc8bd07a088ce55278ebf629e840a04abd74cbab6 |
| SHA512 | 91834adafa1d2b9cc4f15fbfcd90e163973d9837028b6219c4799be846e0bb02b71a6d67fb96e0f7f86ae78c683a6d5c4d9262c118dbfd0841a2199f10cb272c |
\??\pipe\LOCAL\crashpad_220_DLFAMZLVHNLSNGEW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 5018365fc37461d624f0f990ca231fdf |
| SHA1 | 9e4511dec0f19b7d564389f9a3dbd5aa37722321 |
| SHA256 | eee42354c3f1e93df719b06ac75eeb4bfab62b8af0cc534940234a0a7d18f0cc |
| SHA512 | 74b1f10a6d4907c5fe90d7f201a79a59bed6bdc7f7d1fb8392f835c763d6bd24bc3c0961ab76249a0c37c57765eed0b1a3b2e32b18acd28a50b3bfd7764bef4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\bfb1bbe7-fc83-4f29-9982-3368fb248b5d.tmp
| MD5 | 9911a988305d5a008c93ec7f5702f6e6 |
| SHA1 | 4c186039bf7472f94b9c7b4d2830636ffbca3389 |
| SHA256 | cc26fe66378ffd844eecc5752e535f97128b1e19e109ece616d7452455f760e8 |
| SHA512 | 2b068419590ce45c6f7ac042e5bbaf94334572ae89130ac2caa72b8aa80d8cf00cb7f1b6d71192a4e4c412d06eecddaf6c19f8614f335e52504f355d04be04ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 1a258fa0c208068ad31c274808484c51 |
| SHA1 | 173f2f01125f086dfd2b32602896cee14cc070df |
| SHA256 | 0ad83df3e0cc0fd13f235fc99a48f9ba2d55276157de25a29101c8bdfdc6e1a7 |
| SHA512 | 69411890d2d594d17878288646f9110cff2e147b8c3915bdca3dd4565567c839c2699597bc5d96b7f3398c872ddf61872f468e3308614585f2264646ee89b0e5 |
memory/3228-233-0x0000000000E90000-0x0000000001320000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HINP51UAIXLG1KQC8YON.temp
| MD5 | d14804ea2db475eda46a9d497918ee13 |
| SHA1 | 49f162d314dcb1945b26631372d62eb990950292 |
| SHA256 | 402313e24fef47dbdb92deb0813860a92dc0b0d321fc5abba3e2af513090be95 |
| SHA512 | a01f8ca8ccee458fb1d9215edd173dd90bcf6c3018c587154527302ae6076c7a92be31d38eb51d2149d83ff9bb0c29d15aae76222f29ea6e375e784fbf2cf9d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/3228-269-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/2408-270-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | fa496deeb9b4d11c780cb1cc4544cd13 |
| SHA1 | f786ef1ac44cfd024ed2a30ceaca398610563c5a |
| SHA256 | f4698d00fc4d5040a8ea55e36f42ee12c199c1f3a7db1dfa3e4b2e7d967a6088 |
| SHA512 | 65bc177ceb9dc1101c23d948bd3776a20f7ccff9ff363d31048559ec62967945bf0025a45ffac9dc7aa1ea6d12e4d0817031856596f9f5d7e11310d9e84f7576 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | d9c4de1c530253aabc452f488d49aca5 |
| SHA1 | 954a39425b0cfccaab2334ebc86b0d6899994765 |
| SHA256 | da0941da5091b4b27390b0e6c1a0a595499ec8606c4b59d1bd00152e88fee3ea |
| SHA512 | 02b033f7a565aa168c54e5147613d1891d03e5c5868141781b7051b4de328f1dad3a1e6dd50c44d7d9d01ad7227488d63269db25a1dd16f66fb394aeb053f83d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57ed00.TMP
| MD5 | 19aed8b21bf70b40cb65f0d749c0ef80 |
| SHA1 | fabfe5ad3044e9d824c5024fadf0366a6e646596 |
| SHA256 | 046ad0987cd060556f04141c3b6b09ce96294f765422c17db958ccd6cfaddb02 |
| SHA512 | 6c82d3ab9cbddf9624c7b124cae622fce22b41ace93ba9a8399f2951252785dde0011d8e9160d58a7ab71a579cbbe6eaa38745ac5c7c6b04bc7a274bcf14f816 |
memory/3228-295-0x0000000000E90000-0x0000000001320000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/3228-348-0x0000000000E90000-0x0000000001320000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\c8431748-5eb2-4f95-9ea6-d4c5e1b74ad9.tmp
| MD5 | 60b1f144edd0ba4570842c9f60d7d536 |
| SHA1 | ef3a3e1ecbc11c73aca3aea8657cf94307c42521 |
| SHA256 | c4503955ee94456537a88d6275e28ad216b6fabfdefef461c25985f64324e416 |
