Analysis Overview
SHA256
eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e
Threat Level: Known bad
The file eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks computer location settings
Checks BIOS information in registry
Executes dropped EXE
Identifies Wine through registry keys
Adds Run key to start application
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-12 10:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-12 10:05
Reported
2024-09-12 10:07
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\186b3c82b0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8abc3153b2.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\8abc3153b2.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\186b3c82b0.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000040001\\186b3c82b0.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000040001\186b3c82b0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\186b3c82b0.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe
"C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe
"C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\8abc3153b2.exe"
C:\Users\Admin\AppData\Local\Temp\1000040001\186b3c82b0.exe
"C:\Users\Admin\AppData\Local\Temp\1000040001\186b3c82b0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e2b946f8,0x7ff9e2b94708,0x7ff9e2b94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8696 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12172939536811801921,15957193297148580124,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/4208-0-0x00000000008A0000-0x0000000000D62000-memory.dmp
memory/4208-1-0x0000000077434000-0x0000000077436000-memory.dmp
memory/4208-2-0x00000000008A1000-0x00000000008CF000-memory.dmp
memory/4208-3-0x00000000008A0000-0x0000000000D62000-memory.dmp
memory/4208-4-0x00000000008A0000-0x0000000000D62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 16eba1f939a7c8d10aa7a300cf48658a |
| SHA1 | d291806bdd49d3016994f05834ed4100b042aa95 |
| SHA256 | eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e |
| SHA512 | a7c69ae67d0a53eb384f35f126f12a0e92937a900e5b7ce718746eeda0cfb4061f81ba34c68ac97de3f80ff6ef4a161cd8c6e629c69b76443d18bb0c9b89051b |
memory/2136-16-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/4208-18-0x00000000008A0000-0x0000000000D62000-memory.dmp
memory/2136-20-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-19-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-21-0x0000000000750000-0x0000000000C12000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\8da6e1077b.exe
| MD5 | 96191b63d5798d518923727a443b583a |
| SHA1 | 9d4ecfcca685c739f621d55628c74823cc31ff46 |
| SHA256 | 23413b888fbcb25c4b8fdd07b60c95402ea09d4b7d591e786c906c64690be46e |
| SHA512 | e0ef6083166ea2752c10a43ef7ad3b73223124b1c38586f8032148d02f8883f40c5a111df1bcb7775d8e4b1b1994ac284b098e1f8da6ddbab82bc10712517875 |
memory/2712-37-0x0000000000090000-0x0000000000709000-memory.dmp
memory/2712-38-0x0000000000091000-0x00000000000A5000-memory.dmp
memory/2712-39-0x0000000000090000-0x0000000000709000-memory.dmp
memory/2136-55-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/996-56-0x0000000000890000-0x0000000000F09000-memory.dmp
memory/2136-57-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2712-59-0x0000000000090000-0x0000000000709000-memory.dmp
memory/2136-60-0x0000000000750000-0x0000000000C12000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000040001\186b3c82b0.exe
| MD5 | 38164e376726862f321ff8405edbb017 |
| SHA1 | 9369f0d472e9356375a90c770960283023f46746 |
