Analysis Overview
SHA256
5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4
Threat Level: Known bad
The file 5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4 was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Identifies Wine through registry keys
Checks BIOS information in registry
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-12 02:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-12 02:02
Reported
2024-09-12 02:05
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\e4fdda1da6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cfb191a9ca.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\cfb191a9ca.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e4fdda1da6.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000040001\\e4fdda1da6.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000040001\e4fdda1da6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\e4fdda1da6.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe
"C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe
"C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\cfb191a9ca.exe"
C:\Users\Admin\AppData\Local\Temp\1000040001\e4fdda1da6.exe
"C:\Users\Admin\AppData\Local\Temp\1000040001\e4fdda1da6.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d49f46f8,0x7ff8d49f4708,0x7ff8d49f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7760 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,984809320128701577,16442063317330763245,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8216 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
Files
memory/1704-0-0x0000000000300000-0x00000000007C9000-memory.dmp
memory/1704-1-0x0000000077524000-0x0000000077526000-memory.dmp
memory/1704-2-0x0000000000301000-0x000000000032F000-memory.dmp
memory/1704-3-0x0000000000300000-0x00000000007C9000-memory.dmp
memory/1704-4-0x0000000000300000-0x00000000007C9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 5aa843af1eb61da84c361651443815c5 |
| SHA1 | df0e8611d4c9632c1ef438ffe4e33b9bcfd5279a |
| SHA256 | 5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4 |
| SHA512 | dba5ca6332fbb5b4aa25ff725f3e5d8973c17b41699d2facc9b4650d0f9e31522867f44a6a52cd01d9262d318299a5942b4b93ce7a21a797629dcbb20d7a7230 |
memory/2396-16-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/1704-18-0x0000000000300000-0x00000000007C9000-memory.dmp
memory/2396-19-0x0000000000BB1000-0x0000000000BDF000-memory.dmp
memory/2396-20-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-21-0x0000000000BB0000-0x0000000001079000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\3fbee2a1ed.exe
| MD5 | 582c09e30698672fd833e6e6c0dc506e |
| SHA1 | 37dafeb7ea62e155ff3f2d47f84011b24ef8ba2b |
| SHA256 | 99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af |
| SHA512 | 495525e62560e397c0bef9c7f17358c08547c34930e772c8e59476ec50b7196eac28a0cbba83d0d90ebcc4282e210e0d140292cf4bfd52262cba45e2a9d6a1c9 |
memory/1884-37-0x0000000000FA0000-0x0000000001606000-memory.dmp
memory/2396-38-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-49-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/1884-48-0x0000000000FA0000-0x0000000001606000-memory.dmp
memory/1884-47-0x0000000000FA1000-0x0000000000FB5000-memory.dmp
memory/2396-53-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/1884-57-0x0000000000FA0000-0x0000000001606000-memory.dmp
memory/2200-61-0x0000000000DD0000-0x0000000001436000-memory.dmp
