2e80059a92e23f07ece25cd25f4e855cb01c8623a5ca9d8d63756c2273368563

max time kernel
9s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fucker script.exe
Size

104KB
MD5

db0655efbe0dbdef1df06207f5cb5b5b
SHA1

a8d48d5c0042ce359178d018c0873e8a7c2f27e8
SHA256

52972a23ab12b95cd51d71741db2cf276749e56030c092e2e4f0907dcb1fbd56
SHA512

5adc8463c3e148a66f8afdeefc31f2b3ffeb12b7641584d1d24306b0898da60a8b9b948bb4f9b7d693185f2daa9bd9437b3b84cebc0eabfa84dfcef6938e1704
SSDEEP

1536:m5iT3FccnYWkyjWpOku3yUyJCbyVAvy7+fRo:3LOcxkyjW3wvHq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 4812	3380	msedge.exe	93
PID 3380 wrote to memory of 4812	3380	msedge.exe	93
PID 1396 wrote to memory of 972	1396	msedge.exe	94
PID 1396 wrote to memory of 972	1396	msedge.exe	94
PID 3712 wrote to memory of 4016	3712	msedge.exe	99
PID 3712 wrote to memory of 4016	3712	msedge.exe	99
PID 928 wrote to memory of 2520	928	msedge.exe	102
PID 928 wrote to memory of 2520	928	msedge.exe	102
PID 2864 wrote to memory of 4980	2864	msedge.exe	103
PID 2864 wrote to memory of 4980	2864	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\fucker script.exe
"C:\Users\Admin\AppData\Local\Temp\fucker script.exe"
1⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044904
1⤵
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14790258904558460262,10423259792978416812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14790258904558460262,10423259792978416812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044778
1⤵
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11654019785213731106,4252320316268553595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11654019785213731106,4252320316268553595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:5416

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
1⤵
PID:3948

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\onedrive.exe"
1⤵
PID:3508

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
1⤵
PID:3808

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
1⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044904
1⤵
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5099818791573572850,11861817110468179636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5099818791573572850,11861817110468179636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:5328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044786
1⤵
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,5095195077312992497,2209829842121400979,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:6380

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"
1⤵
PID:5040

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5f2c7bd0d1874e5baea533163a645e3d /t 680 /p 652
1⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
1⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044778
1⤵
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17166817839467386762,13589029054654599681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17166817839467386762,13589029054654599681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:5352

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"
1⤵
PID:4808

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044786
  2⤵
  PID:7016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
    3⤵
    PID:6480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3712339490211600559,7102860825522299523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
    3⤵
    PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044782
  2⤵
  PID:7064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
    3⤵
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1325367985957441063,17396931266799463097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6160

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a997b5e7876b428cb886bc3c365a6b4e /t 2956 /p 2928
1⤵
PID:212

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3568
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?linkid=2044782
  2⤵
  PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f84646f8,0x7ff8f8464708,0x7ff8f8464718
    3⤵
    PID:2956

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:7140

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\1b3e0a01f8784338b60fd7f29be6b8df /t 2600 /p 3948
1⤵
PID:5904

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
1⤵
PID:3608

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d49b034dc09d4d3ab3c7342c9f901ab8 /t 404 /p 3816
1⤵
PID:6580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
65598298436b077efc371b472fa4a917

SHA1
ccd884108f8e0ec2eb64cc26bec6aaf2e8e6d027

SHA256
4e2f4de0574da8b50fafb1cdc27188edbd7dee38f032a25e247270adc0a8d43e

SHA512
99b62106ad3a422ee4889d3e59e6ffd4974d6629074ea204b00317a3da66917fc0ac868a7e6afd4827fde5f6e5396794e66122c342028c46805512c71153ff46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
8260a540b46dcd2cdabca27e4668c684

SHA1
f6f6a2196bdaddc0b4be9cae6016dee73ee9349d

SHA256
64e41e33f114873bfa6e981b94fe3fee39d4566e68467709379aa8dd8ff408de

SHA512
ad5beb1f48e36ab5ee9b481533cdcf5ce077b0b2e4ce09f6816152ef9f058a1d4a87908cd8523d107ba160511c7dc13a18753ff0d3e718517a47255e3850d2ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B

