2e80059a92e23f07ece25cd25f4e855cb01c8623a5ca9d8d63756c2273368563

Analysis

max time kernel
15s
max time network
225s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2022 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fucker script.exe
Size

104KB
MD5

db0655efbe0dbdef1df06207f5cb5b5b
SHA1

a8d48d5c0042ce359178d018c0873e8a7c2f27e8
SHA256

52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
SHA512

5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Modifies registry class 7 IoCs

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3463845317-933582289-45817732-1000\{D442F75A-3EBC-4357-8773-C914605E1A28}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

explorer.exe

description	pid	process
Token: SeShutdownPrivilege	2496	explorer.exe
Token: SeCreatePagefilePrivilege	2496	explorer.exe
Token: SeShutdownPrivilege	2496	explorer.exe
Token: SeCreatePagefilePrivilege	2496	explorer.exe
Token: SeShutdownPrivilege	2496	explorer.exe
Token: SeCreatePagefilePrivilege	2496	explorer.exe
Token: SeShutdownPrivilege	2496	explorer.exe
Token: SeCreatePagefilePrivilege	2496	explorer.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

explorer.exe

pid process

2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
Suspicious use of SendNotifyMessage 8 IoCs

Processes:

explorer.exe

pid process

2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe
2496 explorer.exe

pid	process
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe

pid	process
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe
2496	explorer.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

msedge.exemsedge.exe

description	pid	process	target process
PID 3344 wrote to memory of 2120	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2120	3344	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2280	3636	msedge.exe	msedge.exe
PID 3636 wrote to memory of 2280	3636	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\fucker script.exe
"C:\Users\Admin\AppData\Local\Temp\fucker script.exe"
1⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044904
1⤵
- Suspicious use of WriteProcessMemory
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce48c46f8,0x7ffce48c4708,0x7ffce48c4718
2⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6786852136297688894,17295349894721223238,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6786852136297688894,17295349894721223238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044778
1⤵
- Suspicious use of WriteProcessMemory
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce48c46f8,0x7ffce48c4708,0x7ffce48c4718
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
2⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
2⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
2⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
2⤵
PID:628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6080 /prefetch:8
2⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
2⤵
PID:6120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
2⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x22c,0x254,0x7ff61f365460,0x7ff61f365470,0x7ff61f365480
3⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
2⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
2⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
2⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
2⤵
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
2⤵
PID:2600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6596 /prefetch:2
2⤵
PID:6836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
2⤵
PID:7000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9529541774959609749,12229970669680718847,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:3936

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
1⤵
PID:4212

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
1⤵
PID:1208

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"
1⤵
PID:1744

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe" /client=Business1 /hideWelcomePage
2⤵
PID:5820

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6260551aab1344adaddc91657dc3f594 /t 2264 /p 2232
1⤵
PID:3112

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044778
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce48c46f8,0x7ffce48c4708,0x7ffce48c4718
3⤵
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16770306572803525189,12076094949367384593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
3⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16770306572803525189,12076094949367384593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
3⤵
PID:5572

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"
2⤵
PID:4788

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044778
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce48c46f8,0x7ffce48c4708,0x7ffce48c4718
3⤵
PID:2064

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3572

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e043fcb121c64ede9f84c3073ee5ede5 /t 3420 /p 2496
1⤵
PID:4400

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4712

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"
2⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044481
2⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce48c46f8,0x7ffce48c4708,0x7ffce48c4718
3⤵
PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5124

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
1⤵
PID:5444

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:5996

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\fb00e3a1296d470f9f6c5d9950c8efc5 /t 4224 /p 4212
1⤵
PID:5692

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\77053c0d2bba44429609c25e129e45a5 /t 2688 /p 4712
1⤵
PID:928

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4152

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b48533a15d8b43cf8727680e16d759fc /t 5604 /p 4152
1⤵
PID:3780

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044786
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xd8,0x104,0xfc,0x108,0x7ffce48c46f8,0x7ffce48c4708,0x7ffce48c4718
3⤵
PID:5700

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044778
2⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffce48c46f8,0x7ffce48c4708,0x7ffce48c4718
3⤵
PID:5244

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3940

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
1⤵
PID:3780

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch
1⤵
PID:5476

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\1edd34889da8416ea18d51b1063b6792 /t 5564 /p 3780
1⤵
PID:5140

