hxxps://yadi[.]sk/i/NoXfWMswCQjDiQ

Analysis

max time kernel
36s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2023 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://yadi.sk/i/NoXfWMswCQjDiQ

Score

10^/10

macro

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

msedge.exe

description	pid	pid_target	process	target process
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	5520	3844	msedge.exe	WINWORD.EXE

Document created with cracked Office version 2 IoCs

Office document contains Grizli777 string known to be caused by using a cracked version of the software.

macro

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Карточка предприятия МСБ+.doc.crdownload	grizli777_cracked_office
C:\Users\Admin\Downloads\Карточка предприятия МСБ+.doc	grizli777_cracked_office

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5740 2104 WerFault.exe

pid	pid_target	process	target process
5740	2104	WerFault.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEmsedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232567583339967"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

3844 WINWORD.EXE
3844 WINWORD.EXE
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid process

4308 chrome.exe
4308 chrome.exe
5952 msedge.exe
5952 msedge.exe
5520 msedge.exe
5520 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exemsedge.exe

pid process

4308 chrome.exe
4308 chrome.exe
4308 chrome.exe
4308 chrome.exe
4308 chrome.exe
4308 chrome.exe
5520 msedge.exe
5520 msedge.exe

pid	process
3844	WINWORD.EXE
3844	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

WINWORD.EXE

pid process

3844 WINWORD.EXE
3844 WINWORD.EXE
3844 WINWORD.EXE
3844 WINWORD.EXE
3844 WINWORD.EXE
3844 WINWORD.EXE
3844 WINWORD.EXE
3844 WINWORD.EXE

pid	process
3844	WINWORD.EXE
3844	WINWORD.EXE
3844	WINWORD.EXE
3844	WINWORD.EXE
3844	WINWORD.EXE
3844	WINWORD.EXE
3844	WINWORD.EXE
3844	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4308 wrote to memory of 2260	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 2260	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4364	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1156	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1156	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 4620	4308	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://yadi.sk/i/NoXfWMswCQjDiQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb16a9758,0x7ffcb16a9768,0x7ffcb16a9778
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:2
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:8
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:1
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:1
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:1
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3392 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:1
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4844 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:1
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:8
2⤵
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5664 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:1
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6032 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:8
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:8
2⤵
PID:512

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Карточка предприятия МСБ+.doc" /o ""
2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mossb.ru/
3⤵
- Process spawned unexpected child process
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb08b46f8,0x7ffcb08b4708,0x7ffcb08b4718
4⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
4⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
4⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
4⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
4⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
4⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3756 /prefetch:8
4⤵
PID:5684

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
4⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6c6ca5460,0x7ff6c6ca5470,0x7ff6c6ca5480
5⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18309062561381151718,16626208626050117325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
4⤵
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1876,i,4580802502368403773,14452527066195247691,131072 /prefetch:8
2⤵
PID:1992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4568

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:512

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 2104 -ip 2104
1⤵
PID:5692

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2104 -s 1668
1⤵
- Program crash
PID:5740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x154
1⤵
PID:4152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3826EF197DDBACAEF7AB6197C9EBF67E
Filesize
503B

MD5
5ca73d215c67fc0944db64b443eb9a93

SHA1
589ddc70728025daa46e1a7f5daa9bb1f31e3a4e

SHA256
607ff8c6ad2066f2a96aa5fadcc981dbc25f0bcb11811044b41add7292aba2dd

SHA512
a193c14cfa2dab11ffda7fa05b43d8f6f945902f638cd894151d03b68b7770223cc855076f12e1f24e848e3bdda7306628af3394868b0f0da08b9d573474d2eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize
192B

MD5
005e09a29285aa64b934ce00150ec50a

SHA1
a559bd231b261799ba6115b80f1452a5034fa4c7

SHA256
bf5ff50a81323e835c98201fe16acdb9f32fac9863a05d940c7157658f9d1872

SHA512
ce1e6e1856c7ebf218706ab61862c023ca05cfb678ccf8a1d43bae89f0b17892dcd066d749d900361076cff36d93f1cf11a675db602b6c9c1b233371c4bb9793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3826EF197DDBACAEF7AB6197C9EBF67E
Filesize
556B

