Analysis Overview
SHA256
1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3
Threat Level: Known bad
The file 1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3 was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks computer location settings
Checks BIOS information in registry
Executes dropped EXE
Identifies Wine through registry keys
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Program crash
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-10 07:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-10 07:07
Reported
2024-09-10 07:10
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\46cd856517.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\f38517831b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\5163d94cda.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f38517831b.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\f38517831b.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5163d94cda.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\5163d94cda.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Roaming\1000026000\46cd856517.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000030001\f38517831b.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\46cd856517.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\f38517831b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\5163d94cda.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\5163d94cda.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe
"C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\46cd856517.exe
"C:\Users\Admin\AppData\Roaming\1000026000\46cd856517.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\f38517831b.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\f38517831b.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2776 -ip 2776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 1012
C:\Users\Admin\AppData\Local\Temp\1000036001\5163d94cda.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\5163d94cda.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbec346f8,0x7ffdbec34708,0x7ffdbec34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7860 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3140 -ip 3140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 1016
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9503697586414757630,484975884257023356,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8392 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/2072-0-0x0000000000BB0000-0x0000000001082000-memory.dmp
memory/2072-1-0x0000000077C84000-0x0000000077C86000-memory.dmp
memory/2072-2-0x0000000000BB1000-0x0000000000BDF000-memory.dmp
memory/2072-3-0x0000000000BB0000-0x0000000001082000-memory.dmp
memory/2072-5-0x0000000000BB0000-0x0000000001082000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | bfc685780b8aa05d0f9fa713cf4ae14b |
| SHA1 | 630d419e10382c75511edd57184e24bea454fc42 |
| SHA256 | 1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3 |
| SHA512 | 508131b3e029dbd6f99286649ad9777c083cb4e1e4e83acd897abf9f64f048788968f9e0a0609ffe94dd981188d6b6deefe009f81faaa6db8fe2e30f364aedf9 |
memory/2072-17-0x0000000000BB0000-0x0000000001082000-memory.dmp
memory/1360-18-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-19-0x0000000000F61000-0x0000000000F8F000-memory.dmp
memory/1360-20-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-21-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-22-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-23-0x0000000000F60000-0x0000000001432000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\46cd856517.exe
