Analysis Overview
SHA256
d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16
Threat Level: Known bad
The file d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16 was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks BIOS information in registry
Checks computer location settings
Identifies Wine through registry keys
Executes dropped EXE
Adds Run key to start application
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-12 07:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-12 07:33
Reported
2024-09-12 07:36
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\4fe99256dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4fe99256dc.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\4fe99256dc.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4fe99256dc.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000040001\\4fe99256dc.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000040001\4fe99256dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\4fe99256dc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe
"C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe
"C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\4fe99256dc.exe"
C:\Users\Admin\AppData\Local\Temp\1000040001\4fe99256dc.exe
"C:\Users\Admin\AppData\Local\Temp\1000040001\4fe99256dc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a6246f8,0x7fff5a624708,0x7fff5a624718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7968 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3790658456262840560,5966659427396839859,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/1268-0-0x00000000005B0000-0x0000000000A67000-memory.dmp
memory/1268-1-0x00000000773E4000-0x00000000773E6000-memory.dmp
memory/1268-2-0x00000000005B1000-0x00000000005DF000-memory.dmp
memory/1268-3-0x00000000005B0000-0x0000000000A67000-memory.dmp
memory/1268-4-0x00000000005B0000-0x0000000000A67000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 3bdc7e756889b37a74b5004d7c07be4f |
| SHA1 | 521d481d6e8f8bbb9b9e73270fb574e32651cb53 |
| SHA256 | d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16 |
| SHA512 | 5c17e749b2c4aad764d143fc1e489eb7e5241a6d01c7a5d0e35b8ea815b62f9a95dcdc35638b782888922af2011963f199a9a9dd66d890317957829f56dd8c5d |
memory/1268-17-0x00000000005B0000-0x0000000000A67000-memory.dmp
memory/1688-18-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-20-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-19-0x0000000000881000-0x00000000008AF000-memory.dmp
memory/1688-21-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-22-0x0000000000880000-0x0000000000D37000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\0bc302b8e5.exe
| MD5 | 57c6e06abd1cc20c23a17b53710c0443 |
| SHA1 | 758a300c82d765a895f14552977e491884eaf7dc |
| SHA256 | bf2775113aa41adedc67907cfbeb8bc1372cc00b39b65841dff1ab604f3f9c99 |
| SHA512 | 17c898f97990267afba851ccf4125b74f4a965469d1c73d26b501474acafee64e41f1863a438115ec705f3927b298c30050cef4571900f89a01e736f0eda1e23 |
memory/4340-37-0x0000000000DE0000-0x000000000146C000-memory.dmp
memory/216-53-0x0000000000C40000-0x00000000012CC000-memory.dmp
memory/4340-55-0x0000000000DE0000-0x000000000146C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000040001\4fe99256dc.exe
| MD5 | 050d26eeffe6efea8fede3819008d0ec |
| SHA1 | ff47f67781789840950a438ca17e9ff5ab90c2f1 |
| SHA256 | 6010ea1717d7d8686b599dc76f56ba73200d7a468fdf8ac15f62c93d7474ca6d |