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
1KB

MD5
1373d0c10451574ecc57c83379ea3fd6

SHA1
537badffa83c7cb5d1eef45158d89c2c363c04cb

SHA256
e79f535977c6131ae3fdf952422c3b3f777c456d002486170bba7d5bb190d75b

SHA512
f798880e5dfd6625c78ad21c6f25e7e0a51552bd3cb64d0baba050a65eebc7651e1ef04748d5edc25da2ba23bc72a436ddda277b65091c85b16208f2b4c069e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
471B

MD5
d02ff3b6c3593eefe5c96673f573d77d

SHA1
c4cf7490c1eb29106c5ad99dc05405b2fa112dd8

SHA256
caacbf060d2954ae2310f586165551369128cec9b3e2b3b878cb2fb2b6db594d

SHA512
4ab97ea94b3f7559154a7aa80c1e5c14abd147ac837dbb720d5ab16918dd4b24604b6415072edb835275a7ee03dbd588373870255d7c9f7b1bbe0899bc9f7f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
471B

MD5
d02ff3b6c3593eefe5c96673f573d77d

SHA1
c4cf7490c1eb29106c5ad99dc05405b2fa112dd8

SHA256
caacbf060d2954ae2310f586165551369128cec9b3e2b3b878cb2fb2b6db594d

SHA512
4ab97ea94b3f7559154a7aa80c1e5c14abd147ac837dbb720d5ab16918dd4b24604b6415072edb835275a7ee03dbd588373870255d7c9f7b1bbe0899bc9f7f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
471B

MD5
8024c37f81a0b9a5f37121550621be4b

SHA1
4cde8f1b3a01096bd1f8476dc595f3210590f522

SHA256
a4e49bf7354746282149370fb3fb1159ccc91ac20946ac569157a6c4a4ffd828

SHA512
7f1d8e180c79e2e6633dba4fa6ca759b7fcb4f9a0491fc23abf6425152c2492b738b8dc1c6ce68a736af1c174817a00f85a80bc2b39d7922c57b69fb1bb379f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
434B

MD5
76a2627d404507470bae72a705221f43

SHA1
de5db70ba8c989af92dbb352577bf0da708c0d94

SHA256
53cdebc50c8b9d028c1d6c9dc21ac6d6bab1125d6d8c4d8d33ff366def68bdef

SHA512
72f1ff8499e7c94a26646bc4fae952afbb2fcb382696a64a12668aa4f1dd526e0c8079ebb72134821ea778b5c87c81f0f506bb140c94f7946a01a1789be297f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
442B

MD5
58f85df24233d796da658299acf3a5d8

SHA1
6bbdf8ee0e3276b28b505541edeb18b53a5571c1

SHA256
6c499487a9b0bf325b2785b8136a9b59551b21d7de9246144a5504de2e2e8ebb

SHA512
5bf5a9d06ce2c1da4191f06ed39e7985d784e3ddf29fa7ebdb4cb0218669f035e9cc7d0c971e737fc652fd0d59bf1bc3abd7c4d5b5d58b26023b9d05f731e3d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
442B

MD5
58f85df24233d796da658299acf3a5d8

SHA1
6bbdf8ee0e3276b28b505541edeb18b53a5571c1

SHA256
6c499487a9b0bf325b2785b8136a9b59551b21d7de9246144a5504de2e2e8ebb

SHA512
5bf5a9d06ce2c1da4191f06ed39e7985d784e3ddf29fa7ebdb4cb0218669f035e9cc7d0c971e737fc652fd0d59bf1bc3abd7c4d5b5d58b26023b9d05f731e3d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
442B

MD5
28a61e33dc6b7ca268e41f63fc32bc00

SHA1
97d12d4a6f52f6abc30c78fa58c35e0503ea53ca

SHA256
e526bc4bab31e871670f02e332a0cdcaafa9c8a81d4744dc89cf49cf633d7e14

SHA512
ef8f544ac2fa2efde1519fec4d42c66f89139af45b1f6d2e929a7f4b2e4290b53b72e6131ffc1dddb3b137b375d789bd8aae6507dfc781295c61d0e09c832b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0e45a3d6c31013da55ed308015a7b40c

SHA1
bfc912c204506a5ad8cf07c374577316341990c6

SHA256
f9a349c81c351f483f1db40cccb7a4a99950fc30769ab9be716739f1beaf413c

SHA512
5c9aedc1be72562445db07fc367afcf3dd003ee2f874dea33ff36d801e86c18559cc44f538ebaa7397fe387a494737a147b260b08a6bca6bfacaf332485a4cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0e45a3d6c31013da55ed308015a7b40c

SHA1
bfc912c204506a5ad8cf07c374577316341990c6

SHA256
f9a349c81c351f483f1db40cccb7a4a99950fc30769ab9be716739f1beaf413c

SHA512
5c9aedc1be72562445db07fc367afcf3dd003ee2f874dea33ff36d801e86c18559cc44f538ebaa7397fe387a494737a147b260b08a6bca6bfacaf332485a4cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0e45a3d6c31013da55ed308015a7b40c

SHA1
bfc912c204506a5ad8cf07c374577316341990c6

SHA256
f9a349c81c351f483f1db40cccb7a4a99950fc30769ab9be716739f1beaf413c

SHA512
5c9aedc1be72562445db07fc367afcf3dd003ee2f874dea33ff36d801e86c18559cc44f538ebaa7397fe387a494737a147b260b08a6bca6bfacaf332485a4cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0e45a3d6c31013da55ed308015a7b40c

SHA1
bfc912c204506a5ad8cf07c374577316341990c6

SHA256
f9a349c81c351f483f1db40cccb7a4a99950fc30769ab9be716739f1beaf413c

SHA512
5c9aedc1be72562445db07fc367afcf3dd003ee2f874dea33ff36d801e86c18559cc44f538ebaa7397fe387a494737a147b260b08a6bca6bfacaf332485a4cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
44a0e0dec73bba7d7c456b24a4c3884e

SHA1
bcaf39464270fb6b4d88e456b7c146ef44885a00

SHA256
41a197f731931bf11cdf1d6c8dc9fc1ef9f8095700499044563d838269cafd52

SHA512
11640e42884a131d18ea86c005a3d10c553978bcaf3ec4d727e22c686141b6afa5d92e5e7ae0a88e1cf5ae2503eb731471e4847f87339d6aecd58c58b10b338f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
44a0e0dec73bba7d7c456b24a4c3884e

SHA1
bcaf39464270fb6b4d88e456b7c146ef44885a00

SHA256
41a197f731931bf11cdf1d6c8dc9fc1ef9f8095700499044563d838269cafd52

SHA512
11640e42884a131d18ea86c005a3d10c553978bcaf3ec4d727e22c686141b6afa5d92e5e7ae0a88e1cf5ae2503eb731471e4847f87339d6aecd58c58b10b338f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
44a0e0dec73bba7d7c456b24a4c3884e

SHA1
bcaf39464270fb6b4d88e456b7c146ef44885a00

SHA256
41a197f731931bf11cdf1d6c8dc9fc1ef9f8095700499044563d838269cafd52

SHA512
11640e42884a131d18ea86c005a3d10c553978bcaf3ec4d727e22c686141b6afa5d92e5e7ae0a88e1cf5ae2503eb731471e4847f87339d6aecd58c58b10b338f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
44a0e0dec73bba7d7c456b24a4c3884e

SHA1
bcaf39464270fb6b4d88e456b7c146ef44885a00

SHA256
41a197f731931bf11cdf1d6c8dc9fc1ef9f8095700499044563d838269cafd52

SHA512
11640e42884a131d18ea86c005a3d10c553978bcaf3ec4d727e22c686141b6afa5d92e5e7ae0a88e1cf5ae2503eb731471e4847f87339d6aecd58c58b10b338f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
44a0e0dec73bba7d7c456b24a4c3884e

SHA1
bcaf39464270fb6b4d88e456b7c146ef44885a00

SHA256
41a197f731931bf11cdf1d6c8dc9fc1ef9f8095700499044563d838269cafd52

SHA512
11640e42884a131d18ea86c005a3d10c553978bcaf3ec4d727e22c686141b6afa5d92e5e7ae0a88e1cf5ae2503eb731471e4847f87339d6aecd58c58b10b338f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
13e2d5a7f7ee344da46b12979553d1f6

SHA1
bb98d67d564bc1b084a50c4811d3e3bf43f5ef01

SHA256
7959cf48e7435774a43fa10babf0b992efd2d97bcb5024792f94ad4ad7e49224

SHA512
77ffee11751f98052033f73b256071bff49765a2d2d0a1861c38a63fefd8c29b7c6afa3549eb1ec475c3ff48cb62a553918247f54d94cc2da251817e0f85af41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
c4d37ae656c954de983e99c27eefe3d5