memory/2396-60-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2200-62-0x0000000000DD0000-0x0000000001436000-memory.dmp
memory/2396-63-0x0000000000BB0000-0x0000000001079000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000040001\e4fdda1da6.exe
| MD5 | 6ca9ba147fcf085d7f828da983fd946f |
| SHA1 | e7fedc40f0cbbe1ba28d52b4c25d2840a0004002 |
| SHA256 | df465e0e7a01e93a8ed0f4a96fcba84506e0789f329fac2419d17f65bd1749c8 |
| SHA512 | 626c5f47f2da8bfcd805d0fb510beb1800359596b304a90afdbc2f7d381c2df42751f3659b12c30d4e430c6e46ee1ef9be2c2d1a6779dac13399d7511b2121f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | bc790a8a50e69a0895f0b54b5b65c0ae |
| SHA1 | f35c44034a031b2f6c5a4c72264e56f470e2e6ba |
| SHA256 | 298281f35c7fb4fc048e4bf423b8332012b36e6dce4ba9bff0adf3adcaf56f10 |
| SHA512 | 4449ef4a11db4ec35563d0248cb47d8cdb45a723b23426a3a66840dbe120daa0ed593f8f0ecfce17d4767c8f97b9c57f3890f0484545724d6004dd7c90ec259d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | bbfba22696dbf1a159dabc82d0c7f546 |
| SHA1 | 4c07f8e816cec96e5dcad37e9e84b34a9f692359 |
| SHA256 | a0d4e9cb29a01b85d122a13d0d20c0e33062dd2fd390463ad1bdb6fb385ee281 |
| SHA512 | 67aa5af271177c1c08e677ced48dc9db6641ea11c9521f18407e92d19905fac96f78b8524140a51790e464eb6feb9b0de594d1cbaef258155f75f8dd42ae0ee8 |
\??\pipe\LOCAL\crashpad_4852_VTRHUYDPLCDHGVZU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 624acf77e4088a16dfad9a160a2c4e67 |
| SHA1 | ba429441e6fe8fe2e2bb4452064ddb8012efe039 |
| SHA256 | 113953e247fb555768fdb1c895210a64f76d838e02bff52faf34922d5dbd9dff |
| SHA512 | c5a34154222b5824a9150882f48e53cacc01376907c8483783ba1727b5d76e692baa572173cb22b545ac059488a5f31cb6bec15b5310f25b17c5f838765880b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 99a6e39315a7f31b1dd4a9edd6c2c8c8 |
| SHA1 | 1a2d6ff59207f618f71cf9b9a81add46a7d564e3 |
| SHA256 | b30569decc97671cf9d5ef92cbd24b3c64324719db845b564ddc12ac41a1fd6e |
| SHA512 | 856859326e52360dc20a63fc872369cfedb5ca1a2f7d0dcf349e9c5893927305cd517d04f3da71ba60a3c4f7b8c5029c2a03106fa21b6162e16a9afefea1893b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57f378.TMP
| MD5 | afa28c5ef2b202bc7ac61bbb146cb4cc |
| SHA1 | cb3b13556d3cb7ce0cf7098b6655734e4329b410 |
| SHA256 | b78dd35e372f1f4047feef241ecf70258c04bcc82547f5bacddc92b8b722402f |
| SHA512 | 593ffbec1363bbb0137ce30f734def922b7dd9993ca305be6861cc0ced7416f8d6be0aedadd8f22a34083864f0618c877b6c588ceb7cc47b4ba6e41f5c606143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | de2c7039687cbb2e4884ed0545fb3bbb |
| SHA1 | f87dbbe1f793f2f2ee8a281bac91f2ac4e119f37 |
| SHA256 | 13cd65a5bd9a6aac04320be87950018dbf1fc3f6b97c6bef7c296655cc42ae34 |
| SHA512 | b438d16fc1aeeffcceb26c64837afa978a3ef50b2ef13531908fc36021efee44b094566a80bfddd4faacb7e865fbb1085647b3fda700891bab0cb491c53988db |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZF5LFPKB98IBIEI0EROX.temp
| MD5 | ce0c5bb9d4dabfa3d46f25de4fac2192 |
| SHA1 | fb6dcc04cfa61dd4fad7aa356d1c6193f0e6a0ef |
| SHA256 | 1b1ce66444ae7dd55fe68d3935ecdbff11d53b3ccbbf2437b1af994b78703ff6 |
| SHA512 | ec692cc53a13792cf76ec268c044d9ac796f42cb3046695809378e7add8d8cddda72e5ac6335fc7be63a6ecbd1c96a2373d6ae4e4e35216f2dd5f0a659b69e00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/2396-268-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/4048-276-0x0000000000BB0000-0x0000000001079000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 4736d52594854da51a2e12c1aaca67fb |