| SHA512 | da160342c781f44a0c632b62c795b5ddb917c1a213bc36bd481d84ef1ac72300b92724ff802b1fad1525728238ef692a049289c913ca3c1fc04450ffcc67e259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 17341290dfe4a40ef78fecc5c610cae6 |
| SHA1 | 755fbf929a7651e8231076a3af9a6dd2a70dc6d0 |
| SHA256 | f25f43865a361e08a7320c8a77807300527e529fe69e0deab63b1198af4f6cd6 |
| SHA512 | b32daadc9e98c79d2a93ceff89900dc08f3e278221b9cbb220a6b8703822676743efb58a167eabda6a31b5f902cf1d5b0b0ce08ceeab4839ea82060fe409610c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | d78f8a49ef14fbb3cac1efde1fe12614 |
| SHA1 | 9090d541381d37d1b5a108551e2784f3143ad03f |
| SHA256 | 1d2c5bb2de34fff82468088d09d0ab9f9991dd1fcb2903a0fab24466c5d05dd9 |
| SHA512 | d6141d8dd97a7979f0f30508ab6c78ba22fd015bc0a3cdc205d71157835316bf5460b9525f6f18f71974e3e7d18b48114d74679e3c91e07a3d304b5558d50667 |
\??\pipe\LOCAL\crashpad_4736_DVRSFSNDZNWCEVNY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 11eeb7090e22709c9e54e2f954b7b174 |
| SHA1 | bce0dd8550f7d7c5ad2c28b1fc57582c3bbdbd0a |
| SHA256 | 15da74d6f8e6430589ca255c5e0ea6655cf652b7761b532e70466444e6b71538 |
| SHA512 | 0141b678731e99b57a204d0090b04dbed1a24597793130980b59015faf717b46d72b81f8e12aef5a6ea3a8830d93f5737c04ab1959c67ed7001e882323a56e0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\6d584bd5-87a0-4830-9590-2e7957ed3513.tmp
| MD5 | 3c2fa33c8cf95dfe4a3259c4b10e9ff2 |
| SHA1 | 62bf301e68cf8e3c16f9d6f05607d89c19e7f404 |
| SHA256 | cadc824fc64e5d38866529a8d652b7bba105eb52c7f9ea40cba7ab8cda4f7cd5 |
| SHA512 | 3783612ebdf0927c896b3bf0c28e17dac5a71a7f203be3f79bde34ebe775f0c4eb01152354ad7d5aa02be19e44e422cc456cf900866bb14efb34ac7e9d4da9de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 81a39624ecabdc0ec2e44dce41344896 |
| SHA1 | 26d8e1054956de635b70934081a57eadcfd718e0 |
| SHA256 | fa135430f00e154b33dbadc701d8da02559f93f7435b5e56859d1e3c0c57afdd |
| SHA512 | f3c46a71522eec01a073307e0ab6141180de27271457f1b125635d33566d5d8dd2d1d948c78920bc945fcd65a64c99c13085e830a099d08127d4145f8fb1621d |
memory/1688-226-0x0000000000880000-0x0000000000D37000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1VJ3T63GWRNRSDKHB0TP.temp
| MD5 | c0898c7f150926cf57507b178b5c3f73 |
| SHA1 | 9439597b82aafbc4b848a1b04691755e28456676 |
| SHA256 | b783af64bda6acc14223779030b3858b8cbb513606d99e2dc1e3a4ef29099304 |
| SHA512 | 470da7b5de8483a14e61995d7d6a60fe2c1639af812d10f61881878ad5682109ccc2969afe16b0f7316ffa999f9c99969bce9b7e76a1b64e8e0ddd7a01bf0a98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/1688-262-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-263-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-264-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/5860-266-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/216-267-0x0000000000C40000-0x00000000012CC000-memory.dmp
memory/5860-269-0x0000000000880000-0x0000000000D37000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 12f9c74a74000efaa89abceb3204e5c8 |
| SHA1 | 5eebbd667b512589c468a83de2818a900ec3f4fa |
| SHA256 | a65da8a41feff88cc7cea69df8ec2c69f624a7f385dad4d2d39787aedd6f2c66 |
| SHA512 | c5ed9a4bed1a1b0b1e1d60e52aaa0107caa2d4df9035dbb39132360cab40707b91fc34a58eb4fd9fca62fe53abc5d71aa46f94b42bf06a58d790e530be667913 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | f55ce7334221d62634dde33a4c2e310d |
| SHA1 | 4b116224312e4ee95532e538deffeebdc4a53b03 |
| SHA256 | 385f70aa8be2594ade49061d38fd8cd89a4182335443c01836be6b7bec84aef3 |
