cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012

Analysis

max time kernel
150s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012.exe
Size

600KB
MD5

0f681aaa03fd26f8396b460d6c68bfc2
SHA1

65caa438ec3ba734764836528d580460e63c04be
SHA256

cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012
SHA512

4deb9f563eb93be7bdb3fac3e828d860e81c7f66201544449d064d30c932f3ebdeba8905027650cd790e2f639cc351a3de7a2c8e419382a95bcd6a3ce11f1486
SSDEEP

6144:OWlMpTJ5LN/046UYVMXIRw/d8IPnbMJQeeaQeerlQeesQeecGQeehQeeUPgjPVFo:JM/7d6UYVoWKd88tgu8RFN4lYpM

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4064	ssasa.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
2964	msedge.exe
2964	msedge.exe
1036	msedge.exe
1036	msedge.exe
2424	msedge.exe
2424	msedge.exe
1928	msedge.exe
1928	msedge.exe
3924	msedge.exe
3924	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4064	ssasa.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 4064	4284	cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012.exe	81
PID 4284 wrote to memory of 4064	4284	cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012.exe	81
PID 4284 wrote to memory of 4064	4284	cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012.exe	81
PID 4064 wrote to memory of 4872	4064	ssasa.exe	82
PID 4064 wrote to memory of 4872	4064	ssasa.exe	82
PID 4064 wrote to memory of 4800	4064	ssasa.exe	83
PID 4064 wrote to memory of 4800	4064	ssasa.exe	83
PID 4800 wrote to memory of 4784	4800	msedge.exe	85
PID 4800 wrote to memory of 4784	4800	msedge.exe	85
PID 4064 wrote to memory of 4252	4064	ssasa.exe	84
PID 4064 wrote to memory of 4252	4064	ssasa.exe	84
PID 4872 wrote to memory of 4544	4872	msedge.exe	87
PID 4872 wrote to memory of 4544	4872	msedge.exe	87
PID 4252 wrote to memory of 5036	4252	msedge.exe	86
PID 4252 wrote to memory of 5036	4252	msedge.exe	86
PID 4064 wrote to memory of 3528	4064	ssasa.exe	88
PID 4064 wrote to memory of 3528	4064	ssasa.exe	88
PID 3528 wrote to memory of 1444	3528	msedge.exe	90
PID 3528 wrote to memory of 1444	3528	msedge.exe	90
PID 4064 wrote to memory of 1452	4064	ssasa.exe	89
PID 4064 wrote to memory of 1452	4064	ssasa.exe	89
PID 1452 wrote to memory of 1468	1452	msedge.exe	92
PID 1452 wrote to memory of 1468	1452	msedge.exe	92
PID 4064 wrote to memory of 4828	4064	ssasa.exe	91
PID 4064 wrote to memory of 4828	4064	ssasa.exe	91
PID 4828 wrote to memory of 5116	4828	msedge.exe	93
PID 4828 wrote to memory of 5116	4828	msedge.exe	93
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4800 wrote to memory of 2176	4800	msedge.exe	98
PID 4872 wrote to memory of 1676	4872	msedge.exe	97
PID 4872 wrote to memory of 1676	4872	msedge.exe	97
PID 4872 wrote to memory of 1676	4872	msedge.exe	97
PID 4872 wrote to memory of 1676	4872	msedge.exe	97
PID 4872 wrote to memory of 1676	4872	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012.exe
"C:\Users\Admin\AppData\Local\Temp\cb678025149a852948b5dced05cd31f1ee04dafa75573bdec04a049e2585f012.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Users\Admin\AppData\Local\Temp\~sfx003152D1A4\ssasa.exe
  "C:\Users\Admin\AppData\Local\Temp\~sfx003152D1A4\ssasa.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bc.vc/Zxawh
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc66ee46f8,0x7ffc66ee4708,0x7ffc66ee4718
      4⤵
      PID:4544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2180160452683672259,5362658967438383495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
      4⤵
      PID:1676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2180160452683672259,5362658967438383495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bc.vc/HtG8i
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc66ee46f8,0x7ffc66ee4708,0x7ffc66ee4718
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
      4⤵
      PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:5540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:5564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
      4⤵
      PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
      4⤵
      PID:5796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
      4⤵
      PID:5976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
      4⤵
      PID:6000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5628 /prefetch:8
      4⤵
      PID:5136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
      4⤵
      PID:5516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
      4⤵
      PID:5548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
      4⤵
      PID:5848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
      4⤵
      PID:740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
      4⤵
      PID:5816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
      4⤵
      PID:4776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
      4⤵
      PID:2396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
      4⤵
      PID:2272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10131892132518729107,12650964382360131380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7668 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bc.vc/ebVVB
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc66ee46f8,0x7ffc66ee4708,0x7ffc66ee4718
      4⤵
      PID:5036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7139815792705058875,3542395258171773106,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
      4⤵
      PID:1660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7139815792705058875,3542395258171773106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bc.vc/o32r9
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc66ee46f8,0x7ffc66ee4708,0x7ffc66ee4718
      4⤵
      PID:1444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3711836376866592922,4722094689417218731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3711836376866592922,4722094689417218731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bc.vc/sJ3IY
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc66ee46f8,0x7ffc66ee4708,0x7ffc66ee4718
      4⤵
      PID:1468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12922138511131110089,1381234065795662803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12922138511131110089,1381234065795662803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bc.vc/67hfn
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc66ee46f8,0x7ffc66ee4708,0x7ffc66ee4718
      4⤵
      PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11991861270197087427,4997716632031483319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
      4⤵
      PID:3432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11991861270197087427,4997716632031483319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5376