| SHA1 | e4d4c624d97f920da9b1024cfa5bf3e453f23c39 |
| SHA256 | 6f3dc2397f0030e1c7315903a6eaeb2a7cf346c96add7ae4c55f85da15e98dcd |
| SHA512 | 7375b06e5102bcf42eb329c657d82a47d6111f76c16dcd300991ab2cef9c5bfadb6f4bc8cc745471fdf94c845a881753ad2da43d06897d9e630d9fc0c9f516c2 |
memory/4048-287-0x0000000000BB0000-0x0000000001079000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 82a369d8b534f95e62ec1657db154d45 |
| SHA1 | 9a32dff0c03ef1310ce4862f2cae844875324dd2 |
| SHA256 | e9bc1dbc2d57400f3a648fb48e5ebc6f9b8a2ea3d09b40f7688feaad3a08807c |
| SHA512 | f6d6952c03461428b8cbf26dc1d6daa46e35a323728b03a54fc6de7a830161ddc5c52985f0057b565e896b47b9be92ac581b87748dd84d02fbca9ed2fe6433a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe581cf9.TMP
| MD5 | d4db4aff7cd60188b0a1af3b74729cd9 |
| SHA1 | f7b01d6ce7d54d1637ee1b5532ecec4c9a9666ad |
| SHA256 | 815f7af7e11ac5d44ca92e9449235bf1ccd2f9158a79e04cc2052e6bc20c5f99 |
| SHA512 | f434afe65db71a67faeda67056ebb61aa3b4602b79d0a9e725e5a6dfdebd35c823d76e2bccf6f1dcafe105a6a13e0933e8f8bbe214de2e3bcf50f74a83beb644 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/2396-349-0x0000000000BB0000-0x0000000001079000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\be091548-b6a9-4d2e-ab24-e918f02d4553.tmp
| MD5 | de2a53dd93167f0ca6399d3e7161a9e2 |
| SHA1 | 6b9356187bce83475db7aebbfafa19e2d2af9206 |
| SHA256 | 7318e9cb7a8811b5f509f0e770bae79b8f6ec8bb779d7cbe15e387107a9b784b |
| SHA512 | 18f8866b7884e92d31504007a3f8fffabe426b1567f29fadd02d070ca15de6a51cb66639856fe810509c5d9c566d58676480d2c32b5a8091c37d9a0b1ccd27d9 |
memory/2396-368-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-369-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-370-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-380-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-390-0x0000000000BB0000-0x0000000001079000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | f3cad2f5d2aa1fd7b0c127d6d12b1d1b |
| SHA1 | 71de149ae5fae077f9c90d755ec97810e604c616 |
| SHA256 | a0ca6fa5f024bd73ecfa63e780ea958ba7766f35178f708daa2e0750d210b570 |
| SHA512 | aa10b3240d71ab1abf1330dafb850a02f689677dd4f4f84ee927c489d89efd2cb2126e7fe54dbef748c68e96977c6b96c76666282d24094788a56586faa216ee |
memory/4988-410-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/4988-411-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-412-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-413-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-414-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-415-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-416-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/2396-419-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/5364-423-0x0000000000BB0000-0x0000000001079000-memory.dmp
memory/5364-425-0x0000000000BB0000-0x0000000001079000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-12 02:02
Reported
2024-09-12 02:05
Platform
win11-20240802-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\686a8b9652.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Windows\CurrentVersion\Run\5f748e2a71.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\5f748e2a71.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Windows\CurrentVersion\Run\686a8b9652.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000040001\\686a8b9652.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000040001\686a8b9652.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\686a8b9652.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe
"C:\Users\Admin\AppData\Local\Temp\5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe
"C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\5f748e2a71.exe"
C:\Users\Admin\AppData\Local\Temp\1000040001\686a8b9652.exe
"C:\Users\Admin\AppData\Local\Temp\1000040001\686a8b9652.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaad23cb8,0x7fffaad23cc8,0x7fffaad23cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7520 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14843815434905700991,13140773375031066474,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6112 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
Files
memory/3904-0-0x0000000000140000-0x0000000000609000-memory.dmp
memory/3904-1-0x0000000077436000-0x0000000077438000-memory.dmp
memory/3904-2-0x0000000000141000-0x000000000016F000-memory.dmp
memory/3904-3-0x0000000000140000-0x0000000000609000-memory.dmp
memory/3904-4-0x0000000000140000-0x0000000000609000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 5aa843af1eb61da84c361651443815c5 |
| SHA1 | df0e8611d4c9632c1ef438ffe4e33b9bcfd5279a |
| SHA256 | 5fb0e65c758a99ac6c4acd3833a2b7c457dd1d2307d246dfcf97bbc225e526b4 |
| SHA512 | dba5ca6332fbb5b4aa25ff725f3e5d8973c17b41699d2facc9b4650d0f9e31522867f44a6a52cd01d9262d318299a5942b4b93ce7a21a797629dcbb20d7a7230 |
memory/3904-15-0x0000000000140000-0x0000000000609000-memory.dmp
memory/1640-17-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-18-0x00000000007B1000-0x00000000007DF000-memory.dmp
memory/1640-19-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-20-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\c240b87b5f.exe
| MD5 | 582c09e30698672fd833e6e6c0dc506e |
| SHA1 | 37dafeb7ea62e155ff3f2d47f84011b24ef8ba2b |
| SHA256 | 99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af |
| SHA512 | 495525e62560e397c0bef9c7f17358c08547c34930e772c8e59476ec50b7196eac28a0cbba83d0d90ebcc4282e210e0d140292cf4bfd52262cba45e2a9d6a1c9 |
memory/3408-36-0x0000000000B70000-0x00000000011D6000-memory.dmp
memory/3408-45-0x0000000000B71000-0x0000000000B85000-memory.dmp
memory/3408-46-0x0000000000B70000-0x00000000011D6000-memory.dmp
memory/1640-47-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-55-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/2352-56-0x0000000000AC0000-0x0000000001126000-memory.dmp
memory/3408-58-0x0000000000B70000-0x00000000011D6000-memory.dmp
memory/2352-60-0x0000000000AC0000-0x0000000001126000-memory.dmp
memory/1640-61-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000040001\686a8b9652.exe
| MD5 | 6ca9ba147fcf085d7f828da983fd946f |
| SHA1 | e7fedc40f0cbbe1ba28d52b4c25d2840a0004002 |
| SHA256 | df465e0e7a01e93a8ed0f4a96fcba84506e0789f329fac2419d17f65bd1749c8 |
| SHA512 | 626c5f47f2da8bfcd805d0fb510beb1800359596b304a90afdbc2f7d381c2df42751f3659b12c30d4e430c6e46ee1ef9be2c2d1a6779dac13399d7511b2121f0 |
memory/1640-80-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | bc669df12a1d7889b96811e011873f12 |
| SHA1 | ec217636c1ebb1962df4859ba6e8ebedce5c0cb9 |
| SHA256 | 2010f3b2d935410e7f2a9f48831d9b5c7d99600cb78402acf5b98e0385450dbe |
| SHA512 | 8f32a00608070905188276991b93f856bf279e6c2c90782a684cca39eec96fb38ad50ee6c681d6003ec54af21ac09302a42bbff1bb913999ce918aa1dfd2e723 |
\??\pipe\LOCAL\crashpad_1332_OCEIFUHXKSNXFAVF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 08dc642a83ba33fd9d0f2b0b9f65ee12 |