| MD5 | f47cc7dc355ae01926f6065316c3bd68 |
| SHA1 | 6b575930185f216e4fa5116fdcc8906eb9f53af9 |
| SHA256 | 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794 |
| SHA512 | cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e |
memory/2776-56-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\5163d94cda.exe
| MD5 | 38f98be80e6670f46efc8544d762cfd4 |
| SHA1 | fcad2e65d0977f0ab297049d5c9c32450b230d2a |
| SHA256 | fb5cdb8d0f5558d5544c7722e616fbb498b501484f6ad0d1e2a2fe8118574996 |
| SHA512 | 60a0c8f5516b41faa57ec4010eaed39a255ad2c96e58d7ae1273d3ef44196ea50b4f64c52e8301a95e45139ccd52bd9b52d177121ad1c77289bed89ac49c04cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | c5c7b9b3a15ca21581b48c59b850ed0f |
| SHA1 | 2f307a020f8c8fe452732267be9ad63c736d3fce |
| SHA256 | 9391a624da0973b09d88326d9a9b4c6914f1efbafefc766633f8cabbf8e02130 |
| SHA512 | cf20753edc5250f1a4a5e97a62af2a8f945ea950ca86ea3047f9b204704f299aa4f977deb9c7dc89d3ee5d3e75fd219c72a7a0e8a7f3748cfab7796ef4a07ef4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 8fdeb0ec556755aec3b2ae3a37c3164b |
| SHA1 | 1df8e2cbb7d35223834b0e843d057a7ddd905c6b |
| SHA256 | 3de9ff0201f21975f7568becc791e9f5ac3bf66a49d3b7d8bcf33ca5e426777a |
| SHA512 | b9ec9e2812f5a6d089afd0b9abd502d03836707583a2f0dbc1c24699871f0149647491b4946aa0eeb2ea6830cedc03f7954816b0c93c8d61c5d3f749233efd64 |
\??\pipe\LOCAL\crashpad_868_TQEQUMYXMUSMPCTG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 84d0309bca6a826a9a700a6e24f8cd12 |
| SHA1 | a397b50eefe83dbebc5799b16e0f5d942b1a57ac |
| SHA256 | 5d8c8fc79086d24c1db349b5f51339028c20f9bf03d25584e479c7522baa1429 |
| SHA512 | 0516925e49ce16a64d3d85cf0fcedb86f81601c88ed3517253679afc0ddf5c2d2d7f7a5e4c35e1d8c5c8ae243fc6959e955d7729dbbdd5cde756a49d2ee552d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\251d2d93-1064-4709-8156-5f6c6b3a0ae6.tmp
| MD5 | c34fc021a126a2c9d8b642322c6add94 |
| SHA1 | 8317d6d4d55ea23c55a1e4baf0ac3a06ad51cbbb |
| SHA256 | e388d63b872269ca424f80a7ab4e2b9f9b90d2c22543a93472f3974663e9ddbb |
| SHA512 | 84e83bfff2789cc7c5d8832b174553574ccbbb4ad8c468e941f03d5344686d26d44a229b4c2be0475d76f7a3410dcb9bfad752e288cfdfd5dc8905dff0433e11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | f6e5d4b64c4d48ab227eedad849c8239 |
| SHA1 | 26d8188b637fee22e30f536c650bb5a7bceeab9c |
| SHA256 | 9c8db9e0859703785368b5f0c0b5466d3732ecf2463716b0672c48cc5d87a999 |
| SHA512 | c6a015c7a408495745cefff5d8bf181ddda0f1c4e7813e87ebf3c09ddb5468fd20847ec58d16b797650a94208f90c007a306fd30c9b923c8d78ed863a5139649 |
memory/1360-230-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/2700-232-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/2700-233-0x0000000000F60000-0x0000000001432000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\H3TA20FT6PDXYRVAKYC0.temp
| MD5 | 585e10d1cae7cd63bd7e9de57e0395a4 |
| SHA1 | f4cfbeb8038f9fb8a57d047e3fadf15f899f262d |
| SHA256 | f347fbfbff3f9e26f7b0ead5425bcb13f98b64e5a71dbcb3743ad5392ace8b6b |
| SHA512 | 657a3d5e0be9b5977309675061ddfd55458bc701f670207ddeb2f737704aa5e2fd6c8d79ef2590cc8d036d4c5698ef12dad3081c213a41066b69a5ac0469e521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/1360-270-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-269-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/3140-271-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 8bb31d69b08155612bdcc86d41b40e7e |
| SHA1 | 5a078f1a4cc18a86d77910e414867e76edaa2a71 |
| SHA256 | 86030d956fee44efb1dd1b90a2c98d9b080e0769d5ecfb66cfe2fc1e3830a6bb |