| SHA256 | 656c621b640e591916a685e4fc7f3171bd756ff85aa98872557cf6b22b09db79 |
| SHA512 | a2af12b16f5faa4d63c7b5b5399b03708172c998d3f83c088cb62feea1695c66aed1559f779bce1e6a223c5ea26e9c0e19690fd90cfadc03d2f8382e766fccd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | f5b2550242c88e130046ac7f0fedbe56 |
| SHA1 | 98cdd31c3acc3234bedf5e21dae641dc9bf07158 |
| SHA256 | 74a9687fcdf144c08577cb25410411de4ceec72f120842f5eb70bc93101aca11 |
| SHA512 | e82e1883c9dae519be5852f8d75e6c89aee6166ee346458552aa836165cedb2fe0bfe2107ddff89ec7288876c80c4ebf7694b63274beaf300487045a6168f9d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 302ba5772d6a858227a7bce25fbe3b50 |
| SHA1 | 348184a3d15136681a6b3183f0b164c8593cec6b |
| SHA256 | 0973f53d82931e9a35757b736dfa0f6e0230acb31199c97f6274e73b07ebf89e |
| SHA512 | 21d0c758d9aa4af99215de2fcd0ba8d4604d44f630c6197d958641d3324665f699d7fef077f7f385558bde1574501ac80bf190c3bea66b23a3cb128b93e87e32 |
\??\pipe\LOCAL\crashpad_3516_NHOQEYIZVTGLXQTH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | cb1ad152ec0a1b8be843f38dcf5f00ea |
| SHA1 | 3c7e130169489c70cc68399ae22ff746daf62f91 |
| SHA256 | 9558e282634e1c61c8218db3974ba75774bf5652623441ceb1f363f3d8a60349 |
| SHA512 | adef2451edf0d933629697a7d706d58ade266394321d7163b83ec6befbf5f744d771a6e19d76a66c229b5e89d3485b1fcc7561999f9a310c8efcefe7ba468de6 |
memory/2136-127-0x0000000000750000-0x0000000000C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\33ba62ff-4a63-4366-b29b-2a8c6c255400.tmp
| MD5 | 24031b8997a9cfc6321413a7e03a4568 |
| SHA1 | 489bd2c4d92a8661396c36752fae80f432ab3ddf |
| SHA256 | fa3a767482d5decd8ec5a91d759e4c90eca3539de11a1516d569a7a52b4b1e2d |
| SHA512 | ff5ff50f8c4f597bf5e6a82a27f576197aef3bce364d1bedc09ba8659ed8cd5c8bbbdf567ad69214e675299914f5d148b73d037adf8c93ce8da785a8c26deff7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | b0ba7d2c58a443ba1035844f56f5d31a |
| SHA1 | 7beea39f3078106cc128d93fad73e03faf8f25dd |
| SHA256 | f68521a882d7875a9c67afbae320146e93b84285b9860f134bb978de78258b16 |
| SHA512 | dea946e14ebd36b4bf62d1bdd45418edc865bc8250fb70448c7a873e28c60fb4be044b34c24f87beae4b3c9eca269cc9bfccfd4c936db56cf0924add75d80cdf |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CZ8EOXH12RMD44EIB8EC.temp
| MD5 | 44272c885b7a9857e229d3264c415780 |
| SHA1 | 5c9cdcd8869ed4c0053205a3d1bb478474d187f8 |
| SHA256 | 719be15fc83db794308cb0ba1313dda3dfc320619398220977b3899090b63500 |
| SHA512 | f36c191055b951999977b8d20f3f827f403cbfab12122751bae71b2334714ce89e774afe1ff367da8d6e4af828f99df5f28e6273d3659ec22502b0243dfb09dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/2136-266-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/996-267-0x0000000000890000-0x0000000000F09000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 53784c8b3ac0a8554c8b5c5b1b17da68 |
| SHA1 | 1a46cd074e3fce2faee7fb4e48c04e83c1f15f23 |
| SHA256 | 2608851757d1e03e0e57c5c77ce3cbc43df71fd852999c771fd4b042aff603d9 |
| SHA512 | 2fe60e77de823da3f7f8ebb901f05ea316c4103e852222dda732a40ca746e73a55b9ad73bb6fc6659364a420a85d3e8595601445a346a36eccf9c7524433442a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 41481c49f23f55bdfd6868d08ec97b12 |
| SHA1 | bd307195593c01d1ddb270d048eb3a187584d19b |
| SHA256 | 5d2c59480d7bce1d392099ad8ddbfbb6e5f15c2980f7e6ecb6795c702d2531d6 |
| SHA512 | de0ff3d92d2172088b867ba9deda57aa2064d4c2f5ffa6c086243a1eba4eda5fd71ef565526a7110ae0f50c74cac93336049fb7912b48a352c6951a518cf329d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57b258.TMP
| MD5 | f5d4bf89fc3f49849bd746546e20e61b |