| SHA1 | fdb37c2f85d165967dd326771d2fe2bdf2974ddc |
| SHA256 | d763194a6e68d275be117efddfa4669c563d812db01e3f9b0c080f14549cc795 |
| SHA512 | a98821298dcb0d1734e3c3e8047ac82473cfa98c797217e181f586340b865cce24f70cea4958d44f395cffdbc71b045c0c4598aaab673f71cee632df2f8476eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 692d07787605d34e66ab6f10e9c29044 |
| SHA1 | 1ab647121086379ad9ae65dca2333840fc86fed9 |
| SHA256 | 32e54af92c5e628e219ca5d87acf9b290de6d1062300d7c04b8c0e4d9d97e7dd |
| SHA512 | c8ac1487bb89aa501593f14f8d5e0330a3bb4639d14be946eb2f42bb12651022ff945b5be0943c41d58eb004121d4982e4741e2f0c04440204ba388aa297511c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57af0c.TMP
| MD5 | 97d09132b598f27ae69bf51c31ae4e88 |
| SHA1 | 2838d4f99eb87fe07d88ed5d9feb32e4281db071 |
| SHA256 | ea8fe82f8fcf2a334a257fc4e5481c5251ced3a47a10dda7132e9e5ffa270d87 |
| SHA512 | dba4438d4f08813b2378d9dea274be1cad0815e1c18b86c9de43c34649885d557071aff66324267eb7aaf99d64c7ccf1f51c12f69bbecb24d9b88863da4da636 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | cc36f1795c2836321fdee395c2e6583c |
| SHA1 | 0a086967009cfd89beae35e5990a511b219d31bc |
| SHA256 | 383e0ee29fecd93bce4730beb2678b85d101095448c3552c4bc5203d30eaa988 |
| SHA512 | ccd5a9075aad0566836a5a245415dfe94af8cbd634c0c31e8959c0a7a08320ede0ac9d1109bf45e24a61b18530bb8697ec06ff214db7d638d3b24d1ae52791da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/1640-221-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 0751b1333388f9d5e119421bb0af8673 |
| SHA1 | ff81614e4e01f9971377638924e0767fad6157eb |
| SHA256 | 25c0c0743eda0c3dab9029a76a7a68b7dbd640c39eb6544469ed61833dab462e |
| SHA512 | 231bbcbc17b878c3d60430f074be903ecfdf9c72879ad1e9dbf23701befcc8f87ced38cc7a449c58a59740f3681428ddc94381df56e9233605351b0b1b3a8c89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | d9d0884002ecc31ca9404d687aa92dff |
| SHA1 | e95efa5e23b74fad6c2251cf768620c09293b333 |
| SHA256 | d7ba37d3cb8e842206c68d90fbff7fd46390f2e118248de841c026dbe82d91eb |
| SHA512 | 904e9d63accd63ba1a6bb9039756af984e60f76c47f24bad8fbee56142e307e0ca513f8a283ae4ef5ca958617b69bec91241cf7fd2c57e3cf02c54d8bf7c98d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57d6e7.TMP
| MD5 | 4ca8442aa88890b529d8e86132536456 |
| SHA1 | e4c9a83fdc6ce93e2abd8a7a10770d90923ff335 |
| SHA256 | 4d0249efb63f404bd942367073db899d8d336785c9981e91297ac386045782f1 |
| SHA512 | 54664e37b47d68dd524b9ccc464bb2105bc81d12908b41efdd8b5b7e98baa1126bca3441b1dbaab5de4fd441d40063a31df809e84b6a0cb89f2864807a33f31f |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | 9dcc96247cc44d4a37424fe9125c3659 |
| SHA1 | 5e542a5a03ed987a9df991e27c0f13e9d871957f |
| SHA256 | 058452b9cabc6ea5b9ce8d03500448c5acf08ce9cc24db6af576bc38d7cefaf5 |
| SHA512 | 5601f8081009dcf110a3f0c4778ea76b2a2129de417e44d0907247f42e1b1156ccda34f5a37b89ae64d7ed595bbe60528625f6a4ebff153189636589fb7ca18c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/1640-289-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/4468-323-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/4468-324-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State
| MD5 | ea11054ca6613eefeb248e9523da22cd |
| SHA1 | 2b58d94153f45146b0cb8813cfb62d13795d8c30 |
| SHA256 | cde8001f1ac0c4712fc366f04075f4ada40c0a310f1c44dba418c995f24c8608 |
| SHA512 | 1ea906cd9bcf30379b4d71df16d38ef69b144009b07e4b8d35f5df584af579bcfa21e1734913705315e7797ce6a26f159d1336d6f7f734fbe8a165c468df7e47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe580078.TMP