| SHA512 | e08c5cba6e88e06052370a2e2482d46fd5d6f6dcd5cc6500a897cb7e77214bdced13b0ada8b7b701177d5426f864fad285375a229b03676594bc2488a2e36d87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57d205.TMP
| MD5 | c5184f3daf49aa88be341fff52476f57 |
| SHA1 | f22c6fe12862122acb2f5a189d5b9151ae7036a5 |
| SHA256 | ae049eb705f0a6b0a8eb08c97173191053ce8924b9f0928539ed438ab63476f7 |
| SHA512 | 3e7520c4a24cdc2ed8c8c384fc1306ad5c3de505576ca923768dd9622fde2ecca13f85440ebf29ed4b08d55b3beaa1e28697bae2f8b988033f54ae69397b7bff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | e55b31236a07d5c8150ef3c4fb2a740d |
| SHA1 | 1a22be867e5bcbf6ccc3b43b20db0e3c0808d8f3 |
| SHA256 | 3581e4ccdb2851b30a044f33a6671470a9bf0938dea06e37c64296b0541b71e2 |
| SHA512 | 58294e9874980b78da3197248c1bc5a829b65f5a33f64b936a92358076f884f52e449a8f3f621499b96fc416ace67d5eddfbe6642ffee0dfe55df7b836d1f2ff |
memory/1360-296-0x0000000000F60000-0x0000000001432000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/1360-349-0x0000000000F60000-0x0000000001432000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\afadbaf3-c17c-4530-9c61-95d9d61cc61a.tmp
| MD5 | 06c0ec908e2d28287f4d7472f50f8cd1 |
| SHA1 | 5f0bb3221c88bab77e6008ba97d172278af8f1dd |
| SHA256 | 227f56d63e98983bec31265ea8c0b2cbde8d119bf8642d74018a9df0d39aebcc |
| SHA512 | 1c1556108395f32947e577e3b95f367fafc9d7664ee63b6968cad2fb8011f394d1a11e3a419883eb6c8ad6a464f7dbb7bc3b1db1ce7496257cb3ae70e2dc4186 |
memory/1360-368-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-369-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-379-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/5524-390-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/5524-392-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-393-0x0000000000F60000-0x0000000001432000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | a235e0026921d6740d1a14b94882393e |
| SHA1 | 363e1a69c502f9cfe17d0636b11eb52e926086e7 |
| SHA256 | 3ac0d06af286e7c92d4ea6429ee2f6ecf8a597a64ade28a78d9b14cd9ef2db92 |
| SHA512 | 511205fc23d9a64c5c036bdba3125801fe33848305035bb64923480612a74010764c53cf0dcb85595b1a976224eb99de03a17e72cbd1c138a5f95dc74d37bf54 |
memory/1360-412-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-413-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-414-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-415-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-416-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/5312-420-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-421-0x0000000000F60000-0x0000000001432000-memory.dmp
memory/1360-424-0x0000000000F60000-0x0000000001432000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-10 07:07
Reported
2024-09-10 07:10
Platform
win11-20240802-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\f38517831b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\5163d94cda.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\f1a9ce1798.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\388ce3a3f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\388ce3a3f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\04ca76992c.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\388ce3a3f1.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\388ce3a3f1.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\04ca76992c.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\04ca76992c.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\5163d94cda.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\5163d94cda.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\f1a9ce1798.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\f1a9ce1798.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\f38517831b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\388ce3a3f1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\388ce3a3f1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\5163d94cda.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\f1a9ce1798.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\04ca76992c.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\f1a9ce1798.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe
"C:\Users\Admin\AppData\Local\Temp\1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\f38517831b.exe
"C:\Users\Admin\AppData\Roaming\1000026000\f38517831b.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\5163d94cda.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\5163d94cda.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1368 -ip 1368
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 1364
C:\Users\Admin\AppData\Local\Temp\1000036001\f1a9ce1798.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\f1a9ce1798.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb00c83cb8,0x7ffb00c83cc8,0x7ffb00c83cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2276 -ip 2276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 1352
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7560 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2580 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Roaming\1000026000\388ce3a3f1.exe
"C:\Users\Admin\AppData\Roaming\1000026000\388ce3a3f1.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\388ce3a3f1.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\388ce3a3f1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1352 -ip 1352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 1096
C:\Users\Admin\AppData\Local\Temp\1000036001\04ca76992c.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\04ca76992c.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb00c83cb8,0x7ffb00c83cc8,0x7ffb00c83cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,11847790078643175677,10893535610745495948,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,11847790078643175677,10893535610745495948,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,11067312511108494530,10180979840515905799,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 776 -ip 776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 1372
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
Files
memory/668-0-0x0000000000650000-0x0000000000B22000-memory.dmp
memory/668-1-0x0000000077666000-0x0000000077668000-memory.dmp
memory/668-2-0x0000000000651000-0x000000000067F000-memory.dmp
memory/668-3-0x0000000000650000-0x0000000000B22000-memory.dmp
memory/668-4-0x0000000000650000-0x0000000000B22000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | bfc685780b8aa05d0f9fa713cf4ae14b |
| SHA1 | 630d419e10382c75511edd57184e24bea454fc42 |
| SHA256 | 1b4ea9e6e51cee478601ead6d4749263552def041cafff0af2b4b5b39798acf3 |
| SHA512 | 508131b3e029dbd6f99286649ad9777c083cb4e1e4e83acd897abf9f64f048788968f9e0a0609ffe94dd981188d6b6deefe009f81faaa6db8fe2e30f364aedf9 |
memory/3492-17-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/668-16-0x0000000000650000-0x0000000000B22000-memory.dmp
memory/3492-19-0x0000000000D91000-0x0000000000DBF000-memory.dmp
memory/3492-20-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3492-21-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3492-22-0x0000000000D90000-0x0000000001262000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\f38517831b.exe
| MD5 | f47cc7dc355ae01926f6065316c3bd68 |
| SHA1 | 6b575930185f216e4fa5116fdcc8906eb9f53af9 |