MD5
403ec4fb64d386743fa832d51d4c1e43

SHA1
964bc2632a2533bd461f10dd4431ac4041b99f01

SHA256
c564fb5dcea0087c66e2afe5c5c9d7b86586dfb6dbb48bca2dff91fd3816dd90

SHA512
160c860a8f571d1198d3b53ff23beb23189445cce2e2d32f88c4fc0b9fcefadff0066c64ad19f4f1de3cef0b7d003a197cb4674726d2fca10c8520b871378226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
252B

MD5
2e682a3ffce6dd5ae36b14b6115cc998

SHA1
5ef5a034cf864c0e9f584cb611f39d567c28bb95

SHA256
8d8735b27c96e21225aaabf8becb2c3607988f4fa3a559eccc9a04f70799f42c

SHA512
0bbaf675ace9008d1f13799ad3cd38e6d6a7e623c9359f343b2d245adc492cfcbb8de600a90e90e82e54b394b7950dc4c3ca85363c4110060c6ea3deaec2dd08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
56KB

MD5
eac3e9e31b3d1530dd82d2f86b857826

SHA1
909344515aa194c50eb90bc0f80e7440c0bfbac9

SHA256
9e651ecbfe861c3ef5481f88cafc7de9e646664e91d4b408ee8ee7c7b9b5b230

SHA512
31ed19bd736eaebafc54ab20b90da0a5caf1dccf9cbad5b593159658947f622a8f188e1bfe6f899905963c0fb46ecad467a9dc204157c9ae24c567b093a82905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
006254afc91cfe5670bcdf29735670fc

SHA1
c1e0e2b92b334486119080d1c10bb79362a7ece6

SHA256
c2ced3715bec0e16b1393e17b31cb74db2b9edcae6f08e55f2c0ed3e3dbf7186

SHA512
73e1ba69e642d0f632e1bc9601d04459dcb0864e9aa2c3f21c35e1be4dc12e4f5cf07ca443afda015013e5414c594fa22094a861b99ff4e2f24b6dda28cdd66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8a02f99060ab1cdbd2040786ec2c6653

SHA1
e31c7a34365ebd92750605cd1d9d91e301a5b0ee

SHA256
eba9ba1f9c76a818a4e816a37d038a62f32f635899f26543b5a11873ccabc870

SHA512
648a8754f81ed605f6020c68e38fd21d345261d9bb0ee24653896d71543d1501d8a73b00ddb59ce01eb2cbd0caa391c2fd1d25b7888007234daad9545741f080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
91300205dab5503f0cd9c4ffc4ec3ab5

SHA1
122a1bd31ae23e5e6df7353dda6082d161923cc5

SHA256
30e5bb70b915606d31869c80a8ab3e1983a942e67204bb82812fae2378f826ba

SHA512
c94e7eb71d155079540885517a6ed9db46bbbb8beb8dbc26a663b465238e0cbb48e76285f4a2217140b2497ea3bb601e0b65873413805c14592302bb2634f5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f2a3035e43f0af11fa89c194be61bb8b

SHA1
537ef8e03bff7284f88a859eaf2a83bb4ef06ce6

SHA256
ad1b593fd959680c0e714fce731df75ed8c8b74c356b378572349b9e94605371

SHA512
1342a5e483db8e14fb6d4c75c49fddaed98f2321de8e87575c6c79f181ed2decd016b0aba3d78b75788a275d07ed85696e9b793e6d0ae7f5dc6327d63eae20c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
3c0676d07b47a39c39990d3af94b5eca

SHA1
42e43cb40ebf1ecfbe0f6537dcc47c66691615c5

SHA256
23226ba6f496735ad91e6a515d1977567c430010b1b95a5989477c342459eee1

SHA512
d60a73f851c2fb0fc20e6dc63e13efa2eb722760ba2937a93632a3092434d38c025f28bb53b77103e2290fb885608ad4f5d656c4dfa5a802020a29d38b001363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
64e5a884f254af13cd05d56868a5264d