| SHA512 | 4ecac1948caf444640560058ea56a692ad8985daede89cf489195bd49d2136594d9955d47f0cb234db5a5649fdf1d39630c079b6ead692738e6fca7cb03b7efc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe580f0e.TMP
| MD5 | 1870005eaa110c327ff410122fa0b3c6 |
| SHA1 | ce37f285fc8a5fe3400ab0e934bb5c554a2f2c74 |
| SHA256 | 301c8c05a70926fc897b571b748e4ed17d9228ad5360833637f8d6a6038088ca |
| SHA512 | ac54fc7ddd6d429a71868787fe2ab1d214d9d11ac0677d8ba82c6e71358f5d51f8da3ef529018b264bb20f2175405f1e58e17c487e0aef002b6ea18076e7748f |
memory/1688-294-0x0000000000880000-0x0000000000D37000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/1688-347-0x0000000000880000-0x0000000000D37000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\aa82ea12-49e2-43be-a736-21306e8f18fe.tmp
| MD5 | c0a01cde7ed9c237988a2ea9851bfba2 |
| SHA1 | dd89aeb33e3922265b7530790bc7b3f2e1ffbf7a |
| SHA256 | deacdceecd65c52882ea93bcacc302bdf6f638ff2ca34ae83f8d06b6cbc05c4a |
| SHA512 | bbef50dbda599a17c5983284081f3ba20598247a2398ebd9cbdb35cf55e86d2a452b53a70176bff6b5942a1cf71955a101c27a0eac815ce80e8d2f2b8f07f838 |
memory/1688-366-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-367-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-377-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/5400-389-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-388-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/5400-391-0x0000000000880000-0x0000000000D37000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | b3f90ab54dd5e45188710bae13ba9f19 |
| SHA1 | b0b9d304913c91db614ecf8784cd90573f6ab601 |
| SHA256 | 760d5b29b3551ad4163d203f8fc08560a8ba053e9b9fb5650eba6b8a93eb876e |
| SHA512 | a213ce840fda95757deddd4f5ead42f111e21e2408f0bc61beeac8a590c723a75533179ddbe2fbd027e2c692334aa14d9d5de19812d71ee17baca1f177e0c836 |
memory/1688-410-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-411-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-412-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-413-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-414-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/5428-419-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-418-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/5428-420-0x0000000000880000-0x0000000000D37000-memory.dmp
memory/1688-423-0x0000000000880000-0x0000000000D37000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-12 07:33
Reported
2024-09-12 07:36
Platform
win11-20240802-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\ddca894545.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\956a49b81f.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\956a49b81f.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000\Software\Microsoft\Windows\CurrentVersion\Run\ddca894545.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000040001\\ddca894545.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000040001\ddca894545.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\ddca894545.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe
"C:\Users\Admin\AppData\Local\Temp\d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe
"C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\956a49b81f.exe"
C:\Users\Admin\AppData\Local\Temp\1000040001\ddca894545.exe
"C:\Users\Admin\AppData\Local\Temp\1000040001\ddca894545.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff975183cb8,0x7ff975183cc8,0x7ff975183cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7264 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,696133570849363787,14338800830392759487,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4144 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/2004-0-0x0000000000680000-0x0000000000B37000-memory.dmp