| SHA256 | 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794 |
| SHA512 | cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e |
memory/1368-55-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\f1a9ce1798.exe
| MD5 | 38f98be80e6670f46efc8544d762cfd4 |
| SHA1 | fcad2e65d0977f0ab297049d5c9c32450b230d2a |
| SHA256 | fb5cdb8d0f5558d5544c7722e616fbb498b501484f6ad0d1e2a2fe8118574996 |
| SHA512 | 60a0c8f5516b41faa57ec4010eaed39a255ad2c96e58d7ae1273d3ef44196ea50b4f64c52e8301a95e45139ccd52bd9b52d177121ad1c77289bed89ac49c04cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 3c968c32c657d260c1b6078ebe87c8a4 |
| SHA1 | cfcd60b1f6f41f121604125d23ce0b78185a68fc |
| SHA256 | 1fb2d5ab4e386b549167525a278402ec675ffce4acf685119bfc9d8b9a68a0b0 |
| SHA512 | a08ac1fa0940fbd2c8cef2285966e3afcf749909e9777d9150f344adba274cb440a677bffe95c4972f5ec793efb4d7c6e616937d042f4016a2da58e4442f5dee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 78292c1af8f04539b9e95d9fa43a3964 |
| SHA1 | 7a1eb3b378120897a2af5fc82248a9abdf6ff39b |
| SHA256 | 8dd133565af8c70499ef5f16560e4cf69c8afa69b38221f8f9c487219849c3fa |
| SHA512 | 9bff5d58fa0f82e5b9d4f7803458841ceed59348b2b4418af0a934ba19789bdeb0ab432dc209a8b5b3f5bc3214fbacbf86d87b02ca3a413a7d2a3e5cc71d6c15 |
\??\pipe\LOCAL\crashpad_224_QIAQWKZABRBMMTBZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 68a94f860d2ba587386c05f4dbe2fef4 |
| SHA1 | 63050e56eabb11d1710d33e5c09c7590b133f123 |
| SHA256 | 136777af6d4d02656ef4997c05b7a7c706607c4d49f27b2acf481d7f04ec892b |
| SHA512 | 24aa47a686c6d2d324d3c546da5c90c038f1e7e3ceb181ab59eec922c1e553092ca53975e22fb862dd274bd57bf031111b6cb86997cdae05298216d4fa6a76c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 49075f823c900dbd908319fe3591b60e |
| SHA1 | 74b2784267c518d33176e3a365933315f63310b9 |
| SHA256 | 7a3b83eb3835ba61e5a8bfba5c6902550d4403861946285135dfdcdfef44e78b |
| SHA512 | dddb5f2e809a18272be283f8223f30923ea91ae80b6eb988bdcc9fca873a71c692e682f0a226d62adfe7f4c71899e3e01d1616f593062a847d6c3127ae1ed2fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57d513.TMP
| MD5 | ef78f36cb728b360e094644f080cb7e1 |
| SHA1 | 4e303a53c4edc273e8b45e7b2562f8a9553af34e |
| SHA256 | c43331ddc0e0593f2d378c16507ac25ba2f868f9ceaf26f828ca85c7db9ce834 |
| SHA512 | d1a903acf7f40a18235cb6f4afe2047924623c8f585f5611d370a9c42d413cf3a440393fef14c18e85ba3f1561719f68aef182c00cf68d6edcf5539c230922a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 175d0a7a41f14e0ac961a0cbc31e6c70 |
| SHA1 | 9f674656c1c50a49c2c6c0f072e2a6af3779829d |
| SHA256 | 17d8f9bdd758d75754ba3dd0a19eac494aa2be52c8c984482e123116606c6374 |
| SHA512 | 4ac0e075a91076003f09aa78385d80aab85e46a0262a777a209c11930d2bc1c1e3faa5317e28c0b3f57d7864681e2c84d2c32b0075c4e7f78a38e506ded05aec |
memory/3492-192-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/2600-193-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/2600-202-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/2276-219-0x0000000000400000-0x000000000247A000-memory.dmp
memory/3492-221-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3492-220-0x0000000000D90000-0x0000000001262000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 0ee17c6c4c0a2e8ed2f6f8ea388e0309 |
| SHA1 | b40b56db3fa1ee612deb44cdaa8338da9c5fab9f |
| SHA256 | 88aa87d93e3fe56497fbdb2465cc303cf5b3a735bab3eb3856b7ef723e49f6de |
| SHA512 | bba7eeff3e616a2b476c8077ba2c4748ea21c7972d619bb91b57be4c1253a9ccec84419544a0cc7e6a378d26a56c4d25e8e01a24a68a9b68d68f980e30d3c410 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 10146ea93ee58f319304048077630a39 |
| SHA1 | acd18952b48cb218476284a8a297ad498426cc8b |