SHA1
71e7e2883d9f19a8dc810ebda8aa6ece56eac64f

SHA256
00c8c49129154a001c60f24d41e48ef4bb2371be5666d73663287076fab54e6f

SHA512
573b8e05db4b63398c088efc26befcf3c914d48881fc4ebce7df1371ff6450739db8e2f862d5bb6e7b44baaf044eb5b1c4a798350c8bc491f93f0e94113ea022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
64e5a884f254af13cd05d56868a5264d

SHA1
71e7e2883d9f19a8dc810ebda8aa6ece56eac64f

SHA256
00c8c49129154a001c60f24d41e48ef4bb2371be5666d73663287076fab54e6f

SHA512
573b8e05db4b63398c088efc26befcf3c914d48881fc4ebce7df1371ff6450739db8e2f862d5bb6e7b44baaf044eb5b1c4a798350c8bc491f93f0e94113ea022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
132KB

MD5
d9d44cb5b86daec46a3368d1494fa316

SHA1
37797b95da916ed120f0d4fdc1bc0106bb9cfc8e

SHA256
3c99049ec58257ce3ec6bc23fb9b635b3b1994bb2d7c40f65ababefb24bb0cdd

SHA512
7611072df0642c49086622c470334c6f90882da8a42aaffbdf1d8d6718fc7f1542c8b8356dc5ae01b9fd471aa5fd7bc8d35008f8c3e92d23035e08a1d9fe7f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
fe94705c429b414eab2f6562003967dd

SHA1
5258bfd0b8ff41dd9bc2c2b75c9dea239c2e2e4d

SHA256
db6b26c9de6aa7af45d02c07a81678698afb368445de75d25568e5bb2b89e059

SHA512
d7995a02ac87d98cb53726887bff5b2b74ade7e4b95a2b894263f99b81dd49fb3ea21bd7b2b3aba2a28af72cc84d16b9f1e961c4a05e07c17ef796c471f7cb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57543a.TMP
Filesize
48B

MD5
0fb50706b8553b61664e65c47dd1deaa

SHA1
1d05b5cd239628b65d2be67b0a869bdc60fad970

SHA256
657b8d4e8920b6d9e140a02e995b1435837ddbf88af8a357650f03bf23fceacf

SHA512
df916620f62d6df73af6268d05353d75b1db0ee769089afcc35f0cfbfcbd77ed84d687d5f50315680f78927f3fda8fab0529a8111afd92cc31a85a154a67130a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
049f02b4521c90886fab6428c41784e4

SHA1
6a225b173b715efeadc8323a64b75a00ca76e4c6

SHA256
b6175c3a8b308c3d7c82145ebae0b2cdf7959a2feae52cf4ea4d09a00047395e

SHA512
db106d5b2bf7878ea71ce2f8eebbe27e690cff2439eaf0d2e60762242d6f3be41e7eacc91e3e9b984dd7325cf165bdd4b0d76574c995f5a77bdd92e96a48e63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
9399ec8934d7bea4a9848ce1a1ab4e72

SHA1
86f3d0e94848c10c5c1cb2711990feb7f07ab792

SHA256
e997b6ccaaf8b4d14dd7dd9182c195424ff9f14e9b12b36f14562f54a87d502c

SHA512
b02142d1749c4fe17d791f8af3c554ac9b3bbea6d1d7955122f9c2d1146014370f23155c88cd5aa802c4ed547384ad99b5d7544eaa4ad1f21022a11a5aca401d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c8b3188ee4ea8351e55c1e9acb05e1f5

SHA1
facab0a17d61623678fe4b955322120acfb24011

SHA256
dd1e670365418d7fcb9750d94a2e83e3621e9ca7709fd9366ad18634b2cbeed1

SHA512
ab4b72f28f2b175777fea31514b63fb0c0d3eeb512ce03da78ad5bf0b43e6657ee330155e26e2e0808fe955dc803924f66b07275bbb1d4d841faa759096e62ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
c3e476480ff05fa3ebeb4d988a97164a