SHA1
6722f73b736ce57ebddb4904ff14868ffc67e41f

SHA256
6de714d1dc4aec7b1bde1c0f59cea420869a3f22e82c2ff08ce594c9eb55c86f

SHA512
2f3833caf81b8b2d4af0cbcb203421bce01de472e484c3695efbb6e0568873354a75ebee34ce423afa3b7644a2f1623c25fdcbb32a66a122088e2bfac7150e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
a6810d15ecf172d10d7637606a02ae81

SHA1
e200081f96aff7edb763e9e3da86e1224d46b3d1

SHA256
9e07889695d06578f27289df32713bb7a98c6f7d938367356fb5753927a62cbb

SHA512
985af4edf6c05a193bcf4ac5f41c19e47817cfdbbf8f8d9111459018213da88b570dab3d6b6d603624bda687d83f174c0f341582e7928dcee1a7bfaa9bbf1908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
5516c114d601a9844eea036068aee0a8

SHA1
19928aacb45a4805e2e29e2ae3868a06ecb6f8d3

SHA256
b966e161d6afc086dbc922c9670cf0c033c0315abd1de67bca85c9b5133d619a

SHA512
5352582f8267b2353973ccbe6867ddf3d8a2a0db918012efbee6b478972961188932049acba72984b4265848dd7e8401e2327eac464ec9893cab75855757a21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\FDC647A8-68EA-44DF-98DE-DE2C00CAEA84
Filesize
145KB

MD5
daf030790a9a984db87871ab47dc2c4c

SHA1
d21f0c4feb374c9c49ce9f4aef71a8ab5d9c94b2

SHA256
fe7e73e5015ff2dbe31bea6943edcd048eace42a2b7cd673fe7a498054756001

SHA512
59bc0b46e1e59e256ac96aa5f6b6a8e3a5b14365d57f68d179ea942324cf382053043c45bab357c57f71bd6718db6d5619a6a5738ccf6a7d05a921987d721048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal
Filesize
4KB

MD5
4e848fae63d6710305013dd63a29cf32

SHA1
0f2a373b2e99b1121d5f071f9962125bec7a31c3

SHA256
d1bc676a6e9beec565d614d62fb0ae33d37075b13c7502be2b634fcfc4468df9

SHA512
7a972167334b185cc5a1ed2fe52c557209db83be3ed013c01fb08e5b2a120523d2901e86816ff48db4c86b0c5e4101113e793158296e494f23dc7f2cc50065d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\update.xml
Filesize
726B

MD5
53244e542ddf6d280a2b03e28f0646b7

SHA1
d9925f810a95880c92974549deead18d56f19c37

SHA256
36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d

SHA512
4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2022-8-4.115.1744.1.aodl
Filesize
239KB

MD5
c753993069d2a6984342272f4d7be4a0

SHA1
00b21d4378cf26eb49047d6a1286b6d905c04ae5

SHA256
7f828345e461c37c6f5e65bf060613f6df3d6e1d14f803ff7c589190358dc3dc

SHA512
cfeaf1c56b4b7b4822494622066b819d5faeb18c7567f25da7b76a61cd039e11a273c68dc91eca8154985d626d1d0201abbd0f36cd91792e90fea46dfe7770a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2022-8-4.116.6032.1.odl
Filesize
6KB

MD5
b232db59decdeede6870eacb399916fa

SHA1
e97493b3a36ec4bd7cb5053bc2c0d5002d3bd381

SHA256
8d2b8a0d49caa735983b6960fc66e57fa4d50c3a5a7d89f0aba802c8f7a5e635

SHA512
9c7fe9938b5c40fa4dc1028c8806415f58382a9da9bc32437b09edc307c9676052cb22d3e167e4997b947e12908096e2f42c330cfb22f802e05a7b7f78208c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\TraceCurrent.0729.0013.etl
Filesize
4KB

MD5
409c50f61e335e8f23250d951922aadf

SHA1
5126442077b23ccfc44442a74e765d81c554bb50

SHA256
ef21a9041ee89cbbe4e3fff282fbd911373e27ec269016a4f0f3fb88a12b850e

SHA512
b54280f5fa68a652c2a256ede62cb9edbb9c4669df17c6e900898efcd260be285475fd23fa21ad5a989d1d5699a1f08d1319f6e1e38217699364125155e170f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Personal\telemetryCache.otc.session
Filesize
20KB