| SHA256 | 546dc7d4d7d8eb318bebce89e67b72da26ec711f7be6104490293e73326e1f2b |
| SHA512 | a1e2bafdd2fae6e61621dc1b29839ae478313a9bc701660c5fe50bbff7b0989f168bd53a01fb9954a27f2f64cd728680fa031a0214488e7940941b3a3916b6c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57fcfd.TMP
| MD5 | 7969dacd230d525c6390cdb95641b777 |
| SHA1 | 1caf2616cbd3e5d9425b92e26c4304442dd2b913 |
| SHA256 | d7932b0c1137207646db4cc79e224c57a6574f574a0abc2424460dc82a478843 |
| SHA512 | a48f21101e08dffdf63468c941091f639e4046a627cee3c0493a07e677838bc539d26a2123d5eb30dcad414f2560ae71d451a1ed05894e1cc8d8f124bfa4e5e3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | 31e428405989f7f0de195f86e9be268f |
| SHA1 | acb77922a14be704d3ef24d1e687b79095e0d775 |
| SHA256 | e4bc97ea02ce41f52cf301de98d74774b6c56a6f4ca3e7a2938bd927ce0bfdb9 |
| SHA512 | a0420c30335c392d2d753fa2ac8d40bc97fc28c9fc0363f0c1cfe47220d7484377d82c6363fafe120c595335598cebf72a623ac41ccd3894b499633b77d84db5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/3492-288-0x0000000000D90000-0x0000000001262000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
| MD5 | f2c09d1cad02f9e5b08e6297b54ae0d2 |
| SHA1 | 51404763e1e0ef52903945d2e6a3951091bfb536 |
| SHA256 | 1966739963bc2393daa79686407c3854a8286d0d061a84feabe78afc411ff321 |
| SHA512 | d7341d028c2fcf8470ca4ca8f442ffd31f38bf35c7a5ce4b14aa228be98f3320c486f1197defd6f6912f27afb0966acebbe122938f411fc4948f5e8a747d4a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe5825a4.TMP
| MD5 | 10f2f4306bda91c14a177c65933fa1cb |
| SHA1 | 31f6be47627ae839bf22dfd5bd4a5500812e11ae |
| SHA256 | 4d6b1f79837a98fc089acc58e858f4abfffed9bf666a6d73a1a24447d97ab8d0 |
| SHA512 | 1420c82d4c18e3bcf97077ecccca2870eb7236b17987386ae135ac8ec9a3b3d3191b892a171d91f2f494ae79ce7c12cdf5b6ad2f4c629ea962d7fdcd2142224b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e2bf46d6c5b9954f7dfeb2d88ac1574a |
| SHA1 | 6921e00a1f3bec4498abb49aee9409a9465705ab |
| SHA256 | 96219b2dfff94f1e79c465abb31b09774e3d04f15c639b957d4f2dbd26b72ed3 |
| SHA512 | ed8e9c39ea555245125e094f5f772c2dea380f6f4198e6f56c3c49ea9c5f6a8897fd9c1ded06216a413d99ee6d67a5958da8dd63afcf50c68c7813db3215c7bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0811d5734e9cd4e1d83097c2d8729bc9 |
| SHA1 | 6561c996e89141e8dfa61b2110655abb8bd0e5a4 |
| SHA256 | 020a20ddad544404d66e0d01730d9126097556d7547e9dd77d4d1710eb278886 |
| SHA512 | 30af1b5ea8a074b7fc0fc317a1e7b0d5681b078a036cb70e2e895400e1414218ead11182d31f6222e9e79bb0a0c8a1d97f56e1eacd488aa79aeabaee507cffa8 |
memory/3492-348-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3492-358-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3492-359-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3492-369-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3728-382-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/3492-383-0x0000000000D90000-0x0000000001262000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 549b811e51b76be3f1f17c34dcb1379d |
| SHA1 | b5017240043d15a0f4c81aa8fa1f561e5005a67d |
| SHA256 | dcb63ad45feb40d899c2464b987fbac681b2c31bf41a9542ba36584abebe8ae5 |
| SHA512 | 9dffe9645835ddac2a7b000de75af775b95bbb1ef22431f37b3f3746b283c14303d52384c4ca9f2f7e8e763fa851f355a10af53d0d6ff3164a8b04ca1cdcfaa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | cfc4d7a131ea78bb8866f9a43595726d |
| SHA1 | 78d71223fa98739766f9f0ee71e362d59e5b5a44 |
| SHA256 | b8355fde54b3e0120ad1c33d71b275b48a1d812e460c5b4ae10e49fd3c10b8b4 |
| SHA512 | 3d83572c6809f6625a2f9ec6630405e32cc4b8330decc12fb8cdf2f7a6f0658341c6e9b640fd8ad8da0ad89f0a80f512ac7ee6af3240cfad8d749921fdc5aea3 |