| SHA1 | 701275d68dc82dc45beca98a3b95c1b9c907c57e |
| SHA256 | 3cf3dab8f836748925aacf7a8f27664e5eccdc82b275e44994b451a6933bf914 |
| SHA512 | a1cb74f1c3f1e196afe59c3577cefba63f45812954303205a7272c3ab96302bd7b6a6dcf6ddea97d8902b87ad6e50884ea60948aa87f40e33de2566dad457c0f |
memory/2136-292-0x0000000000750000-0x0000000000C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
memory/2136-345-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/3252-347-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/3252-348-0x0000000000750000-0x0000000000C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\13c32f3d-c0a4-49ba-ab9b-250cd9fc59af.tmp
| MD5 | 2a5deb1b6f8567e53ccbd6b762f6adaa |
| SHA1 | 50733f945e858b92c528f18bdf8e4100aa4f66a7 |
| SHA256 | cbc22f4b622eaf5eecf011953238c613acff95827c35c2af8482a0ac935b58cb |
| SHA512 | f965bd2080cdaf3e3f340e9c45a2c40abc5b0f83e7cc803fbe5c9181aa79c5d4ef1439d09cc1bd083e99457f63c380b0248477017696c4edcf7bbca153291fbc |
memory/2136-367-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-368-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-378-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-388-0x0000000000750000-0x0000000000C12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | c9e89d683dcc767aeb4fc5979b5f4608 |
| SHA1 | c2adb45ed7583b8fc7bca2cb81cbaa54847de88a |
| SHA256 | 16921808616749505bcd0c52caf99826f26e7779a8097384db74a1272dbe6014 |
| SHA512 | dbe97f8134f1e8e013dd312e0c3393aee5d9576a1356b3e1b56ea46363bde49b5734d84851e31aef5639d7d02b3993aec8ed8c73e343cdc423d5734ff7ad1381 |
memory/2136-407-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-408-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/5356-410-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/5356-411-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-412-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-413-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-414-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-417-0x0000000000750000-0x0000000000C12000-memory.dmp
memory/2136-420-0x0000000000750000-0x0000000000C12000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-12 10:05
Reported
2024-09-12 10:08
Platform
win11-20240802-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\8f697a0b33.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Windows\CurrentVersion\Run\0b105d7042.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\0b105d7042.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Microsoft\Windows\CurrentVersion\Run\8f697a0b33.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000040001\\8f697a0b33.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000040001\8f697a0b33.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000040001\8f697a0b33.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe
"C:\Users\Admin\AppData\Local\Temp\eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe
"C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\0b105d7042.exe"
C:\Users\Admin\AppData\Local\Temp\1000040001\8f697a0b33.exe
"C:\Users\Admin\AppData\Local\Temp\1000040001\8f697a0b33.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffc4c6b3cb8,0x7ffc4c6b3cc8,0x7ffc4c6b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7604 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8850689319369783268,4321742706480187639,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2952 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 216.58.212.238:443 | play.google.com | tcp |