| MD5 | ff470f8ce16e610be98611180f0817f7 |
| SHA1 | 513f3e59cf3c88c2da97ca39ecf4a93a690c2acf |
| SHA256 | 32e7cf80c08dded8d26d81f335e766cca462f728a8b26a595d31612ca785fb32 |
| SHA512 | dc4e3026f4f787aa119efaa1bc7c0502d017f070ea07da3ae19010aacd96117c7b6aff3be4f56d0cfef81b36d8822b9bc3b6234899c51534b56cfb7ecabb0735 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a0b8e7d3465fd2e75b112333b73d7475 |
| SHA1 | a4d5d4796aadd029e2f481d758eaa0a562493c23 |
| SHA256 | a45c6f33c7ae4446c706fde706848d76df3996c2f0be901b3cd398642ccd2ebe |
| SHA512 | a5516c175411f9e00d4bbd08fb91de24bdca4266e3494a1681fda2c17e51b45516cf06d24670f34fb9707fdd4afcb07c2b254f82e7eb0e59e3a6ba44e81f174d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef3286be950b0b51071be5db4c8918bb |
| SHA1 | 48a835f3bd11a3d9328aa4d53b54df6d3468258f |
| SHA256 | edc8fac4dc725dbefffa67dba5d5e1edb573c40e45ac13b69b1beb3b684c4710 |
| SHA512 | 511a02a91f2e8c18a70c9f68c0328c9f3ea668110e380dddf3c49f84940fefcc50c95b9a578b63eac5044c793c35198ef93cf46ab4a7bc3a47e53a15a27fafc1 |
memory/1640-352-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-362-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-363-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-373-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-385-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | d516ac86cbfffa266d2fa36e3f2253c6 |
| SHA1 | 241c70620da1fd7e582e226e760c26413707d586 |
| SHA256 | a45477acbfdc5bcfd7e612387d5c441e9a59b7659bfd455c0e7110e7c6c4558a |
| SHA512 | 5168e89b502999a526743d84878a6584f26df0f20ca1602935d8349315673d82c9fd6687b98b5cd943c24509050af3dad85fccfcd07880def02130143b2597b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | f390a209dd74f9f9c9fbe920de47e6fb |
| SHA1 | 20646ed21347f2ffbc9aa714f369e8f6679ed855 |
| SHA256 | 7694650a585d0d6c8a4707ac9e3b6a288ad002bbb0490faa370ece99d3f06698 |
| SHA512 | 23e07928da3c659d7a90f3044e24d2524064c8ba7c992ff0c5974c3f060b02cb5cb8ebb7f8d38e407289f0278b309dc2727e58a12f1f761d4702880a4ff91a1a |
memory/1640-413-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/4868-415-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/4868-416-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-417-0x00000000007B0000-0x0000000000C79000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe590584.TMP
| MD5 | 36d5ba9fe1daaea1e74dd75fcc4e2643 |
| SHA1 | f26e3f8a8bf4a6c14a7ced95d55c461f335e2a99 |
| SHA256 | 1fef95610bc8c184d1146b814fc78a61a1f59dae85e24cdaebb7276f1fae88a4 |
| SHA512 | cc0f1d0b7c36ab7654095d12324f13193e0e012691363b94c5838e54f948bc96b1deaefde46abccdc1708f2675b24351cada0b5d6af0cc20a2a9876cc254317f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | c3ec86a17837c88e3691f1e35b6b6a87 |
| SHA1 | 84fa728d833e751559646084fafa2087bce23fbc |
| SHA256 | de2a4865fe7d6961e3c7e6add448902e051b7f47bac6cc8318af85babaceb9fb |
| SHA512 | f6bea4c261aff0d3c4d8302a144f0552999c0816efb4ce7e2a48bae60d00c08db8f42312d9fc19f421fed78314661ef4b0a41b423569b37f90f21ac07bb2e78e |
memory/1640-427-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-428-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-429-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-432-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/1640-433-0x00000000007B0000-0x0000000000C79000-memory.dmp
memory/4720-437-0x00000000007B0000-0x0000000000C79000-memory.dmp