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
d740e465d799d860e58766b158f6dd3a

SHA1
66d074ec31061b1fff4d14d70fed8c90f019fd25

SHA256
fe21cc72b390d0b2d855e8968e4b3d4f2fff76fc7fc937a84e34dfa76d5b9546

SHA512
1db7929068db94ebcc51b59bc463d070165658223819a090edcfc7c0405bac467befe665cd9b808b8543fa7462aa33d54965a92fad0c9545b8bc6f560f328a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
d740e465d799d860e58766b158f6dd3a

SHA1
66d074ec31061b1fff4d14d70fed8c90f019fd25

SHA256
fe21cc72b390d0b2d855e8968e4b3d4f2fff76fc7fc937a84e34dfa76d5b9546

SHA512
1db7929068db94ebcc51b59bc463d070165658223819a090edcfc7c0405bac467befe665cd9b808b8543fa7462aa33d54965a92fad0c9545b8bc6f560f328a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
d740e465d799d860e58766b158f6dd3a

SHA1
66d074ec31061b1fff4d14d70fed8c90f019fd25

SHA256
fe21cc72b390d0b2d855e8968e4b3d4f2fff76fc7fc937a84e34dfa76d5b9546

SHA512
1db7929068db94ebcc51b59bc463d070165658223819a090edcfc7c0405bac467befe665cd9b808b8543fa7462aa33d54965a92fad0c9545b8bc6f560f328a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
d740e465d799d860e58766b158f6dd3a

SHA1
66d074ec31061b1fff4d14d70fed8c90f019fd25

SHA256
fe21cc72b390d0b2d855e8968e4b3d4f2fff76fc7fc937a84e34dfa76d5b9546

SHA512
1db7929068db94ebcc51b59bc463d070165658223819a090edcfc7c0405bac467befe665cd9b808b8543fa7462aa33d54965a92fad0c9545b8bc6f560f328a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
d740e465d799d860e58766b158f6dd3a

SHA1
66d074ec31061b1fff4d14d70fed8c90f019fd25

SHA256
fe21cc72b390d0b2d855e8968e4b3d4f2fff76fc7fc937a84e34dfa76d5b9546

SHA512
1db7929068db94ebcc51b59bc463d070165658223819a090edcfc7c0405bac467befe665cd9b808b8543fa7462aa33d54965a92fad0c9545b8bc6f560f328a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
45a9576e583594a3d7d8dc21648ccb76