memory/2004-1-0x00000000771D6000-0x00000000771D8000-memory.dmp
memory/2004-2-0x0000000000681000-0x00000000006AF000-memory.dmp
memory/2004-3-0x0000000000680000-0x0000000000B37000-memory.dmp
memory/2004-5-0x0000000000680000-0x0000000000B37000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 3bdc7e756889b37a74b5004d7c07be4f |
| SHA1 | 521d481d6e8f8bbb9b9e73270fb574e32651cb53 |
| SHA256 | d3d9c29e91ab395b758f67c897c209b2f64ad2de6f8a2ef2b62965a995cbbf16 |
| SHA512 | 5c17e749b2c4aad764d143fc1e489eb7e5241a6d01c7a5d0e35b8ea815b62f9a95dcdc35638b782888922af2011963f199a9a9dd66d890317957829f56dd8c5d |
memory/4388-17-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/2004-16-0x0000000000680000-0x0000000000B37000-memory.dmp
memory/4388-19-0x0000000000CF1000-0x0000000000D1F000-memory.dmp
memory/4388-20-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-21-0x0000000000CF0000-0x00000000011A7000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\48b653eb59.exe
| MD5 | 57c6e06abd1cc20c23a17b53710c0443 |
| SHA1 | 758a300c82d765a895f14552977e491884eaf7dc |
| SHA256 | bf2775113aa41adedc67907cfbeb8bc1372cc00b39b65841dff1ab604f3f9c99 |
| SHA512 | 17c898f97990267afba851ccf4125b74f4a965469d1c73d26b501474acafee64e41f1863a438115ec705f3927b298c30050cef4571900f89a01e736f0eda1e23 |
memory/900-37-0x00000000000F0000-0x000000000077C000-memory.dmp
memory/900-46-0x00000000000F1000-0x0000000000105000-memory.dmp
memory/900-47-0x00000000000F0000-0x000000000077C000-memory.dmp
memory/4696-55-0x0000000000130000-0x00000000007BC000-memory.dmp
memory/900-56-0x00000000000F0000-0x000000000077C000-memory.dmp
memory/4388-57-0x0000000000CF0000-0x00000000011A7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000040001\ddca894545.exe
| MD5 | 050d26eeffe6efea8fede3819008d0ec |
| SHA1 | ff47f67781789840950a438ca17e9ff5ab90c2f1 |
| SHA256 | 6010ea1717d7d8686b599dc76f56ba73200d7a468fdf8ac15f62c93d7474ca6d |
| SHA512 | da160342c781f44a0c632b62c795b5ddb917c1a213bc36bd481d84ef1ac72300b92724ff802b1fad1525728238ef692a049289c913ca3c1fc04450ffcc67e259 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 744312889a05338d39a87ae98d19ab6a |
| SHA1 | 27af129b1283a4757b9ab0e7f87eca7a4478aca4 |
| SHA256 | 06a9993ea5c56a5bc7af55884f1a5ef26b35e8846477ab1fd65ff9d6dc0002f4 |
| SHA512 | 9986b545c6f18b8f6705d5ccb2fd348a859cc2169e39934621de5925cd25c0b8ed9e9056c4cca793cd4ac0562852ac548bd026c43e6f934a1bc99eac872882ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 96daf963da50a5251c6aab93d042cf29 |
| SHA1 | babf7ee7d9ee2c8cab520538d0e21b24a4a702a0 |
| SHA256 | b5c8a9b57f81be1ddfafc759850e5863feae7154b066a0fd2d042f9e4e16916d |
| SHA512 | 4d5a51cebc898f95f89a26cbd44365229b74f4e74635377d5cd4cbf75c05c17314dd7724a21f4b2e4890988366510839974e3f97abc5ceaee860cc510f440615 |
\??\pipe\LOCAL\crashpad_2112_LWMBMBBVRLLQFYNN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 4b6760e6b8431d4edd29ee59806c098c |
| SHA1 | a09977ad4e4f5fe5967a730e384177f924cc4292 |
| SHA256 | 15b415ff5a386d6d4d52fb5d3e80ab01d564aff219e0a668e3b480bb77f862b6 |
| SHA512 | 6080237c2c771e9cd0e83b493fff2d8e0138d90b733a7082e10b069fe7f3620705ff4a3b5b70c6a86b2b4a2b0fdacf8128c7edd3cf35c9bdd7fb6ab83504ebfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57c841.TMP
| MD5 | 16204473ea3c7089444412993afbe0cd |