Filesize
926B

MD5
ad5a26b3770a014ca8e38b8ba6ee4bb6

SHA1
c8ebe6fa2fb2997742436715b53fbc8f1e76539d

SHA256
2a14104ca27c954404d801d78c9d7a20a8030a3769eff56e19d785c6de9b29f7

SHA512
6c9faf9a1359041e9d39f1d5afd720e2de4f2afc2c3f3856b067ca05fba4fb2c8b5a5592e2d40df9ebbdf516474ea43ef5965973ec4a073b6af023d6ccb05a3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
416B

MD5
f5c698b351a0b9c54543191ca3e703c0

SHA1
3220b43a532680224a46289b4cee13a80ac88ad0

SHA256
22bcbd4586ce6c80d7b0b87a9e48de528a85a1813ad1b50d1582da3d291833a7

SHA512
095a4ec146d3958188d78efb5062aed646747c02f08e40c1c634131903f7ab77ecf672e99b604b55ecf60c9af1c258018e17929fe07da8fb78212defc132c91f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
69ebbd2e6a047136efe9fb8829f73f00

SHA1
bb0b45db7da44290dfa0824e0769de54b35d4bd6

SHA256
c2b29e0e8c1479e6cf9a2b5f804c8f6047c44061a4783ea6f880fab96f16a24e

SHA512
631f127199c8757e793c0e3ff9342adc544ddcdbf1db23fa9f5b66633ab22a392d943f22cad84e5008c248e010d849c799b7a18435c94fbae158fba767742ea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A7891822FCFF127E4EADADE9757112B

Filesize
242B

MD5
76e25b06780c532793a2dc14a0c558e4

SHA1
b2989cf584e5d2f555b23106b719a8423b5d72d7

SHA256
d806c9dbb9a38af0eabdf98e19a969e5ab166e01b0c5a6323f2501668accc7c7

SHA512
201e6c1ba32f05629ed85dc931cf6d625a60d65b2644db8efe777010d1e2b2049986e1542b22fd802d1dc2e1d0bb404ac62f4947e0b497eab8f53134a5f7bb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fe0b242a318fe0bb29709c1e7f3dccf6

SHA1
0719090088094b02a84a4db681d7e4687cfc4b4e

SHA256
0654c00a07294461ca86ae97c2c6d9b0cc783c632330e3561276d242e1d429cc

SHA512
e0f7cd04c2c7c8ce6d9cba72a3c74481403787c78ac8404cb731f7ed4aba2694b29e542c6ff09a41661541f3385a032561e9afcfbc29cd5768317473a9bc07fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fe0b242a318fe0bb29709c1e7f3dccf6

SHA1
0719090088094b02a84a4db681d7e4687cfc4b4e

SHA256
0654c00a07294461ca86ae97c2c6d9b0cc783c632330e3561276d242e1d429cc

SHA512
e0f7cd04c2c7c8ce6d9cba72a3c74481403787c78ac8404cb731f7ed4aba2694b29e542c6ff09a41661541f3385a032561e9afcfbc29cd5768317473a9bc07fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9970348ef1eff7302dc3a60d3e8149f8

SHA1
1da0f5097a8912b404ba56dcc87fc3b3c4e75d70

SHA256
dd66309ad181f07f5598cbca8276ff35d64e2568e1033989474a7215cff1573b

SHA512
8837c7b2bccc4af5519abbfa8b3fe8b73d4e98002fb8e5789ef497ebcbfc46805b06dad33ad950c74dabc28e23709b47ddf2faf6474715cc933e84ef4138baee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e3aac169517e0b1b4a0d2d0b5c7ee69d

SHA1
fe09ae979a15dcc34ceaf1ed5d9c1a0b271c2f85

SHA256
4c6700f6d266fae953cba68d04961e6b44ad9cb9fd7dec8e50a2a642908538f2

SHA512
f1a30093a3f397c501e0bf586245c58c184d6afe755c1b0a32ea8250c70ec0088d8df14693139d8a99bb4c29c7797d16909489e9f1696d111ae1bdf66cd6c3f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
060a73691c60d38f189f4689a687e46e

