Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-09-2024 09:22

General

  • Target

    0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608.exe

  • Size

    1.8MB

  • MD5

    5bfca15aa84b99438a129e0ecaca71c9

  • SHA1

    85105b5989d512fcc2e3b221ecceb1e71b6585b3

  • SHA256

    0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608

  • SHA512

    55af92d4906f1c3f5e2156f4c7090996859514ea44d2adf37b2dcec8d12e03bfef3d366eb6fed55e96079f86c3e92f4a033d6a68aa810460113abbe9affd6231

  • SSDEEP

    49152:RwlsOTS+WEawXwvwfU/ISghvH6HO2OgDujjCEYdz3Q6y:63pwYO+hvH6HO2O5jjC9U

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

c7817d

C2

http://31.41.244.10

Attributes
  • install_dir

    0e8d0864aa

  • install_file

    svoutse.exe

  • strings_key

    5481b88a6ef75bcf21333988a4e47048

  • url_paths

    /Dem7kTu/index.php

rc4.plain

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Stealc

    Stealc is an infostealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608.exe
    "C:\Users\Admin\AppData\Local\Temp\0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
      "C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:5076
      • C:\Users\Admin\AppData\Roaming\1000026000\58b49406f3.exe
        "C:\Users\Admin\AppData\Roaming\1000026000\58b49406f3.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4996
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 1020
          4⤵
          • Program crash
          PID:4296
      • C:\Users\Admin\AppData\Local\Temp\1000030001\5330f2cf0d.exe
        "C:\Users\Admin\AppData\Local\Temp\1000030001\5330f2cf0d.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1084
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 1032
          4⤵
          • Program crash
          PID:5256
      • C:\Users\Admin\AppData\Local\Temp\1000036001\150697483f.exe
        "C:\Users\Admin\AppData\Local\Temp\1000036001\150697483f.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
          4⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2456
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ff850dfd198,0x7ff850dfd1a4,0x7ff850dfd1b0
            5⤵
              PID:588
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2244,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
              5⤵
                PID:1912
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1860,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:3
                5⤵
                  PID:1020
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2424,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=2516 /prefetch:8
                  5⤵
                    PID:3092
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3320,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=3344 /prefetch:1
                    5⤵
                      PID:2448
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:1
                      5⤵
                        PID:3912
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4476,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:1
                        5⤵
                          PID:2344
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:2
                          5⤵
                            PID:5128
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4656,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4676 /prefetch:1
                            5⤵
                              PID:5136
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4628,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:2
                              5⤵
                                PID:5144
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5016,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:2
                                5⤵
                                  PID:5152
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5180,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:2
                                  5⤵
                                    PID:5196
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5320,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
                                    5⤵
                                      PID:5208
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5340,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:2
                                      5⤵
                                        PID:5304
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5492,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1
                                        5⤵
                                          PID:5364
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5508,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:2
                                          5⤵
                                            PID:5388
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5392,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6308 /prefetch:1
                                            5⤵
                                              PID:5396
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5540,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:2
                                              5⤵
                                                PID:5408
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5776,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6564 /prefetch:1
                                                5⤵
                                                  PID:5424
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5784,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:2
                                                  5⤵
                                                    PID:5468
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5800,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:1
                                                    5⤵
                                                      PID:5476
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5736,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:2
                                                      5⤵
                                                        PID:5496
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6700,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:1
                                                        5⤵
                                                          PID:5124
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5788,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7388 /prefetch:1
                                                          5⤵
                                                            PID:5212
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7364,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7412 /prefetch:1
                                                            5⤵
                                                              PID:5208
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7632,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:1
                                                              5⤵
                                                                PID:5396
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7736,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7772 /prefetch:1
                                                                5⤵
                                                                  PID:5428
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7748,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:1
                                                                  5⤵
                                                                    PID:5488
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7764,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7800 /prefetch:1
                                                                    5⤵
                                                                      PID:5508
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6424,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7792 /prefetch:1
                                                                      5⤵
                                                                        PID:5516
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5216,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:1
                                                                        5⤵
                                                                          PID:5204
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=6156,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
                                                                          5⤵
                                                                            PID:1884
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4804,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:8
                                                                            5⤵
                                                                              PID:2340
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4804,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:8
                                                                              5⤵
                                                                                PID:5380
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5660,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:8
                                                                                5⤵
                                                                                  PID:5944
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=7052,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
                                                                                  5⤵
                                                                                    PID:5968
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5672,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
                                                                                    5⤵
                                                                                      PID:5776
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7988,i,10339527885578989513,12180451786339286287,262144 --disable-features=TranslateUI --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:8
                                                                                      5⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:6072
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4388,i,1828333185976713750,7918646547767660928,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
                                                                              1⤵
                                                                                PID:3684
                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4996 -ip 4996
                                                                                1⤵
                                                                                  PID:4844
                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1084 -ip 1084
                                                                                  1⤵
                                                                                    PID:1704
                                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                                    1⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Identifies Wine through registry keys
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:3776
                                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                                    1⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Identifies Wine through registry keys
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:3840
                                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
                                                                                    1⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Identifies Wine through registry keys
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:1528