| GB | 216.58.212.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/5080-0-0x0000000000F10000-0x00000000013D2000-memory.dmp
memory/5080-1-0x0000000077416000-0x0000000077418000-memory.dmp
memory/5080-2-0x0000000000F11000-0x0000000000F3F000-memory.dmp
memory/5080-3-0x0000000000F10000-0x00000000013D2000-memory.dmp
memory/5080-4-0x0000000000F10000-0x00000000013D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 16eba1f939a7c8d10aa7a300cf48658a |
| SHA1 | d291806bdd49d3016994f05834ed4100b042aa95 |
| SHA256 | eb2869650996d4e220e3fd063aa269bc83a5f0ca42125f3a8c1f7d5e62af9f4e |
| SHA512 | a7c69ae67d0a53eb384f35f126f12a0e92937a900e5b7ce718746eeda0cfb4061f81ba34c68ac97de3f80ff6ef4a161cd8c6e629c69b76443d18bb0c9b89051b |
memory/5080-17-0x0000000000F10000-0x00000000013D2000-memory.dmp
memory/2248-18-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-19-0x0000000000431000-0x000000000045F000-memory.dmp
memory/2248-20-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-21-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\8abc3153b2.exe
| MD5 | 96191b63d5798d518923727a443b583a |
| SHA1 | 9d4ecfcca685c739f621d55628c74823cc31ff46 |
| SHA256 | 23413b888fbcb25c4b8fdd07b60c95402ea09d4b7d591e786c906c64690be46e |
| SHA512 | e0ef6083166ea2752c10a43ef7ad3b73223124b1c38586f8032148d02f8883f40c5a111df1bcb7775d8e4b1b1994ac284b098e1f8da6ddbab82bc10712517875 |
memory/1372-37-0x0000000000F20000-0x0000000001599000-memory.dmp
memory/2248-46-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/1372-47-0x0000000000F21000-0x0000000000F35000-memory.dmp
memory/1372-48-0x0000000000F20000-0x0000000001599000-memory.dmp
memory/2248-56-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/1688-57-0x00000000002A0000-0x0000000000919000-memory.dmp
memory/1372-59-0x0000000000F20000-0x0000000001599000-memory.dmp
memory/1688-61-0x00000000002A0000-0x0000000000919000-memory.dmp
memory/2248-62-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000040001\8f697a0b33.exe
| MD5 | 38164e376726862f321ff8405edbb017 |
| SHA1 | 9369f0d472e9356375a90c770960283023f46746 |
| SHA256 | 656c621b640e591916a685e4fc7f3171bd756ff85aa98872557cf6b22b09db79 |
| SHA512 | a2af12b16f5faa4d63c7b5b5399b03708172c998d3f83c088cb62feea1695c66aed1559f779bce1e6a223c5ea26e9c0e19690fd90cfadc03d2f8382e766fccd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 903dbe889234b6e2de406d1747e946c0 |
| SHA1 | 94e03e5daf5c839abfe1da571d80a26670552669 |
| SHA256 | 9fb10b962ee88e4730b0cc8b1164f31d4ad4a59b0d2176b97cc9427827e404fa |
| SHA512 | 15ee70cf73ae35b740d283c7feeaea0300978e7e89faa712489dc701b72fd652250c5917f5e42e400698bd842e2513cace5676739cc98ca2515c5f60d0c29a7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | 471b72fbbbc1c349a0bf9e8191cce188 |
| SHA1 | f06521b265083b90b0305e3810ef70b3f99e3756 |
| SHA256 | 7f603487cae0079b4c853110b29de920318e076bbd230c486fbf3f8017690e41 |
| SHA512 | b10fee46bb4e24e478b2ad9ff732709ecb8f5b7c3645f31cc49d750cb53a2e1ce3ac5d0bb511415ea86d59f04f4a5869ba1fc88da318ac1159398be0693624f7 |
\??\pipe\LOCAL\crashpad_3768_YVPWDILPSNHJNFWV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
| MD5 | b4b040fff9bccb6963ab7ee0edbdd345 |
| SHA1 | 73a35484d8b28d26158bcd6a820f2e80ac9c266d |
| SHA256 | e5d28ea6fdf692191dac3a0a82e7b7e2b7cd910191801b074fdddbe909a4db04 |
| SHA512 | d30f624a9e5f3f10abaabae1d37e2055670a5cd3b91a69a3843ad1bac0dc0731d385352182a60f45706276d9865b228e80b7660ca580cc534d2d290761890a2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 72f0db1d8f64e2edeb6262248657e16f |
| SHA1 | 80d6cc40c114b5014e56717e480f701648552fde |