SHA1
89052bdba88941047332b3812002959be497df73

SHA256
de1f7d81bf0982b5186a14ea17a2a1c7897abf8b3f229d640472f2612b20af69

SHA512
dd9f354097b2ae580da39b4b93627faca784a890b02b75076a077e26350932a2b02e37756e3e19cfc04dbc8c04fac1cb76c8c2a2cbb596f713829a79a13ce6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
dddcffbf4c56f9ddea5ba0b6cefef730

SHA1
2ef86c790bbf2aa899aee5214e09838701a15ae7

SHA256
766442f47eb04502e7e68e30977dfe808aaddd4e50b10f07d606da2e0ffef885

SHA512
76736fccd5f3fd7ff1baa5008e23b6f02f7f3f9435bf65649eda62ad2cd7dac964fc54137b10879e567e71076f060af2058a685baf7cb952d1508d923793c58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9970348ef1eff7302dc3a60d3e8149f8

SHA1
1da0f5097a8912b404ba56dcc87fc3b3c4e75d70

SHA256
dd66309ad181f07f5598cbca8276ff35d64e2568e1033989474a7215cff1573b

SHA512
8837c7b2bccc4af5519abbfa8b3fe8b73d4e98002fb8e5789ef497ebcbfc46805b06dad33ad950c74dabc28e23709b47ddf2faf6474715cc933e84ef4138baee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
060a73691c60d38f189f4689a687e46e

SHA1
89052bdba88941047332b3812002959be497df73

SHA256
de1f7d81bf0982b5186a14ea17a2a1c7897abf8b3f229d640472f2612b20af69

SHA512
dd9f354097b2ae580da39b4b93627faca784a890b02b75076a077e26350932a2b02e37756e3e19cfc04dbc8c04fac1cb76c8c2a2cbb596f713829a79a13ce6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e3aac169517e0b1b4a0d2d0b5c7ee69d

SHA1
fe09ae979a15dcc34ceaf1ed5d9c1a0b271c2f85

SHA256
4c6700f6d266fae953cba68d04961e6b44ad9cb9fd7dec8e50a2a642908538f2

SHA512
f1a30093a3f397c501e0bf586245c58c184d6afe755c1b0a32ea8250c70ec0088d8df14693139d8a99bb4c29c7797d16909489e9f1696d111ae1bdf66cd6c3f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
ce57ac8ca2d4319517d1b4dcb1a702cf

SHA1
dbd93e009419b9d86dc90b85cb0219b8ae1308c6

SHA256
a4ae31311778d5f194b1d55ef6b14b926403158fd40e1c1ee9f8781800ef601b

SHA512
2f9d814fcefe7dff223d98b1dca12e147f4e88ec229631b96d7034ef235649a9b7a90c9c6dd10cde22efe68c378b0f48e125b6a2d3d030b05c96b11d53d0c9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
dddcffbf4c56f9ddea5ba0b6cefef730

SHA1
2ef86c790bbf2aa899aee5214e09838701a15ae7

SHA256
766442f47eb04502e7e68e30977dfe808aaddd4e50b10f07d606da2e0ffef885

SHA512
76736fccd5f3fd7ff1baa5008e23b6f02f7f3f9435bf65649eda62ad2cd7dac964fc54137b10879e567e71076f060af2058a685baf7cb952d1508d923793c58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
afbe2cbccce1f8572de1d9273caef04a

SHA1
406f94489ff50f4ead8ff3eaf7646facc24173f4

SHA256
cfbe8b736a4c091b477056392f17312e40b7ad2324adcc4c36750c4ee9799fb7

SHA512
bb5960ace9e4e8008f50c1c047603cf9f2a4576eaf2816da92dbae48a98e1c921b3122457959d0c10a3211995a57080c3b673b1b054f5656991ed48121f4a20f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638011026427542062