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    280B

                                                                                    MD5

                                                                                    d6af0a5e387e931af608eb8d6790ff00

                                                                                    SHA1

                                                                                    898b92b6b53c3f8d8e62e501d044c7b9b71eea65

                                                                                    SHA256

                                                                                    64c9499183ec7ea5a770103015b1771f9900c30f6676547befb90fa7ce3efee0

                                                                                    SHA512

                                                                                    3a7042a8528630f0f5ddba0e639c3827fde7d0ff4fff472f8457cea1bee4bc69cba158f55c428dcab5eba3178805367268cebe73f408bb03b143840f62c0a5ea

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    280B

                                                                                    MD5

                                                                                    5b57eb18c876dc8ce83f272a13abcd96

                                                                                    SHA1

                                                                                    26f1535e898c0089ac47ab872d068f069414f7ac

                                                                                    SHA256

                                                                                    a347c3bb8590973a8157fc689afb2a3458d0be3b85007d5e964db8bafdc09092

                                                                                    SHA512

                                                                                    b02c1e7e16eee43052297bb00daa625de6bd56769dfaa47dcc686cac79df591ce07743156b24695f42e04b70a14b4631bf45c831420d3235f45f83bd3d0bc91d

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

                                                                                    Filesize

                                                                                    20B

                                                                                    MD5

                                                                                    9e4e94633b73f4a7680240a0ffd6cd2c

                                                                                    SHA1

                                                                                    e68e02453ce22736169a56fdb59043d33668368f

                                                                                    SHA256

                                                                                    41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                                    SHA512

                                                                                    193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\097deddd-bfc4-47d2-a9e3-378adea134c9.tmp

                                                                                    Filesize

                                                                                    23KB

                                                                                    MD5

                                                                                    5fa8eb5cbffdf6e30b2c77117ae8f235

                                                                                    SHA1

                                                                                    e7f9916bcd2322bf46ae59c623498016cdc146f5

                                                                                    SHA256

                                                                                    d2981bd9e82a86d671df9c1035cb04f00f86faf06e555eefdd52a43ce6819b69

                                                                                    SHA512

                                                                                    51375b2485d96751674c1766d8f3551faac9e741a02e1ea88299849a26745c90bf600f65007326d0a112056213aaebbaf5203c27efb2e8c164930a3836866806

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\582b0b12-5a8a-4a4e-b750-e7176b8b8ad9.tmp

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    14321ea7d58c33f36a2c0cbd2c14cce9

                                                                                    SHA1

                                                                                    4b4387dd81e9b376bd236736c4296448a4fcdaa5

                                                                                    SHA256

                                                                                    fc24fda70b4df5aec7bb333242e26ae96cdc792b9e53162b438c13769105ce17

                                                                                    SHA512

                                                                                    ee890615aea81648b7c42726aee91a07dbbfcb1b52c4655fb3d05bf7a84e3cc8cbae3f48162d7c1b306777bff5b112bbe3f33419899f9679ea1852c08150bee6

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

                                                                                    Filesize

                                                                                    408B

                                                                                    MD5

                                                                                    bedbe591977edc359f1a25c71e2074a3

                                                                                    SHA1

                                                                                    66e3e5777d687da816085fd6bc134fdf005e80c4

                                                                                    SHA256

                                                                                    3ef5c4240755ca3451f6abd90857b54603bc1250fed1d1a9ccf131c27315d949

                                                                                    SHA512

                                                                                    7bc3e6816175a577f3ea122612dfe69bc754d42312c7bdaacc73b0b3f669cc4c9e3858779e8343f17e53fae670744f646a0e8e29cd3c64f2b407fbed3707f4db

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index~RFe58a2c3.TMP

                                                                                    Filesize

                                                                                    48B

                                                                                    MD5

                                                                                    f995ad334b9e9b4ffe1412cd73b0f6a1

                                                                                    SHA1

                                                                                    32499d15930aa89a8a8b877d8699beb870b3a64a

                                                                                    SHA256

                                                                                    f10e528ab83de646c7585da383d205d0fa772b2db33107b2f73a3bd2d43523b1

                                                                                    SHA512

                                                                                    a014c19422110b6e0493546a47bad630e900eed2031a038a07fda227e3df3cdaaa3834fe5d72055207067ee96e697160a1231e7d9b31e04ec45fc2c8f52f51d5