| SHA1 | cc07e2899ca7e373881544535c7bf6dac210129d |
| SHA256 | 1f2f1cc6615ee3b31761362a2b036be2bc61065f597beb1cefc1fb3bd047b989 |
| SHA512 | 9d1b04abb2762e96253da1f0b122ea47f3c34c7b99982c7389a9ec10089c12ed8b707269b05525693414ebe3e74cb3ca3c2a867456ef178232de8401e53ca7fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | b56df735abf850c0c2b93693f2edca41 |
| SHA1 | 4112cca4305bf5d2be02de4ad06703fd03c841dc |
| SHA256 | f4cdc1faebfde1ca4b23b3a15b31a9185a3c1c11b51a29e123c395df0c89b26e |
| SHA512 | 14a491a3ab71d901cea632d49bf4b1aa8e0489d5ef14f8912b2299c9fdf6464b8076b597da3063e4489dcb867630da2e52b81ddf8ed5bf979f261539d309b91e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3
| MD5 | 2b02a61508b5857937745e7b5a87cb9c |
| SHA1 | 1dd21e40002ec6199751dee6fddd2fe0d79f31c2 |
| SHA256 | 25f6019b7563053b4796dda357d96d106a98aae48b732a9a4b7e598f9aa5e6a8 |
| SHA512 | c8beda8d2c35632700fd719fd656e5d204518ef0568221ce07e4520e0ce1e2d2ac9136f1ddf3e21fddbd7dbd2fc55dd0e71a417cbb6b7bc1182d739b02710b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 3d29e1b9351baba570d7cd8e31a34af8 |
| SHA1 | 0de7077877404100ec7502304bbf7cb54b288ca9 |
| SHA256 | 01fbc6e251a3be3da5d15062d94b47c56989b5638974cd030bc19b5f81c80812 |
| SHA512 | dd76e9162d7962a41e4e84d713ecd399881f17bd3c52801c9d1bbddcbb55dcc16f214687c5acacebf0691bb1d3083bf1dc006fdcbb01e7ce9e19b14d6d10fc90 |
memory/4388-193-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-215-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/2888-219-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-220-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4696-221-0x0000000000130000-0x00000000007BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 1781048b24fc2ee9af6f399d1230e3e0 |
| SHA1 | d5aa35dd5e5a8d2c7a38a1491841181e14b2c0a2 |
| SHA256 | 9881a82dcbe8780262d0e5e628d171090c227e7d81e0b86f4fa35f0999cd1a92 |
| SHA512 | c7890a78159f26ff5fd4f30d5ad07f3335001614721fcc93e66ec6355095f2c5d3d6575f6915fdd017975c255d6fd8004cc0cadcbbc81326546dcee60d12c964 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | edcaa901a8123bfcb1ceab7d1d19ee1d |
| SHA1 | 282fb6d927b57f727e78dd12508404db9c1d4ec0 |
| SHA256 | f84e5342190efce3a77a4d89e71dadf8744fcc972a147e1fd7df767a58c77092 |
| SHA512 | 5ae828ec07f626c6a42d6dd2f138edbeb3375496db93ce33a2f1dd8d114a7fe99aebef7c7a265e7d0ebbb73096338e76ea97eb99080a4f358dda398b3239c23a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57ef90.TMP
| MD5 | 98fb7f314a633d04d1704a2396a21803 |
| SHA1 | 92349cf81577cde31d9548c1fa5129230dd0226f |
| SHA256 | 06e6c01df66f8cbd254ddc9c7533eb1045d8de95905ec4025eed6b9e1cac4b76 |
| SHA512 | 0fc6f58b0fad5b111a9c904e41eb48d9c52719cf6c898ddd79b9ecbae4ff81f7c74bc7d4cf2479f6be51e5779356acc9e18f4bbbd82cfc6f484bc6ba433f37af |
memory/4388-288-0x0000000000CF0000-0x00000000011A7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b3f3d7d423fb16c173f4fff0e8a4f8cf |
| SHA1 | 113cb462af617cbb9df676531b6c32d2a37d31db |
| SHA256 | c332fd8e0666aadbf642a3f7994e38148ccf7cc90ddfbc3eeed1ca9f0c1f49ea |
| SHA512 | 9ae08b547eab930fd9dd39ed93cfcb0f8b55821b6a21c101cb7df0529d9c7f8d80a0d8f385b0b22a1c5d4b22d7534dacdc0feb662472d7b02178ee9bd1693109 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4abef54b4d9a44e051e0555a2483563a |
| SHA1 | 6dd23a827c06723ceaaed34d91a3de312bc736c8 |
| SHA256 | 315666567c12ef9a01f5170afc108f868efb17adf433717aaa689c8027dbe24f |
| SHA512 | 69e287ebddf20e3419402d91bac7496fab83426ddc5044329d169fb2653eceef5ffe979d7c8fd2cf85e8dc163cc721a5fcc0ec5f998baafc6e5edd4505bd1af0 |