Filesize
5KB

MD5
0e5dd26aaa10301855450b482c99d623

SHA1
514ea017c7a007d9d8bf6cbc2519cb0d0b4e1b37

SHA256
afa6199f9408af9b81192a242a82f52682651f8235ea35f0abfa17dd584570da

SHA512
86ddc07dcf871e759fbffdab8884021eb71505f8bde73dab2871cbedc046af655dcb24a15a07010488f6159a55aa88fde76a37cba5c7be5999afe7545dea5558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\ADF50F4E-C422-4A46-B75C-9BDC014AEB1C

Filesize
145KB

MD5
94b0e1e0461848c618ad2689f042a03d

SHA1
8ce1998f9ee12dc7a4e59f4957a7413f0be55daf

SHA256
ef78c787ff0d4d9dc2b2795aadd5866f6e485428ee943bf665c7172cf7c67655

SHA512
162ad186957b2260df997751c5017c04bae74f2e6b65dd216228bd5944b02af2659b6496750a0ece6b0858dacff3f0d58a62e33c91692acb314e50ffb20eb541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E17E3362-EB98-4ADD-9145-08490FF9666D

Filesize
145KB

MD5
38189572757cbab5cc7cde90034dadf4

SHA1
c5e0ea71e2610f9857f6100c446e90dc2958dbb8

SHA256
f77cb3b100b1372e000055b0d25d122326645f27a12fe63c8a356c0b90da3357

SHA512
46f4f150c13556f85f9ec77de40a3877a16a937f7646c94f7fd6166818440ff9f07379f8739b4d160cbedf8ee9830d026cc6bb96fc5aade15dd003693d236729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F481DD6C-800B-4851-A28C-32CEECA6AFCB

Filesize
145KB

MD5
71185f914b31f898672ecc23512fa509

SHA1
1c46faecf4f1dc36d595dd18f8b8394387eaed3a

SHA256
58e76a209cca7c7ec255bd0943876455e847c40e766be5d1f188282f295ad753

SHA512
178b39407d74e7472a9bf604eebc77a9430c7a80185c5f60b3f868d4cca9558eae06ad609691c2b157a4339a5621cc8d45464534472bbc707ebaba8b462b4472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

Filesize
8KB

MD5
d0dcc3f3fcdb0df73834464cff404458

SHA1
7bcb5996630898a9bb9c5b1e4e4b9b8ab775b75c

SHA256
6fe7f24a60e78f519b9c0523c23cdc010b103813e45b198541ffcb5aa964c312

SHA512
b8a28803945190a2d44652f7c7613b48c3ea27b22647236d105dbcb4750cadd82dd0b3115372734aa845c84970cbf23b36af1805f2e8efe513c4935003900d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
3583203036dd9a407cbec0a2ca4c58c6

SHA1
1487f702f20c348beb1baa10f279e4781f481ff4

SHA256
778f3a864064e357d969accaf6b1842bb215a580f967ebdd2c84453f53c8c065

SHA512
990bc23d6d07dfa07d9693b66552dcfd3890b673c8e1c437e2a7a6cb6cbb5568785e2952153a163255934fa1603718b61dc6d6fe1b4e4e8b936dad2cdc69958e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
aeb01afe06e5499c4553453f35f29642

SHA1
cc697ad262c45dcecda5cd39713810b8fdf4dc9e

SHA256
43ae9c0ce5f65f2d2e4b4866b4736db1293e50ea06ac13a50ee2b9cfef0c64bb

SHA512
1b6b4cce8884fa0c222934ea1f1a4e8802b8e5e12a6b917bd1b6d22e8039794ee2829b80cf3c5db55ca8369b096b6f47b649eb1f43ec60dcd9a11071a60b28f7

Download Submit
memory/3808-144-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmp

Filesize
64KB

Download
memory/3808-158-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmp

Filesize
64KB

Download
memory/3808-180-0x00007FF8D50A0000-0x00007FF8D50B0000-memory.dmp

Filesize
64KB

Download
memory/3808-139-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmp

Filesize
64KB

Download
memory/3808-142-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmp

Filesize
64KB

Download
memory/3948-153-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmp

Filesize
64KB

Download
memory/4808-170-0x00007FF8D50A0000-0x00007FF8D50B0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads