daffc7cbafe070479ce877401a239cc46b8ac82e031ccc400a7e4a2e9226cd20

Analysis

max time kernel
363s
max time network
348s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2022, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Autoruns64.exe
Size

2.8MB
MD5

2b2d8df5fc1cab874d05c4a820fbcde3
SHA1

458823db9b9b1850cee05d2d18c7fedca0875a3f
SHA256

daffc7cbafe070479ce877401a239cc46b8ac82e031ccc400a7e4a2e9226cd20
SHA512

1cfbb228ecafb8c9938eec6a9f33b148a6855ec42171e2f913a9ed1ef81b6f19e1dbc764898e4891682a95991df629e6d36d863ee43d0ad3d336d1cc8554d1ee
SSDEEP

24576:Dv5JUJlAVnYiX81HzSNhaO0UmSX3zhr4nQD6nn6inMhK69LqvVZYHkVW0qwtyI:Dv5J+lAe3dzSNhaO0C3i36inorWvZFtz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b688518687e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	Autoruns64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Autoruns64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b688518687e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	Autoruns64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c00000001000000040000000008000004000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Autoruns64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Autoruns64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	Autoruns64.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2820	Autoruns64.exe
2356	Autoruns64.exe
4056	Autoruns64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2820	Autoruns64.exe
Token: SeRestorePrivilege	2356	Autoruns64.exe
Token: SeRestorePrivilege	4056	Autoruns64.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2820	Autoruns64.exe
2820	Autoruns64.exe
2820	Autoruns64.exe
2820	Autoruns64.exe
2356	Autoruns64.exe
2356	Autoruns64.exe
2356	Autoruns64.exe
4056	Autoruns64.exe
4056	Autoruns64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 3112	2820	Autoruns64.exe	86
PID 2820 wrote to memory of 3112	2820	Autoruns64.exe	86
PID 3112 wrote to memory of 4456	3112	msedge.exe	87
PID 3112 wrote to memory of 4456	3112	msedge.exe	87
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 3796	3112	msedge.exe	90
PID 3112 wrote to memory of 4488	3112	msedge.exe	91
PID 3112 wrote to memory of 4488	3112	msedge.exe	91
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93
PID 3112 wrote to memory of 2560	3112	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\Autoruns64.exe
"C:\Users\Admin\AppData\Local\Temp\Autoruns64.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virustotal.com/about/terms-of-service
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffdf4e46f8,0x7fffdf4e4708,0x7fffdf4e4718
    3⤵
    PID:4456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4575939550797274547,4290309371192258427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
    3⤵
    PID:3796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,4575939550797274547,4290309371192258427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,4575939550797274547,4290309371192258427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4575939550797274547,4290309371192258427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
    3⤵
    PID:1152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4575939550797274547,4290309371192258427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
    3⤵
    PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,4575939550797274547,4290309371192258427,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 /prefetch:8
    3⤵
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,4575939550797274547,4290309371192258427,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5980 /prefetch:8
    3⤵
    PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Autoruns64.exe
"C:\Users\Admin\AppData\Local\Temp\Autoruns64.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Autoruns64.exe
"C:\Users\Admin\AppData\Local\Temp\Autoruns64.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606

Filesize
2KB

MD5
8a81bcc116bc578ab04ab45f094609d5

SHA1
fb33912213060819a164b5e9325e2c3e35da1eec

SHA256
d0640fd9de99f85c31d7642cd498ebfd1f0538c1a58767a7f87b7efb9d4451ce

SHA512
c0dbb26e1087308ea5b7936df49124aef61cac6137daee13fd399697223298f7c1dcc8d100044e5b281dd0ffe42dc103dbcb2af2852cb3f3b881ecdf2eec339b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\201DA8C72BE195AF55036D85719C6480

Filesize
484B

MD5
18f279608edfa3d67c17b337e3b21167

SHA1
73326e14e9adab7fdfb8d65339a6bb9fe3a58aad

SHA256
b3c920304ae5d590448de2d3457b32fc335ae026c86e63ce617d3419f5b9dfe0

SHA512
8dcfdb9cbe0005a4be37f1e6fb86a983356c1dd7e980f2afd4ea65be5d6257c60805f757f1eed1a43d15075a23e41ffc93dcf8884eed65d1511a0fc16d584398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
471B

MD5
f25828e4900aaedc963f1b469b6a93bd

SHA1
1e1958ef303fb28473671939a1f61ef8137105a9

SHA256
4c11cdf6f58904d53df86e658dbe643e35713716121d60da0ea71d4a8a34b24a

SHA512
b71593cd9a25d29a788c250aff2b4afb7d84fb19e8c0677ac28c386915466ac24345826529bb7382d68fa7a252ba3e95cb41c7928d0cf3b0822ea811a29d2338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_A83A97708CE96FC26E06A3D724322DEF