| SHA512 | af721dcf65d55348db07b4232fa04c5cff72e6d0987107dbb7bc4e069bb47115d84af572a6d473b429f5cae6312b95b92917d862b9b3eb163b198db585aca628 |
memory/3228-367-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/2552-369-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/2552-370-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-371-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-381-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-391-0x0000000000E90000-0x0000000001320000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 6f58bf6d7d4b2c4b6f2e75a71f776597 |
| SHA1 | 3a020e8ae30fab8c893ef4f2cce1dab9e81bf867 |
| SHA256 | d09c02f622e3226656dec517bc575ff7c8e2191fa01c7768fe1bd9307882786a |
| SHA512 | 9a6794e6d9ed71380abffe5510bd96a2536bafdc6f9cb0ba053ae6bb83d0db252cea2baee5d8b12485178697ac571088bc9cf979ebed9806173ab8db3c90925f |
memory/3228-410-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-411-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-412-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/5948-414-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-415-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-416-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-420-0x0000000000E90000-0x0000000001320000-memory.dmp
memory/3228-423-0x0000000000E90000-0x0000000001320000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-10 04:28
Reported
2024-09-10 04:30
Platform
win11-20240802-en
Max time kernel
149s
Max time network
145s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\HCFIIIJJKJ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\HCFIIIJJKJ.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\HCFIIIJJKJ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\799de67533.exe | N/A |
| N/A | N/A | C:\ProgramData\HCFIIIJJKJ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Wine | C:\ProgramData\HCFIIIJJKJ.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\Run\799de67533.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\799de67533.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\Run\799de67533.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\799de67533.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks installed software on the system
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\ProgramData\HCFIIIJJKJ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\HCFIIIJJKJ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\799de67533.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\799de67533.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe
"C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe
"C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\799de67533.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\799de67533.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\799de67533.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffacdde3cb8,0x7ffacdde3cc8,0x7ffacdde3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\HCFIIIJJKJ.exe"
C:\ProgramData\HCFIIIJJKJ.exe
"C:\ProgramData\HCFIIIJJKJ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3184 -ip 3184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 2476
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7516 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6020 -ip 6020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 1372