| SHA256 | 967a3020cc95dfa11ba9cc78d5c7d8af9f7c0d5d201c2bf6d6f0f17b3c9128db |
| SHA512 | 6960ca845acf4cd63c07201089a62804a250e4c3e3ae92e9ff92ad6549039e5424aa674970fb7a863572c6bbab9d33bbb2631734c9a91d29f098709615d6b7ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 4ecff125d7ca31eb7a43c04ff4a643c7 |
| SHA1 | 5a2b833193e1b26d356d07dd6551858894f332cb |
| SHA256 | 66a6a99841b5506c9de5017b77eaeb554be13f1cd275b5c1648a3e21799b07ba |
| SHA512 | 59b787efadd5697a322ae32d367b4e1f172193c388144da9936158479f31100da91243263a74610e0f5043defc5162fed078795bed79ef9b4833fce82e7c58a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk
| MD5 | 21295343096140281d33f6e54ec4737d |
| SHA1 | 996d90c8c9fca7c805fa37d10caebb6865105086 |
| SHA256 | 58d362c84c7935c37f0c0e3567bc71450555afb47961ef9a5242ad9c2f5c6b58 |
| SHA512 | 8cf5ec90854f4517ce071c06fc5e24a091f04860618dc57a28d2d27de3729437bf59788e872dcb5875a7edcd45abe48865ddb867db6bc0ffa526684a85ca22e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
memory/2248-204-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk
| MD5 | 5fb153f04a999c145410a97df5bf8b7a |
| SHA1 | bbf91915f6e0263c68f1759341123a41de4e30c3 |
| SHA256 | 573a42bf5a607f6d926046869ecca40e82d78201b64d622ce9b7a4e5472dc35a |
| SHA512 | 06a0cce68f0db60c356a02c331324fc2aefab5b437cac0ed5513a126c34dc22f2a34a9a66ca856a706395358e3f5240dc66ecfc99197d4a098bb0034904411bc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5137b6f811aec4d73aae926cb86c443e |
| SHA1 | 56c8a2e77321f5ecbdece3a855b6edbdde6d98b4 |
| SHA256 | c3e8bb602d5811351618e1ebcf42d8afc668b212324b69f45ac2afdbbec936a9 |
| SHA512 | 8c20b1613ea933cfd64f1d8267b2916ceaec983793f62716b936daa661dd1a1e82b6cbec29cba8b415e20e30e459bc7dc8f41ed7333dd114c7f002fa047cf291 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\138a231f-8364-44a0-940e-ec2ca69e614a.tmp
| MD5 | 61dd0578bbc84eca8842ac0277372686 |
| SHA1 | 688be3bb012f891703c736f3d35e88426ae0949b |
| SHA256 | 42343ef0e95cef620f9e86d35bf6e03d9095551f12b73547664375cbd6037c6c |
| SHA512 | 75a73cc801883bfb1f3f2f5e8416c2fa6efe0b806d41d6380a002093c7ff11e710f44fee6c40305fcc9eca711ebd43703d2646f0b2978164eb9a46c39933e5fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences
| MD5 | 3d4fe76eb3c535ab916f4839092d615a |
| SHA1 | e399d74a1392e535bb6bdc1d93373a926f576077 |
| SHA256 | 94736b443a51ba7abfb1a2ab9cda5c0d5ae1924ac7c62813f2d1a83e030df2bd |
| SHA512 | a211a43c3b25838c70a63526adec99db942facead786123b6d6e1762308383421267dbe57a0606f06c23ba572c11febd488548a44289fb3ab948495bf993b173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe58294d.TMP
| MD5 | 952e089da5b1aedbd667b0563e1da297 |
| SHA1 | 74d2a8f8871d99b8f4badd8430b50a0d82cb7eaf |
| SHA256 | d9bf31b272d127d61e6fc8d7372a0387a95c0cafbbbb411f3e469ffecf8848e5 |
| SHA512 | c32c4d288cd1f507fb2ab1a940df2f7648a3216d59ccf8db26837cad7becfec3c2e2e81c8ee75c160ff3769dc94137f038a6f389f969fc5697c466d14c2342c0 |
memory/2248-291-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
memory/4200-326-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/4200-327-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-328-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 67c2dfe492b4880927b4ff82a0eb38c9 |
| SHA1 | e8d1ee59deb6a04b03b67ef169a73a44f878dcd7 |
| SHA256 | 2877d2497bbc01ae2af0bb47b5b9d0b167d46859dc7ebb66147941d7d66c86e6 |
| SHA512 | a06f1f28c0a66382b92b01b6068f923364d25639c3d30ff20104c8b44de66e02b126f0b2388f0a70c03fd5d3905e55094b7fd6abd40b7b425587bb263dacf4ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8ef3dc3f629c42e9b594b6cf5b0f1062 |