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnGraphiteCache\index

                                                                                    Filesize

                                                                                    256KB

                                                                                    MD5

                                                                                    235671cd49fd91cb93806cedc61144ca

                                                                                    SHA1

                                                                                    b336b10da0f032fd7888cb91a0f1f21cf5f05eda

                                                                                    SHA256

                                                                                    525db64e8aac9e699e2ef32d5e67984a19861fffc012f483c8ca9216de44cdd5

                                                                                    SHA512

                                                                                    f88ff73805b2e8dd5b3969f097951eaf4d459c6c2017de99c22d97e32b649c5859d3a51caa871de6cc58f79bdf7faef98608099e33e5605b4fd33c12346fbd2f

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\CURRENT

                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    46295cac801e5d4857d09837238a6394

                                                                                    SHA1

                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                    SHA256

                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                    SHA512

                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\MANIFEST-000001

                                                                                    Filesize

                                                                                    41B

                                                                                    MD5

                                                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                    SHA1

                                                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                    SHA256

                                                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                    SHA512

                                                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State

                                                                                    Filesize

                                                                                    627B

                                                                                    MD5

                                                                                    fe8e2eeca47a32aaeb376eccafa59459

                                                                                    SHA1

                                                                                    88b8bd6d1337fee21135bd3fd7dd541ebcbc5cd3

                                                                                    SHA256

                                                                                    e227d2dc33bfb57872de8815f4700f4e52be607d770cd648f884e7e115a5e3c3

                                                                                    SHA512

                                                                                    56783d5890c9bfd1f45d596a4eeaf1abc221d29e17f79c86156a8f936fa5841a06abb051390cd7736cd915361401de978e94d7e66459ddb27be8378db17ec5de

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State

                                                                                    Filesize

                                                                                    59B

                                                                                    MD5

                                                                                    2800881c775077e1c4b6e06bf4676de4

                                                                                    SHA1

                                                                                    2873631068c8b3b9495638c865915be822442c8b

                                                                                    SHA256

                                                                                    226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                    SHA512

                                                                                    e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\SCT Auditing Pending Reports

                                                                                    Filesize

                                                                                    2B

                                                                                    MD5

                                                                                    d751713988987e9331980363e24189ce

                                                                                    SHA1

                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                    SHA256

                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                    SHA512

                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

                                                                                    Filesize

                                                                                    7KB

                                                                                    MD5

                                                                                    7e8adba352f1011a5b19699709807a11

                                                                                    SHA1

                                                                                    61ce4d26e28883acfd935f9a9276c59f1e716923

                                                                                    SHA256

                                                                                    9da374e9e1c78fb9b43612b6fa53d994a1c0d259c5279682b68f82f09a9a79f3

                                                                                    SHA512

                                                                                    d0449730ee3584afa9f5736da60aea48414112f5ec0b0e0c155e1b2b35903c734876bb29b3c34a26144531b34720879352641c3453ee522538fde14969373405

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Shared Dictionary\cache\index

                                                                                    Filesize

                                                                                    24B

                                                                                    MD5

                                                                                    54cb446f628b2ea4a5bce5769910512e

                                                                                    SHA1

                                                                                    c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                                    SHA256

                                                                                    fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                                    SHA512

                                                                                    8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index

                                                                                    Filesize

                                                                                    72B

                                                                                    MD5

                                                                                    9f76864b0de2d66cdc29aecee551d08a

                                                                                    SHA1

                                                                                    83afe4b781ce358030703900ccac01cf07560fd6

                                                                                    SHA256

                                                                                    0ca7f7630662ba8705d1fd14dc4f4898cd4f2297a73a357cc2a51d60132f1671

                                                                                    SHA512

                                                                                    3be2081d592b3e4e00add3aad9578f7b2262dc16901e563b431bd83299f786fd4a8ac5f5edd070bfbb2dd8be009ea38fdfd4b29630cd457ff8879840523fca14

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index~RFe58a1e8.TMP

                                                                                    Filesize

                                                                                    48B

                                                                                    MD5

                                                                                    dbc7336c2cb7e3f2c98481b7aa7cd809

                                                                                    SHA1

                                                                                    cb420d79984f82328a159770ec6595ab0a3b9e83

                                                                                    SHA256

                                                                                    4ef6698c5ba82ef9a5f3293ae1d245f4da79aab2591dfef58e8f9a0102fddd5f

                                                                                    SHA512

                                                                                    433820992200e724aadfa17b5f175f5650c24a743aa04b59248d9d3e7f31d9026817fdd900929cd4c5605ce42d0e04825662a0a38afbca1f829f0816f8ba82c8