memory/4388-330-0x0000000000CF0000-0x00000000011A7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\26e9829b-df9d-4a08-8b89-b5d4325c058d.tmp
| MD5 | 1b777586c2d716f116e48fc329c80a58 |
| SHA1 | b144eb4b52c62b511504bbe956691ad7ba09eb35 |
| SHA256 | aefdbe6e26789e3888f7480e7aeb5158ec503fc9d8dc5cd5334a84a53ac696ac |
| SHA512 | fe34cb4d7bda61958f5d9f89372d79e1149d05df1ffb5a45f09f11cc1e1c1ce244e18c78fc11fd8ba90836fcef080d5275526000ff6bd00c84930d48e1b65269 |
memory/4388-349-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-350-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-360-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-372-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4800-374-0x0000000000CF0000-0x00000000011A7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 8b169adc00fdba176b4144d943688cb9 |
| SHA1 | 13c44d615820ebfab8808ef61b2a0c814e091587 |
| SHA256 | dcfe0bc2635bdebc5dcb9bd0791bd313bcb200c464ca0144d1abe3acf916158f |
| SHA512 | fde0037beadf44cb11f3579dbd35c441c436a1cefc0be969a98b49ca0403175a6a76879758dc6b92c1244a6c484f47c7da55238abaefd7fa6eafc48c991172e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | d473f4ed80dc1f2bedd445ee11af9713 |
| SHA1 | 7ebe90d327bee8069b4aeeb44ee5e0fa5a66c016 |
| SHA256 | 87f392ae534a9604604f88bb9c1a146ea53a84e2aebfd687bc1554b47e6f0303 |
| SHA512 | 6e250a688107cac29afa3919dc7907adc0cfbf8c5e60a43724516ab641a61b8325eab06a7c0a9e4a655d6412216bf4346fc67af066e82703fea1f29f480441d2 |
memory/4388-402-0x0000000000CF0000-0x00000000011A7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58ebf1.TMP
| MD5 | a8640c31661f37f479613ad9033b9994 |
| SHA1 | f83d1295140ec3b9b0667de3b5909b67da0b5ffa |
| SHA256 | ae0328c49f0374007d04899eb6e1c1be554877f04a8c8f485542adaf58d57425 |
| SHA512 | 0b2c0d309f31d4d78c59add2aafdef219c4f0acd6e01b46412fa0583386d659a395c273c9593e12a5823545e6982281aa402771bb453e2955d69af88fc162401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | 093868ed9728cfa09a50a517846d2f1f |
| SHA1 | d9682fd394e8676519435bb5aeaf06c431cfc375 |
| SHA256 | 4c04faf4cdc62466079c88e197e152dfef44a5b841d5a035f46e55413b2c0ebe |
| SHA512 | 448ec589db5a6193a0223cd3b01f8e6642f9aa5f919aed4a40bfed4b941a46db6a14e19bb588ee535afd8b28be4be42f2733657671ca23d92c629f73aa03b4a2 |
memory/4388-412-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-413-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-414-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-415-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/4388-418-0x0000000000CF0000-0x00000000011A7000-memory.dmp
memory/748-421-0x0000000000CF0000-0x00000000011A7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | c2ea926f807535cb3dc6a6de2808fed3 |
| SHA1 | 8fddd0c959a8d5234ffa76e9dc2915b3f57dc17b |
| SHA256 | 3bcee583417f568cf35762341816681e26b695eacf1bbbb29adbce384e783ba1 |
| SHA512 | fef911d8d1ec750d3e2ef2a5e251fa8f93b922d6da1d47f8f73109048c1b1c76fa892e37ce89af58927fccfea10eb3f7b1ff99a78727e0678488e9522e6460de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 81ac23f4a69d5c3b7f5f3a6add337b52 |
| SHA1 | bc94c967846ee101e384f6436dcf8addeadacdd7 |
| SHA256 | 6e1b7bf3cee0b7aa9356cfdc3e65df2ed32ac14113e337a34a6cd8150876c1ca |
| SHA512 | de12e7536b5135e6b34d40ef4e46e2ca2d8c395f115177e9d671445a6d0bdc003355d3e56c197ad620370c194149b2825ba46e2af75e112c433256be8062f0d7 |
memory/4388-442-0x0000000000CF0000-0x00000000011A7000-memory.dmp