SHA1
889be33a521c8dd668591dd670299d348135ed67

SHA256
14f01ad310343e090491e8203a46f12222fb8e46764d3c52c679749d51fe727e

SHA512
e9a230de9b5f7a1022cdd937db1ce2d7299136bebe259dd7c4f7e03d1cb82331ca3c4fc3df73698080025d1dfba0c1d4e02c3584bfc90059465419b65ad3eb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
45a9576e583594a3d7d8dc21648ccb76

SHA1
889be33a521c8dd668591dd670299d348135ed67

SHA256
14f01ad310343e090491e8203a46f12222fb8e46764d3c52c679749d51fe727e

SHA512
e9a230de9b5f7a1022cdd937db1ce2d7299136bebe259dd7c4f7e03d1cb82331ca3c4fc3df73698080025d1dfba0c1d4e02c3584bfc90059465419b65ad3eb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
45a9576e583594a3d7d8dc21648ccb76

SHA1
889be33a521c8dd668591dd670299d348135ed67

SHA256
14f01ad310343e090491e8203a46f12222fb8e46764d3c52c679749d51fe727e

SHA512
e9a230de9b5f7a1022cdd937db1ce2d7299136bebe259dd7c4f7e03d1cb82331ca3c4fc3df73698080025d1dfba0c1d4e02c3584bfc90059465419b65ad3eb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
45a9576e583594a3d7d8dc21648ccb76

SHA1
889be33a521c8dd668591dd670299d348135ed67

SHA256
14f01ad310343e090491e8203a46f12222fb8e46764d3c52c679749d51fe727e

SHA512
e9a230de9b5f7a1022cdd937db1ce2d7299136bebe259dd7c4f7e03d1cb82331ca3c4fc3df73698080025d1dfba0c1d4e02c3584bfc90059465419b65ad3eb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
45a9576e583594a3d7d8dc21648ccb76

SHA1
889be33a521c8dd668591dd670299d348135ed67

SHA256
14f01ad310343e090491e8203a46f12222fb8e46764d3c52c679749d51fe727e

SHA512
e9a230de9b5f7a1022cdd937db1ce2d7299136bebe259dd7c4f7e03d1cb82331ca3c4fc3df73698080025d1dfba0c1d4e02c3584bfc90059465419b65ad3eb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
45a9576e583594a3d7d8dc21648ccb76

SHA1
889be33a521c8dd668591dd670299d348135ed67

SHA256
14f01ad310343e090491e8203a46f12222fb8e46764d3c52c679749d51fe727e

SHA512
e9a230de9b5f7a1022cdd937db1ce2d7299136bebe259dd7c4f7e03d1cb82331ca3c4fc3df73698080025d1dfba0c1d4e02c3584bfc90059465419b65ad3eb40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
45a9576e583594a3d7d8dc21648ccb76

SHA1
889be33a521c8dd668591dd670299d348135ed67

SHA256
14f01ad310343e090491e8203a46f12222fb8e46764d3c52c679749d51fe727e

SHA512
e9a230de9b5f7a1022cdd937db1ce2d7299136bebe259dd7c4f7e03d1cb82331ca3c4fc3df73698080025d1dfba0c1d4e02c3584bfc90059465419b65ad3eb40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b3ba7c5cb90feaf2e4656ab52dac38a8

SHA1
94b0e9771ec7496fd3396c6deb911ff24d19d1b9

SHA256
4aa9d349d1ee5e4e220f7ec9ba0ca91e2a1a44ca213a7cc502711c5533ba74e0

SHA512
a6c80c2dad7ba019ffbc8991104b5ba8d37ed371ed476e1eef099e0cc3c2d946572794b3bd94b6b4d0b4b8bd859ee2f52ad2a3de4712e78ad943e244bf0a9e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
354069fe88a3c8076d39fe9b6c4c87a6