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,18084521751948045021,17432991423383107856,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5792 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/5316-0-0x0000000000620000-0x0000000000AB0000-memory.dmp
memory/5316-1-0x0000000077526000-0x0000000077528000-memory.dmp
memory/5316-2-0x0000000000621000-0x000000000064F000-memory.dmp
memory/5316-3-0x0000000000620000-0x0000000000AB0000-memory.dmp
memory/5316-5-0x0000000000620000-0x0000000000AB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 1f168ecf05a514a49417ac8cf81523f1 |
| SHA1 | 4675d4458cdd7b48bdeaaedb954e17b28afc5503 |
| SHA256 | d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469 |
| SHA512 | cec0800341c266fe8edfbae52b8f098f3e474ee4c2912f23abb08bf3184e5f70dc191cd0257e6356b5bf193b8da9140c9dc5286a6da32abb7b403f1e8cd59722 |
memory/5316-18-0x0000000000620000-0x0000000000AB0000-memory.dmp
memory/5072-16-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-19-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-20-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-21-0x0000000000330000-0x00000000007C0000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\1c2c86253d.exe
| MD5 | f47cc7dc355ae01926f6065316c3bd68 |
| SHA1 | 6b575930185f216e4fa5116fdcc8906eb9f53af9 |
| SHA256 | 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794 |
| SHA512 | cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e |
C:\Users\Admin\AppData\Local\Temp\1000036001\799de67533.exe
| MD5 | 38f98be80e6670f46efc8544d762cfd4 |
| SHA1 | fcad2e65d0977f0ab297049d5c9c32450b230d2a |
| SHA256 | fb5cdb8d0f5558d5544c7722e616fbb498b501484f6ad0d1e2a2fe8118574996 |
| SHA512 | 60a0c8f5516b41faa57ec4010eaed39a255ad2c96e58d7ae1273d3ef44196ea50b4f64c52e8301a95e45139ccd52bd9b52d177121ad1c77289bed89ac49c04cf |
memory/3184-62-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 4439872c001ba115c89adfae103bad2f |
| SHA1 | 720a14a6a337b6a593e0496903dfdf3c8dc9453d |
| SHA256 | 5f4e2568a19c4507d658414d2e54a0437d87bdfeee773666ad764f9b70c3c0d9 |
| SHA512 | 5bbe17484e6c0319075b00af9dcb45729ed51d9185de233150e05deebbd5b35073afbeb3c7577a84b80ea91b16a764e36f4951236aa7dc15b1c2e6fef3aabf49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | cbf4ec444abb49d24a2b52b6f2de52b1 |
| SHA1 | 8c619b12827b2219f6334da27c704201fb8ed402 |
| SHA256 | 05b94b01baa75828e05a714e53f4552f56a522026f4216f6fbd59497ea15baa9 |
| SHA512 | 8951d21c284113e92340508be2090d6f6d17d34886776167996c56abeb19f8cf911876c6f2aa42480314a25a14d0779f7b4a42efa8f1ec068537fae5f751500d |
\??\pipe\LOCAL\crashpad_840_DASLSPVSOZTSEZJS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | a705a1b92501ecedd82f0c49df113cf7 |
| SHA1 | 396c951ef7df053970280a445521dafb81fbd4b4 |
| SHA256 | 6c4e071a48ef3601c7061de696799fc9c80a94f84fd141a6eaa72aba268543e9 |
| SHA512 | 8789a76679e56e35508b82936297172ac4245bd99afe0d1f81c5893061792b763ac8118ff045eb9ffd864d9c1455e095e41aad60e69cfb1b0850785350137dc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 21ffdf330b78a757c572383271368c83 |
| SHA1 | 03415cce1c1e71e63dbac98f15edbb1f9a55b94c |
| SHA256 | 54e734d9aa08766452875c5ab5b145af5822042a1158f387feecf2b9aa5bfb58 |
| SHA512 | d2901ad51c39409fadd52d3eb73d01503c79435e0829bafa982f2cbaf189115fff2403130022e5ca035a848d612bb1b1a5098ca5d04a4f277edea522df0bb8f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57bfb6.TMP
| MD5 | ff30bd8de738947fe0c2d56d289394d2 |
| SHA1 | f0675005e16d86f90f577ae8f6f87492b1318b10 |
| SHA256 | 70b8d231c4f6fd04ea95789664953e2fcc99f4e0be2d419002a952ad2db36e6a |