| SHA1 | cc9fa995bd9b0f1257accbba15dbe553415e74de |
| SHA256 | 1bbdcde3cdaa824e358fb278d6f9ec464c9a11ee77cb0c450aab10eb81fd41c6 |
| SHA512 | c515da7fb9ff9355cd034facb31f67dbf3ab7f6f54a251091215b44640d8f477b030e5864ed4307d4d0e0c8504210097e657a48afa2fe60621aa2ad836a3dccc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\cbbaf926-3051-425d-b4ed-e082785dd3ab.tmp
| MD5 | 0a17d4606219272eabfb9a6639e3f0e1 |
| SHA1 | 8c039bca301f51626ee9560a9d0173e1e3188781 |
| SHA256 | 6a8398a8bcb5be1ca5fdbd4146a91a4de39db2d74fd998edfe59aa3c4e1a8bab |
| SHA512 | 08264bc3fbfd2375170e1e84afea00c73962b2fe56697a71ca36a7f31d60b7d6a5796fd3d5c6b0d7609d06a94cb9c2b6ff1071ad59c5053a1273716001c84d90 |
memory/2248-356-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-357-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-367-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-379-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences
| MD5 | 418b95e54eb1e9eae90136ed923cd055 |
| SHA1 | a02cd67bc1615760a80842c39a920d52bdb13db1 |
| SHA256 | a1e572750c74492a62460e4e42b6cc35a3587fed27045907274ad7b858cdd7c7 |
| SHA512 | e06aac3d3729624a7ae827829729eaa4623c27fd04865eb285292f6823e6254611e78c72a0d33eeb64ed0fd5aa9262f2ad9d6759c6d04cef5e23c94cbb168eca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | dd4fcd5b226f8377a3f2f5c075d41cd0 |
| SHA1 | d03b10bb5a3325c65ea4101d8d956ca688f888ed |
| SHA256 | 06303d487f7101823a57a98be4d34c461c1a5d566f7aa0f8b3c0138945250b76 |
| SHA512 | 1d5b35cff8f74d0ca5bdc4ecd6de3ccbf022247162f1f76d94ac45806c267454d127adc3d94686390f46296e576d899ad7c2b41a85d15c27602155c3e57b2b47 |
memory/2248-407-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | 7204b95bf5f990cf56276b4893dc3780 |
| SHA1 | 5b4808d510ca371535c43dacbd34196b33da2de3 |
| SHA256 | 8de912f4aa3084354184d4a06fb9347c61e2976378535eae27b22e46f9739a9b |
| SHA512 | 5840f9f16af0fdbaef9689b8a363710e5eb506d4fffad829f0aa697ba670eb129dd3c9c4cd79f2322d135974a3db4aa2beb5ae71fbd3e5e1d92388148d72b4cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe5923e9.TMP
| MD5 | 87204e03406a56f4be9226b0d4a9be6d |
| SHA1 | da6bd5e2068b63c225d3c0112e8a10c72a71c773 |
| SHA256 | d1534ac8f25917c77e8d4dfccd5aae2081b99c028552960f33a3ebc6700a2fc0 |
| SHA512 | 436868b260bda766ec1a7e61b8f5c7176e3e6e9d498af9f88fec28234fc1519c8394362e9925a9256c57b89b06c08580e9615cc61841ea622c59e01443bee187 |
memory/2248-418-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/580-419-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/580-420-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-421-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-422-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-423-0x0000000000430000-0x00000000008F2000-memory.dmp
memory/2248-426-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity
| MD5 | 471913f6fef9f2c9eb55877c12b813a3 |
| SHA1 | 9f266fafed75e80c98e38f00b9a4ae5aa36f7a6b |
| SHA256 | 8600f8fc7ae29c6728ff48fdc06e50a3e57b977a7242788f6c5915d09071c26a |
| SHA512 | c7eb654f35fb0fcfca6f0b0fd11373f70960c49068896382a764333ccf5e8cf0014703c7c0ac4f45356aa56604be9ddadd5953f89719ce955769027245030964 |
memory/2248-436-0x0000000000430000-0x00000000008F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State
| MD5 | ee730dd8ac91bd8b3232210251bd63cc |
| SHA1 | bf2d697670471a739d293055041f4532a35c956a |
| SHA256 | 74955574aea834010c335ae0208de78ce8f96cf5c8c7497bf7b2635b7f678d3e |
| SHA512 | 585f51429f5861c455076c17c565613ac8dfdf0a2005cc3b50fea5793fe849a9866c9e50b01997e6de2895dd2a6c2758cf37bdc2831a35aa0bd3fd7ac368de18 |