SHA1
367651b9922a4cb26029dac0bb272a6cf70ab9ce

SHA256
9ae86833b281f1d7d2cdfda2c960826c41f40e0329ff7c7da2d9854388204ebf

SHA512
ba39ad00599febd0d0065111344ca0472cba1b86f4c2442d0f7f6e684ba652d88ffe093b271fe1ff8800aa220ce0afad97fbdd13e55fd6fe9846c66961172f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
08bdf487d6b5cb69ce7c6e7b10fd7dc9

SHA1
354b1cfa244faf539be062cce5268f07ba7f533c

SHA256
63f3d3f8b5000c9b7399d6eec2d44c5cf6653878b1532edc2a161cf0e503bf01

SHA512
9e2c30df805877f629c8e7b9d0db122216ed545b1047dd27fc46126de66524240e319f44b21be1242035944aa066412adf2d9aaa83d48c36bcac306b8f9bcc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
354069fe88a3c8076d39fe9b6c4c87a6

SHA1
367651b9922a4cb26029dac0bb272a6cf70ab9ce

SHA256
9ae86833b281f1d7d2cdfda2c960826c41f40e0329ff7c7da2d9854388204ebf

SHA512
ba39ad00599febd0d0065111344ca0472cba1b86f4c2442d0f7f6e684ba652d88ffe093b271fe1ff8800aa220ce0afad97fbdd13e55fd6fe9846c66961172f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
354069fe88a3c8076d39fe9b6c4c87a6

SHA1
367651b9922a4cb26029dac0bb272a6cf70ab9ce

SHA256
9ae86833b281f1d7d2cdfda2c960826c41f40e0329ff7c7da2d9854388204ebf

SHA512
ba39ad00599febd0d0065111344ca0472cba1b86f4c2442d0f7f6e684ba652d88ffe093b271fe1ff8800aa220ce0afad97fbdd13e55fd6fe9846c66961172f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
354069fe88a3c8076d39fe9b6c4c87a6

SHA1
367651b9922a4cb26029dac0bb272a6cf70ab9ce

SHA256
9ae86833b281f1d7d2cdfda2c960826c41f40e0329ff7c7da2d9854388204ebf

SHA512
ba39ad00599febd0d0065111344ca0472cba1b86f4c2442d0f7f6e684ba652d88ffe093b271fe1ff8800aa220ce0afad97fbdd13e55fd6fe9846c66961172f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
354069fe88a3c8076d39fe9b6c4c87a6

SHA1
367651b9922a4cb26029dac0bb272a6cf70ab9ce

SHA256
9ae86833b281f1d7d2cdfda2c960826c41f40e0329ff7c7da2d9854388204ebf

SHA512
ba39ad00599febd0d0065111344ca0472cba1b86f4c2442d0f7f6e684ba652d88ffe093b271fe1ff8800aa220ce0afad97fbdd13e55fd6fe9846c66961172f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\~sfx003152D1A4\ssasa.exe

Filesize
208KB

MD5
b8e0624e269b726fbe51724ef85b56a4

SHA1
5102f5adf41ddb1e4ff78056e9a76f64b5a5706b

SHA256
06a74d23b628ab9d077346c81a2b91889e44945e48dbccec9b7a4aa433f089ba

SHA512
889ab2c690a4098d6af403a08df001b95a1f6540d637f9a625af561b8ea8c6359b54fe7f32d61c510c084d78f1bceb781646a5d28e7c052c198a56c2f76a1136

Download Submit
C:\Users\Admin\AppData\Local\Temp\~sfx003152D1A4\ssasa.exe

Filesize
208KB

MD5
b8e0624e269b726fbe51724ef85b56a4

SHA1
5102f5adf41ddb1e4ff78056e9a76f64b5a5706b

SHA256
06a74d23b628ab9d077346c81a2b91889e44945e48dbccec9b7a4aa433f089ba

SHA512
889ab2c690a4098d6af403a08df001b95a1f6540d637f9a625af561b8ea8c6359b54fe7f32d61c510c084d78f1bceb781646a5d28e7c052c198a56c2f76a1136

Download Submit