SHA1
52f579e94610cd40d58e175559344703a7dad0fb

SHA256
ec5a29983f1b64a6101440b4cd9a3c5a7410309e29a451aa392e1efb4ee4732d

SHA512
15abc047537353b084b49455fd27cb2ae0e48b42f84d486beb235d7c6a5fb109c271d5646549a453036a4fae7463633b0275e729908d6366ccb638810296a074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
522a78256e7d8f9d59918ec0cbd69077

SHA1
496b6dcbd3d044967778cf5bc7878b1d542cfd7a

SHA256
6d30382da5d5cc7a931f180b7179090405d79b4c14951e1dd0f536a3a45ee889

SHA512
55fa85d2b1e4fb456743c8bc0246a75b34707034fc234729fe0ed407f148c3f90fcb8fe5200ae901263d7e94e205216ba12654d9cee6da70f44d77e70f35c530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cd191091ab304735c4b95be7f3320759

SHA1
e7e9bbd65033193f8045c21cfb7c0d99359edf59

SHA256
ce1d28ed580f5fce15bc2c14f9aa5556b559bb5acfe70178881f59c2ba055176

SHA512
f9adbd92dc2ed27183eb8e723d7ac8319315a880bcd57245254c34e820056b7cd4874415adfec96419c8ff82f732cb52e7f9b3834f9a1e11fda4bd9a1a50cecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
65f63f825c3f3086647c60ea4fe3e2c3

SHA1
11468c4f4b5642da81c9ea321eea710429e0a82b

SHA256
001e7c2dc3e87f5b95158ba37cd8bcf3fefce687d224db9cc643df727e0c6ad5

SHA512
cb5fa5572abceca3e2fa7f0bcd1b17777c06e342bfa818556b1848622194a09c3c8a55828571fff40e8f17763b2a72be2a1c5c8da61643dbe24c9fd8833c70cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57444c.TMP
Filesize
1KB

MD5
e13735b22cfe299c96ca592359b2f01b

SHA1
8c3f5b4493c021544463d8931375c2b2389d8ea0

SHA256
95e05d9843a7b1ee812b64e7418fdbd1295ba8661b2257a879285bb0512c66a2

SHA512
2bf5dc5b7b05a20874808fd1cfb473cfb3dbe5f17d9a7534d43d212216652eaa1218511a80f7ce8c0a33e8fc8dcbfeb2cec92ff107ccc3e85341f772327728bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
ace2a4eb001cc5e24462fdfe79819170

SHA1
5e3d8d874e6b18819e0c9e546b5e2496782209dc

SHA256
085119ba31e108c9ca7d0b3d25451b91643ace0686305391c583b8cc6e63e0ed

SHA512
19b57c034d7fac67ba565a6ffeb4cb89d29a9fe5b2ec285593a63f54e20ffef00959ddcd57e0779b25baf05fb1f783ab571f2678225cf5c08a566e311bbd8856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5a7a4a8d2d4511781a0cd1832abaf894

SHA1
921c2323a4dc15438840074e57583a6ac5dd3d98

SHA256
998a8d13098cb9f4d40d01026d502afd9327643528c5a011f3a21c71091ab1bd

SHA512
3a0bca258b84a24ff10688f4ee9f2c06bfcf6f1922e13cf1232f2e12d9b4b6c6b6f1e8fd33ff458722bd5154f6d9faa4b723511c57cd3c2dfae531e271a73d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8f6ec97a22078e4df9565da30996d16f

SHA1
7b56684ecbc0bd30ad3666f4449bdcac97ac3648

SHA256
6f2240d5f3152532db9faae2bcfd1a16b1650fd45d1e5b1b87d0be9ade51ef0d

SHA512
68c36151264d4475e76a7410fe68ec9c62f1ab4de3d6177fe6d8d8fe2f0f525dab10cb8ede4d176c247153a6f1d4ff2e199c67543ee404ef4a2c308cf70a4c71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
Filesize
283B