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnWebGPUCache\data_1

                                                                                    Filesize

                                                                                    264KB

                                                                                    MD5

                                                                                    d0d388f3865d0523e451d6ba0be34cc4

                                                                                    SHA1

                                                                                    8571c6a52aacc2747c048e3419e5657b74612995

                                                                                    SHA256

                                                                                    902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                                                    SHA512

                                                                                    376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    cf89d16bb9107c631daabf0c0ee58efb

                                                                                    SHA1

                                                                                    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                    SHA256

                                                                                    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                    SHA512

                                                                                    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    0962291d6d367570bee5454721c17e11

                                                                                    SHA1

                                                                                    59d10a893ef321a706a9255176761366115bedcb

                                                                                    SHA256

                                                                                    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                    SHA512

                                                                                    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    41876349cb12d6db992f1309f22df3f0

                                                                                    SHA1

                                                                                    5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                    SHA256

                                                                                    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                    SHA512

                                                                                    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    5bbe09d664b12a1b63f37c7c4ed49eb6

                                                                                    SHA1

                                                                                    70490662e3d2561f9ea287f01be293791c8371e8

                                                                                    SHA256

                                                                                    94d513349c3c72516d9ca9a0dfd1697f5806006d9da9c5d4b37b2c96ea3d9dd7

                                                                                    SHA512

                                                                                    d323f8c4b0cfb7f346f03da9c150d567efdcfc2bac84d6e8b9011123e8d30fc33a97647e0ed561f212b97203dec2030cbfd08fc806b55b6221656bee43767190

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

                                                                                    Filesize

                                                                                    23KB

                                                                                    MD5

                                                                                    4eb45ad7fe3ef3cb405ae5890c50bdf7

                                                                                    SHA1

                                                                                    53bc0cc9879da89cd22347975aae56219a299768

                                                                                    SHA256

                                                                                    623d2aa22d55fd6876b59f2d725a63b08f8efa24a96219d5a94eff2ff888da1f

                                                                                    SHA512

                                                                                    60beea3773c6377788b98857cd13b523bb41f4debc5cb8fc45ac43fed97c05835420e2832fe4e551b738058e6cfdbe9012ba141e4bb1b4bb55eff60133ffe0d5

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    ad499de477d8ce988b8ff4324ee5c163

                                                                                    SHA1

                                                                                    4ac71798e8a5d85d93991b1e84042d274c8ff51b

                                                                                    SHA256

                                                                                    91e80d5d1a3edda3ceac830efb634ecb6591822f195e34a0ed2db9e6cd40fc06

                                                                                    SHA512

                                                                                    81a823db0d8ac46593b3ca0bda0e7b8dd9c3951da4470db4c551d661f6082ed83d2eaec8cfaf903f0f01adf6c714a4c0c495685ea67c48bfbd70668aaffeb6c8

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

                                                                                    Filesize

                                                                                    4KB

                                                                                    MD5

                                                                                    0cca8f12e2689d7e7847a1366d133363

                                                                                    SHA1

                                                                                    49eff8f40948e84aa674102faa1cf68f883787dd

                                                                                    SHA256

                                                                                    ba83fcf138545401e5df5bcd178aac88f0d220e5451cd5985834b70f07a11996

                                                                                    SHA512

                                                                                    b41649dba10e88d6eda8acedaf35be007909327f37d1099d9e8e3f63b2e076954077466d57a70dd3d93779bc00e4d8f9fa6e2e958f37db41c59be14db4a4099b

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

                                                                                    Filesize

                                                                                    27KB

                                                                                    MD5

                                                                                    8ff6bc945d8df4880a917da8a2be17eb

                                                                                    SHA1

                                                                                    48271fb156c72a6a21f44eb20115320f23de4b9a

                                                                                    SHA256

                                                                                    d7e022ff79cb3ef890240e2113939e2f0a7ef4a2133bdc61b0a007e39266d663

                                                                                    SHA512

                                                                                    0ee2aa06c97bbbabf51da7e9a60ae27f924e1d04ffc5ff11b02b8cab38a7ed955cbc6e24243af2736148b5f64f22607026c57aa2e0e15bd13600dad45a076969

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe584fc1.TMP

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    e9cfe5dd32e3b9e71b0187959f8a676a