| SHA512 | 80b60694e78fed420554ab2999177c54dc6594ac0d7c0db21d9400e83af1ce4316cea5e2d5017ee8a4196af355d4eec1a83372d5576a0da302d76b535135e68f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 06c4765655ecf816e061f9e8816cabcc |
| SHA1 | bfcdcafc1b01448a54c7e30d048c10aa3b28fd5e |
| SHA256 | cc406674269d0c68ccd488f8110631caff8697bb86299004e0cf513b0e64e4ab |
| SHA512 | e78b7dfc8b99eb1668558f045457ac0200e6c667601b8d5e60d59680106268dfa5a02998694669e14cc7d34781fefc8be57cf054bc1435febd7581736af2c5ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/5072-233-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-257-0x0000000000330000-0x00000000007C0000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/5072-277-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/3184-283-0x0000000000400000-0x000000000247A000-memory.dmp
memory/3104-291-0x0000000000420000-0x00000000008B0000-memory.dmp
memory/6020-289-0x0000000000400000-0x000000000247A000-memory.dmp
memory/3104-293-0x0000000000420000-0x00000000008B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | df20964b2d9e0702d869cb832b658c53 |
| SHA1 | 8bdf5ae70a48de095445b49072d2187865246c04 |
| SHA256 | f7ae6042f558f05091c3e13e6d2c5c1a95deb4499994b6687968ae3f1b5f496a |
| SHA512 | 01288dc917a8fe593c83fc656fc8ebf615e98afb7d275d834549f67c37d6ef1915571073124f0c9bb3a1e3c0de2e94b34f07efc6b4d4cb895c9eadb0e08a4d38 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L6XD8SGRMV6G7HGHA7RA.temp
| MD5 | ece291a1faa584872fd7aeedc2ea7b69 |
| SHA1 | c501f79cc15f6cd08f4c786270a14698b3c6d675 |
| SHA256 | 45cc7b06231a48d979788863153da0873774be2f593700c74a04ac9286b3d8a7 |
| SHA512 | 81c719c4c90e085a9ba446a8b15427f9ccbf0947c28d7ee49d214fbd08802a43dd85e903c3eb89089323e882171bc662f17b8984ce09cddcc2d91d3fa128e9a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/3184-322-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 52dfc636163744e29639edb856a781cf |
| SHA1 | 7772955b5a6d5c417cee3da3037c7479086490dc |
| SHA256 | ac0ae93a3257ec9411b21ed1a94ed4f291a4ebb4df78e359be896d9328319037 |
| SHA512 | 08a0089ccbd18c7ad9c25c7b1c339474174365d22e154b83e9794650e19981e25002d48e512a200a18a4053237069fb9090c9395d47e640d8fd74824616cca27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 1e225598c4523c41fec68c0dab8dda7d |
| SHA1 | 3aa0d6514592289cd27de52fc1a8f8ae12d141c6 |
| SHA256 | ceb72eb509a2b4c76e964fef86de7dd693297092a4a57547c82ee8beafaff02b |
| SHA512 | 5b0389b7ab65de3e024b03d4baf1a64f631a13af387b9beae1c551a4cca732a25f4953e3050491c8a4348d36702a6998c9df16050c87c1a944284d0236c715de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57e7fe.TMP
| MD5 | 81d79714246643910418dfb00707ca1d |
| SHA1 | c2b8deb139b5a6cf5c45e17717c5fdb28f3cec00 |
| SHA256 | a42e3b9dbda7f3f8efa2974489c59913aab3f039791568451b47367b9c344eef |
| SHA512 | 78d08134a48a540cdfd2c8bf8eaacf4baee9a7143fa032da5551de46c7b9ed087056186c5192286cccc3af8b9be4f08555186e909032a5989cd5d1dfa467b29d |
memory/6020-347-0x0000000000400000-0x000000000247A000-memory.dmp
memory/5072-363-0x0000000000330000-0x00000000007C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4cf675c3567a619ee46d4bd4cfcc3913 |
| SHA1 | eb84ec9329d36f16a3c56d0067ca26d815a0a545 |
| SHA256 | f41d61c9e4b9e203bd4755e6e125056ad2ef0246381a6cf617183ced1dc5e2a4 |
| SHA512 | da4988a862b6a27a444dad79ef702ecc2a14905e031b6384a20ef95cc874bfd8bc5a23a397fbe07fd48ede58d4a5ed06aae63866a63764fa4b1aef47e01aad52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 807bbc6c543c31f1dd95f59c2dbaff0f |