MD5
87aa377f7505732a481aecf5653b1e03

SHA1
8599d1751c67886c23ea2b7edc55cdf02f5fd848

SHA256
7072bfa9bd07ed1d0f426d743d113ce1c168333b37a5852eecc732db3fa68452

SHA512
e792f20ba0407965d4d2b821306ffcc16a05d234b377928743046a72c42db9fff92ddee68201838f9003a5b24036f9190a4e2eb29604fbb12f6f2886d8be2972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json
Filesize
61KB

MD5
501bf5c210951c2d55676f09bf629757

SHA1
10c15a8b6fdd3a2724d5c60863790cf6c16acf47

SHA256
b89b256b4c06421cd44db626ea3afc44eb2c20eda25e8fe0b9c37e235f700ea0

SHA512
80ea93a1b61c7e75b809cefb51bb0931ba2cd38d0f517a1ec7eee4fb83b51ea5df3bcc715dac6289ac7e6ff2e38af7296c33190ad5294f95905fad56f50622e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
2f4b0e3374e8f7b250dabe5fc26d8c82

SHA1
b7efb588072f908cc12c39bdddd1be2bc552309e

SHA256
76ee72576f19eae201bd0c0480ae240515be756d4cc7ad99bdcfd12dfe85c7d5

SHA512
2ce5ae4d0f5420385fffa244c953abde3aef4c9e5315139302c2722f4263a409d43b46938f2a7ac54f20e96512115ada668954d8c868f8a38bce9716f071ecf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-6032.log
Filesize
470B

MD5
429ad3ac99b2c53636e1e62adba06db9

SHA1
6e077f9069d97fc2843bb1a3203d9a01211d946c

SHA256
b2d00b136a6aa2de2b0ad0faa377ee3639239f76fdfdfc9a6f5b303c280adbf5

SHA512
c13106cd87c9f8bd24167a179364447e18d5459c0657ffea3c601ba28335a357a59157b75e3b5f612e86a4e4796c70020503c15644dccb31c4b095fcba8532b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
Filesize
2KB

MD5
15d7b60a9a8fd0b800a11ab5fffcd6d3

SHA1
d7f025c71719f5f7f23383fdbd92a23691b9f87a

SHA256
214d6e3af615452bf2ca6734df44fd52e802fda6ec954db4ca56086bf4d0eefd

SHA512
cb57dd1559975150b9772503bf617b468e8d69bbb27d3f4deef9ebdf11915f685c1d3cf81768b45204872270e3caa647dce7e61b917e9852cc9931d48087d5a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize
3KB

MD5
ac4567671d82cd8da6bce8f382a3a9c3

SHA1
d31294cd9e4bd2852f994be41833fe288bb44978

SHA256
b10b82434def8a41e773ce60ff6245d1bc81e9bcb5768490ff046a54827a8580

SHA512
e1e2b663fcb35604ae6f155d7829fee8de29f6d2a62777e57a4bae5d7bad2893e8ef44a8c2be79b149c3e3a052688ff0aabb6fe460acaf075415f4cf8cbcd198

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize
3KB

MD5
c41ef7e35733ee327ff56ea18a29eb19

SHA1
578bb37f5d4237188b91e0876f2bcca04e6f1d69

SHA256
2947d36d2c0b83d19555ce2071923ac75d106f8494ac9e3a7d79b5a16ad5a24e

SHA512
3d46a34a85abd85e48528a3e20b158d353492fce1ee6fdcdb0fb237d5dfe09f554459117ddf80b362ca0406939c82352d0fc48cc7be68cffa52866d9c4a7e64c

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
d45e17c2642731cf72553eb9d90a8584

SHA1
27c2515391dc3dcec482205ddc2e0fda741faf6f

SHA256
7c952053c6dcce335c05a78638b4d56205bb8fd61e534d8d2a70f98300d2817f

SHA512
41215d95f6966af810b9c13c5d7bdb5ce2f2fccd91303e657674220284ba380cbcdf5f0f197f3393a68c9681ba4ea01dc2563c4a3b72f482311f2e247ed39102

Download Submit
\??\pipe\LOCAL\crashpad_1020_PCLATRQOCIVCIXHV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3344_WVZUHFPWDSKWDZDD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3636_EOCVIWNOJKEYTMUW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/492-176-0x0000000000000000-mapping.dmp

Download
memory/628-215-0x0000000000000000-mapping.dmp

Download
memory/900-230-0x0000000000000000-mapping.dmp

Download
memory/1020-152-0x0000000000000000-mapping.dmp

Download
memory/1040-276-0x0000000000000000-mapping.dmp

Download
memory/1208-253-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/1208-257-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/1208-157-0x00007FFCC1740000-0x00007FFCC1750000-memory.dmp