memory/3492-411-0x0000000000D90000-0x0000000001262000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | cab5c18155618d0bc107dddc7b406939 |
| SHA1 | 66dc3703cae22d337782ae04c87d08c84db6970c |
| SHA256 | 25251f26d44fb8d8f930ab76579f3727cc921d4b246651cce89076eade56ae8d |
| SHA512 | af767893297b6585e1bc35c217fbf07e0fb56cc20bfbe944d85d13c507d0694f0dab0011dfcf9f8ab838d7f2e110bb2461bc2f01c79bec039b1f8ff84c7afe3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58fb14.TMP
| MD5 | 32f9591c51fa003fded4a3a0eb0e76da |
| SHA1 | 4b4fad0210264d922c5c425a284f4d945e824bf3 |
| SHA256 | ca58056461ef0eb849bb327d81e4f2143bd4cb575346c09d0e0118dea5122e42 |
| SHA512 | 1389fc92884a58fa00f4f811358f1d85d1d2d63254e78180f2e5e87942b8b12c1ca405a988012b481073c458394a6011160ab24435fd729ee68dac3f08d94f30 |
memory/3492-421-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/1352-456-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
| MD5 | 1c0dc74b5681a479429b9175a64c862d |
| SHA1 | 88a18353a035392ffcd5a00676a3181bb9ffe33d |
| SHA256 | a0ae3ec73ed2bc312fa5ecd9bb6f086375d947d60bf545bac82b5bf1ec88ecef |
| SHA512 | 942b56290143532cea75cd9def207b8429266ab2189f0a856d40b645ce25f095ee497f4abd38195fbdab04851b41187d77b7481f2264c24dedddada78bafb980 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | bb300a0647c027165db47260f1f93261 |
| SHA1 | b57bbdd62422e6b97415ed10a033f6365c73e072 |
| SHA256 | cfd32f305b8a10b9101a39a17efd100224a835c397f6c93f7f0703e63fbd95da |
| SHA512 | ab8ff5c036360e86923f7af18699d46ec50253deba8ac75a0843cb60e8a474fdf4b0edd5a8963bad9f872ae95e1dbee37b53964899e60393acbc8a623d4f699a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | cb3e8191d2e52f3677855afd0f8b5b39 |
| SHA1 | 3520217178cd5d08b7cb524a4f652d2ddaf15b59 |
| SHA256 | 295c9e9bb0712db1f44fcada4eb0deddc39adb997313859f5c692cd000d84621 |
| SHA512 | b54441b4b9787034a50e0c5c2a7b9e6effadd86a737a1cce856531de3dba625efb4f04a2f9a61a122cc2ae1e27b3efa459748a122b5ed2f029d79eeb607b55bb |
memory/776-529-0x0000000000400000-0x000000000247A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 000d1990c9d4169bb9c7b2049da53ef1 |
| SHA1 | edabe666ff73b72c28a4aeeccc2d8565bbdd6c9f |
| SHA256 | ba1a03843f8a1bf804850e51ad7e19efe463c94bf27f6c936164f8cc6104e9d2 |
| SHA512 | 3580483eba1924491047bb0fab148fb566daf78d3de5d00037fc7cdf62c9c43b3b1391ffc2674e494d91fe2aa95b82c0b3c4a4e97565f4c1c0616a3fe57859f8 |
memory/2372-539-0x0000000000D90000-0x0000000001262000-memory.dmp
memory/2372-540-0x0000000000D90000-0x0000000001262000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | a9a4a8aba5fa08453bd5131b0547102b |
| SHA1 | c25bf17fb6d73ff81394ebb88da4a715703bf15f |
| SHA256 | 129e3087f387096a9d0e61e445fd2fd018f95a8a25a4adeb4c0e201c81f563db |
| SHA512 | 91afa9fb9dee12fb59a6f22cf1933e5012f4b429e67c3e6b0dee4de4c0346c9700719e650277f8900d8007a2d268393017f1334e5d73b23606184eafc005d521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
| MD5 | 27464221ad2c694db152f52b513dc4f9 |
| SHA1 | d2336e4cc8eddd03e659987b62a6ca9d8007a8f4 |
| SHA256 | 7e24d755d98985b473e3c84b599ad48920b1618d79ddd79cc0a35d887f1418dd |
| SHA512 | b0c3c10934daca44f27fadff0c48fbe1f8368d98e849eb1671581cf594a0d9387568bfb53771cc37ec45be9a7a1a17aa7f35324ed0db912947bd6973a45effa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 0b97b25e4e9df8c579ff484665e5bafd |
| SHA1 | 67ff18e7d4700019ab784561e9cc6b36833b12de |
| SHA256 | 1165f9a69221d94945a26b8d93f7b603a6222f0976f94bba69903e5133435a17 |
| SHA512 | fb04ee8eeca07ad9e29b7642a99ed127066f35f73843f0826e24e3db4c51a02ef62486da053619a4b74c53ec96ac18edfe76bc59f2ac1f61f154f930938f2f1f |