| SHA1 | 5832014d9db24f0e8d75985162337d682bd5a6dc |
| SHA256 | 9eecd2aca86e1f4982caafc8cbdd73f7406d413c293e2be9cc7c7702f009ecd2 |
| SHA512 | 4d331088601f4eb6d1baab68b774dad4b656e80984d4756b466da5c91c14da3feb0716074441df332d02e54c1ded45e0161c84bca860dfe21f3d0e609888946f |
memory/5072-405-0x0000000000330000-0x00000000007C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\37c27ce7-6c9d-4e7a-a9d3-af7021913ff3.tmp
| MD5 | ccfbf2871f5a3334b7b8d4a366cb99ad |
| SHA1 | cf72c1e6ba2038b48d0123f128dd935705944c45 |
| SHA256 | 366ebd29daa2bc43f76b624eba5796f9e45e67b5c1782983867380c4b1a37ac8 |
| SHA512 | 5d9d8274418a7beed23a60362efefc7f210f495cbc74412376e0102cf8c734a391e62bc8bb091bc02d7bfb25142eb1172e0e30d5f3561fc23a570d13c8ada97f |
memory/5072-424-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/3668-426-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/3668-428-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-429-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-439-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-451-0x0000000000330000-0x00000000007C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 68633cebd56bdfbe15643988681a61cb |
| SHA1 | bfe204b93140aa8f2b51420184f3c888cb0130eb |
| SHA256 | e4ff2d010693398368ff9b866f9b7f8644f249d6332c819263f1ac30bfc1748c |
| SHA512 | 90958ee462aede2975ae81e482fe246b74bd5a8b809871b8675fe2e665efef0503dcdaf86e997953088409936595623dac0e9bc6e737a34d70d4d2cd6fa5e402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | da18c76cc7012f5b9376a73e46a48055 |
| SHA1 | 5d45a3caf12b0d2fe09bd4549ed86ffc32f1fd8c |
| SHA256 | 8831f3aa506bbf24da1180b236c4466d8630808d07882feb123ed508eb278f22 |
| SHA512 | fde8adf30881eb65dc8b7fa7a0c6f69d322d2c1d5e6744c75d4fa8bde1ac6c8cc0c895745ad49fc6f4dad651ed481f203fbc0583e64c1c84bf4fa7b45b1c7a80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | 3f29779dcf9ebf4f62133a1016faf8cd |
| SHA1 | b0a7e23a18d4d281990bdce13a6b15f20276a84c |
| SHA256 | b5143db943ae71897957887d0617664f031041a5ed716ad4b1f5c81444e5f2c7 |
| SHA512 | a143adfe8f9b894a4655ce4a422bc4cde8798bbebf7a6751705a4f1079f82872f7b7b71060208f39e531e2c8a638585536287638ef092cb5b9a28e65812f6aac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58d7bd.TMP
| MD5 | 80799434d74754406e5bcd62f990cd9c |
| SHA1 | 42835cb46719e5c7e7dc8610302e3121a447e9d2 |
| SHA256 | 0b2c3048ed31bbe987b938832e7722c6e5b1830e7411555de1599adb4dac2b3d |
| SHA512 | 73ec0b4d0c0f92710a7d95571b82c8625162593e711f2ef4e47538009ff2ddc566a13eb14d352f079f4250990f99b57b677bcd19fe2fec89168d43683b33a2f3 |
memory/5072-488-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-489-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-490-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/4548-492-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-493-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-494-0x0000000000330000-0x00000000007C0000-memory.dmp
memory/5072-498-0x0000000000330000-0x00000000007C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | c07747111e56e1b0d9764a0f0c6ac7c8 |
| SHA1 | 19114163be0d40f9e05b15e6a2b613ab0e79ea95 |
| SHA256 | dacd724d37a14658f3c350c873b9ac756023bd525d0c268a1d4c2c9b287a56c6 |
| SHA512 | d2774abb05c30e831822bc8334ca1ecb5cb6c52960e5df8c61bed88bc0c3a943722ddb77998af83a1d1bbf89873f312a5900c39d275bf48dbb5ca314b3d55b6c |
memory/5072-510-0x0000000000330000-0x00000000007C0000-memory.dmp