                                                                                    SHA1

                                                                                    7e92cc46a5e2eb00dc4765598bd12ae710c00505

                                                                                    SHA256

                                                                                    9c80ae45b3459cf6fe9b0206fb90b6dd80de78d8df9d43786edc7ec689ef0e9e

                                                                                    SHA512

                                                                                    28ac872b79463d3108eec514c83b8e764decb5eaa29c4e339eeaffcc2833c77c479f8617248cf317a2e985a94323cd4feba1d8d2a8e9f532721382acd13a6c8d

                                                                                  • C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

                                                                                    Filesize

                                                                                    1.8MB

                                                                                    MD5

                                                                                    5bfca15aa84b99438a129e0ecaca71c9

                                                                                    SHA1

                                                                                    85105b5989d512fcc2e3b221ecceb1e71b6585b3

                                                                                    SHA256

                                                                                    0036da167596292c2f220a56d91f927b6d8998018904fc0cf8dc6e4e4fcbc608

                                                                                    SHA512

                                                                                    55af92d4906f1c3f5e2156f4c7090996859514ea44d2adf37b2dcec8d12e03bfef3d366eb6fed55e96079f86c3e92f4a033d6a68aa810460113abbe9affd6231

                                                                                  • C:\Users\Admin\AppData\Local\Temp\1000036001\150697483f.exe

                                                                                    Filesize

                                                                                    896KB

                                                                                    MD5

                                                                                    38f98be80e6670f46efc8544d762cfd4

                                                                                    SHA1

                                                                                    fcad2e65d0977f0ab297049d5c9c32450b230d2a

                                                                                    SHA256

                                                                                    fb5cdb8d0f5558d5544c7722e616fbb498b501484f6ad0d1e2a2fe8118574996

                                                                                    SHA512

                                                                                    60a0c8f5516b41faa57ec4010eaed39a255ad2c96e58d7ae1273d3ef44196ea50b4f64c52e8301a95e45139ccd52bd9b52d177121ad1c77289bed89ac49c04cf

                                                                                  • C:\Users\Admin\AppData\Roaming\1000026000\58b49406f3.exe

                                                                                    Filesize

                                                                                    389KB

                                                                                    MD5

                                                                                    f47cc7dc355ae01926f6065316c3bd68

                                                                                    SHA1

                                                                                    6b575930185f216e4fa5116fdcc8906eb9f53af9

                                                                                    SHA256

                                                                                    25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794

                                                                                    SHA512

                                                                                    cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e

                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    a3323e9c395b2b30222879502b684f6d

                                                                                    SHA1

                                                                                    2054698347664ac0fc8f5484cd13cb62bae2d338

                                                                                    SHA256

                                                                                    1a2ef92b6aecce133671c032f5ddf7523dcbac5aceafe0e98851653000573df4

                                                                                    SHA512

                                                                                    e9292dd0dd521cdd2c1236f0f770c50e6ea57950994ef393a55f500610f59a8227f955f26612282881b18eb4d5263b30cb189b05a9c6dab783fafac9e7c32bb2

                                                                                  • \??\pipe\crashpad_2456_DIHEOOUVHFFTZDEP

                                                                                    MD5

                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                    SHA1

                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                    SHA256

                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                    SHA512

                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                  • memory/640-18-0x0000000000620000-0x0000000000AD6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/640-0-0x0000000000620000-0x0000000000AD6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/640-1-0x0000000077AA4000-0x0000000077AA6000-memory.dmp

                                                                                    Filesize

                                                                                    8KB

                                                                                  • memory/640-4-0x0000000000620000-0x0000000000AD6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/640-3-0x0000000000620000-0x0000000000AD6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/640-2-0x0000000000621000-0x000000000064F000-memory.dmp

                                                                                    Filesize

                                                                                    184KB

                                                                                  • memory/1084-352-0x0000000000400000-0x000000000247A000-memory.dmp

                                                                                    Filesize

                                                                                    32.5MB

                                                                                  • memory/1528-622-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/3776-476-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/3776-477-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/3840-581-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/4996-56-0x0000000000400000-0x000000000247A000-memory.dmp

                                                                                    Filesize

                                                                                    32.5MB

                                                                                  • memory/5076-23-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-380-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-17-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-505-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-20-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-520-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-539-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-540-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-21-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-551-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-22-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-19-0x0000000000731000-0x000000000075F000-memory.dmp

                                                                                    Filesize

                                                                                    184KB

                                                                                  • memory/5076-579-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-347-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-582-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-593-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-594-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-595-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-600-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-348-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-619-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB

                                                                                  • memory/5076-318-0x0000000000730000-0x0000000000BE6000-memory.dmp

                                                                                    Filesize

                                                                                    4.7MB