MD5
8121c7432134c5c2cbb9064845d0c3f1

SHA1
3196612f8019020d51d9b1ee4162adfc25595666

SHA256
8dcab28faa3087baed3f8eff72ab862fcdbb586135957d810beb8b7dbf016e18

SHA512
30dc95c44d3103031a1e17140e7f8c71707603fa6bd81412ba32f67ec8d957fa6b48436d174f67c7f666956353c0ca158ffa9f251244eb5f957ee26afcfaa93a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
c40ff6c9b98bff83637c0e9b6b19a294

SHA1
434579768fda299c9e7a2f2e11f4650ea5907e84

SHA256
d7f6306a3c764afac48ff489ebaa582aad0775e1237cdd11b2a2d16ef45d2038

SHA512
b9153d00df310cec511544a8bb4271bfbde6bd2527aa775ce93e982e5382887347a1c24eea2f69cba70f6e53c7f789d2c6ebb90844562ba63182c0d45cf076b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize
3KB

MD5
db82454287ebc31124671449b1621982

SHA1
3de38b5d89adaec1aec5afa40fa88281b8262391

SHA256
357ac9374c179189d3456133465d283fbdb596489dd1f3965a15bdd26395be94

SHA512
58429359329a2e0738dee6b20c3a25cfed5c29376b0dd707fba89a8ecf3be86d3c73c35c576015c45966e56dce7a0dac5847bd13ccdd6587172db808a28470a7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize
3KB

MD5
a9fe86772137e236450be23fa522cd93

SHA1
b2d077f155c5769dcefc14a16c1c7cb095db64d1

SHA256
51cfabff8fc600b1ab49136a44102ef6a18ece276aa50127711036068f10291c

SHA512
d59ca16621eeaaa15e45de41a19f31ed1575e2da32b89bb2e6f17764f5a2803e0afea66524f8a21871a789e40cf922d42fcd7bf559b6724b3747d8f700d48d4e

Download Submit
C:\Users\Admin\Downloads\Карточка предприятия МСБ+.doc
Filesize
30KB

MD5
224d2cb92d63f05fcaf2418722bb4c9d

SHA1
7661d9f2afd9fc6e50161fb9723842d0fef733b3

SHA256
b252a39233708a412af8ee7497fd0587095b505ef71d9623bbba61c742f39bee

SHA512
e89dc50594abfbf43c2df37b50fc943dcd2ea31e7de31f54249b643c7ea44b4c86631d64295b63fa44bb277254f00004cc26eec76e8f582810a8d6173ee708c3

Download Submit
C:\Users\Admin\Downloads\Карточка предприятия МСБ+.doc.crdownload
Filesize
30KB

MD5
224d2cb92d63f05fcaf2418722bb4c9d

SHA1
7661d9f2afd9fc6e50161fb9723842d0fef733b3

SHA256
b252a39233708a412af8ee7497fd0587095b505ef71d9623bbba61c742f39bee

SHA512
e89dc50594abfbf43c2df37b50fc943dcd2ea31e7de31f54249b643c7ea44b4c86631d64295b63fa44bb277254f00004cc26eec76e8f582810a8d6173ee708c3

Download Submit
\??\pipe\LOCAL\crashpad_5520_FHMBOTZNFDGEYKNH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4308_BIWWUSLSJUJPMAKB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3844-288-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-289-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-290-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-307-0x00007FFC8D070000-0x00007FFC8D080000-memory.dmp

Filesize
64KB

Download
memory/3844-286-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-306-0x00007FFC8D070000-0x00007FFC8D080000-memory.dmp

Filesize
64KB

Download
memory/3844-287-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-894-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-895-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-896-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download
memory/3844-897-0x00007FFC8F230000-0x00007FFC8F240000-memory.dmp

Filesize
64KB

Download