Filesize
64KB

Download
memory/1208-255-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/1208-254-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/1208-150-0x00007FFCC1740000-0x00007FFCC1750000-memory.dmp

Filesize
64KB

Download
memory/1328-274-0x0000000000000000-mapping.dmp

Download
memory/1836-153-0x0000000000000000-mapping.dmp

Download
memory/1924-242-0x0000000000000000-mapping.dmp

Download
memory/2064-170-0x0000000000000000-mapping.dmp

Download
memory/2120-135-0x0000000000000000-mapping.dmp

Download
memory/2280-136-0x0000000000000000-mapping.dmp

Download
memory/2492-178-0x0000000000000000-mapping.dmp

Download
memory/2584-261-0x0000000000000000-mapping.dmp

Download
memory/2600-278-0x0000000000000000-mapping.dmp

Download
memory/2640-258-0x0000000000000000-mapping.dmp

Download
memory/3100-186-0x0000000000000000-mapping.dmp

Download
memory/3140-162-0x0000000000000000-mapping.dmp

Download
memory/3504-177-0x0000000000000000-mapping.dmp

Download
memory/3700-244-0x0000000000000000-mapping.dmp

Download
memory/3708-259-0x0000000000000000-mapping.dmp

Download
memory/3832-232-0x0000000000000000-mapping.dmp

Download
memory/3852-221-0x0000000000000000-mapping.dmp

Download
memory/3860-156-0x0000000000000000-mapping.dmp

Download
memory/3936-316-0x0000000000000000-mapping.dmp

Download
memory/3956-194-0x0000000000000000-mapping.dmp

Download
memory/3984-236-0x0000000000000000-mapping.dmp

Download
memory/4212-138-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/4212-140-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/4212-142-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/4212-144-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/4212-146-0x00007FFCC38D0000-0x00007FFCC38E0000-memory.dmp

Filesize
64KB

Download
memory/4412-234-0x0000000000000000-mapping.dmp

Download
memory/4688-271-0x0000000000000000-mapping.dmp

Download
memory/4788-155-0x0000000000000000-mapping.dmp

Download
memory/4792-248-0x0000000000000000-mapping.dmp

Download
memory/5064-179-0x0000000000000000-mapping.dmp

Download
memory/5244-267-0x0000000000000000-mapping.dmp

Download
memory/5404-224-0x0000000000000000-mapping.dmp

Download
memory/5444-240-0x0000000000000000-mapping.dmp

Download
memory/5476-284-0x0000019D06F10000-0x0000019D06F1E000-memory.dmp

Filesize
56KB

Download
memory/5476-323-0x00007FFCD2280000-0x00007FFCD2D41000-memory.dmp

Filesize
10.8MB

Download
memory/5476-287-0x00007FFCD2280000-0x00007FFCD2D41000-memory.dmp

Filesize
10.8MB

Download
memory/5476-285-0x0000019D07370000-0x0000019D0737A000-memory.dmp

Filesize
40KB

Download
memory/5476-286-0x0000019D073A0000-0x0000019D073A8000-memory.dmp

Filesize
32KB

Download
memory/5536-226-0x0000000000000000-mapping.dmp

Download
memory/5572-196-0x0000000000000000-mapping.dmp

Download
memory/5680-227-0x0000000000000000-mapping.dmp

Download
memory/5700-260-0x0000000000000000-mapping.dmp

Download
memory/5736-201-0x0000000000000000-mapping.dmp

Download
memory/5788-203-0x0000000000000000-mapping.dmp

Download
memory/5792-269-0x0000000000000000-mapping.dmp

Download
memory/5820-204-0x0000000000000000-mapping.dmp

Download
memory/5860-246-0x0000000000000000-mapping.dmp

Download
memory/5872-256-0x0000000000000000-mapping.dmp

Download
memory/5996-297-0x000001B3DDA30000-0x000001B3DDA50000-memory.dmp

Filesize
128KB

Download
memory/5996-301-0x000001B3DBD08000-0x000001B3DBD10000-memory.dmp

Filesize
32KB

Download
memory/6032-207-0x0000000000000000-mapping.dmp

Download
memory/6120-238-0x0000000000000000-mapping.dmp

Download
memory/6836-299-0x0000000000000000-mapping.dmp

Download
memory/7000-309-0x0000000000000000-mapping.dmp

Download