Filesize
471B

MD5
ce7be2bac3f91d7ee5e79d43e62a4fbd

SHA1
f07aa06fd01685fb36c07d8c9ce63a88b73b07ba

SHA256
674a8b366b913c155a81a6a28c99dcc87c18cd2b104184d34fad4815732a7525

SHA512
a36779f3a3d955f403112e85f64ff0dded745014c2f3eea8c90412ae21cf8987f897ae7e86e2eb4eeba8791cf29e97e1c9ca81eca64223b71afff251c46bf0f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_F0D50A4367A618DF509B0016B83B8E3C

Filesize
471B

MD5
95efff47a0001efcf2d5c03bc1fd4d4d

SHA1
7f79fae2e44e6bac098a1d65fcd8baabdda1036f

SHA256
c55cabeaa9ce245a846180f57701782cd272ca7ef20f22c24ac35a5bbc5cf8be

SHA512
d4c28d9d9f985b56dc43f6cb4df6ab656d8902e7c112c458bad2ea085122cca6b570e6e30853eaff7190e155e5818193c618d3dd8e60133e15921482aa295602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
471B

MD5
1d7621a2b637896e21a4fad11a11ad0b

SHA1
8f6d24936f5c68e1c7d5db9e69feb8f34a6de04c

SHA256
efdf5dcb7f71ee8765738a60555be655dd84204f096f82aae81378cd04b467de

SHA512
3a2d3e204202492f08ae2ec118be5e6784718113531696025bdba279d68d2aa806cb3b7b0a4f1aa0fd09ef56680f92f2de17ecf579fdd5a185f9065fbc1db8bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
1KB

MD5
bfedd828d51ab868b101f33560e04199

SHA1
9cf3800c24547ba851d95957430933833d083d63

SHA256
e9456d1cedabf93daf61091be53cc0bf094506988aea079aeb87f53da800594f

SHA512
294df3233f53ba42cd327e27fd82fe40b04f98e873738d60f62e3d8c772284d8b31908eb8be3b8f187c0d8eee2b502031e3423b719f9aa20f8c768f456da31b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC

Filesize
471B

MD5
fdfd15c50bf53a335fea1333a985fdfa

SHA1
dc230113b27784cfcf5a06d45173ace9d0c73867

SHA256
1cea52a9c370ed38cf8374f5f8a1b9867b080c1f81a0d1bf3768ef569271d915

SHA512
994bd5bd6b2b3f3ad38fa2f63c683710d6bbc535705174339c125b2298bca7dc829180fd8dc0c7a9d174341b0f54ddbec34faab2f33d02befdca443dec19c632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

Filesize
1KB

MD5
5b4c74acbc6f427a13b627dece596b19

SHA1
a67cef74837b924c7f7ea24c76141bee7e01ad81

SHA256
f784c3bf49af7f15d4439d27f641103cee9a4a0c7b88f892c03f19c13a3b8f67

SHA512
80425be85a5607fea1536f77eaa7febbd2146f5b5aad970d0d75575262a6f4ee8d71a69ced79fa9f0f0f427b92c7da74610742aa9502a703bebdf03e17e311b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FAC339B39377A299AE11B4D208AD3090

Filesize
494B

MD5
5a3298737fd4b621870fbc8fe3c7bfdb

SHA1
a7db1562ef10e378a401b413f224babf92e66367

SHA256
585d1aa46fe49a7072cdceb78da0a013c8469f771d3a8abb190f21d95dbd3669

SHA512
5592d147289e0dedeaf6c0b302532161fd48955b56cfddc539d1d8b4bbe468c8aaf8acf2abd6d9d569ec56e0ce0b7668bc618361fe385b0f395864519a02cfa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F7456FD78DEB390E51DB22FDEB14606

Filesize
362B

MD5
6973229824492cb96b6bb0d4ae61a112

SHA1
daafa947133620b68780ddc8926f3e0963486fee

SHA256
2dfd25e2f3b9947b52e4fc1fb402a4b993aace54f88a6035b520173be6127a43

SHA512
4aca6d0f8b5cba2bdf1eeaf31ad6036b5254c6748688c04b6b7b88c5f440ef88da2ebc49852f45bf2ba14b013bc53aee5bee409fde9defaac4b4f95d3c255e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\201DA8C72BE195AF55036D85719C6480

Filesize
350B

MD5
710b09dda6f79f68c847528425c53dbc

SHA1
e8abeb92d55447cfce690e9ac4eae8a4af00de21

SHA256
60d02aa60af04d5ccbdb518b6f90607575b05ffbb23ea4846ce35864bdc26abf

SHA512
e206b899807e4b2a1c505c0028385cb66004222896bb6bbdff39105ec06b5a92c62d7a43466c6be44627e2546f4a0009baa58fa5d5cbb54cc9586b71acfc8efd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
404B

MD5
2e9fc6ca4cd98245475b4426a09708b4

SHA1
1609315beec21ed38f3dcc9ba54d2250753a3eae

SHA256
c5268379b5df8d1ec4efaf1f32058b773e3f76f82cd337b541eccb9d3873cb6b

SHA512
13a0cf2fa3b743a9e6b3f501b811f82455fae30b9d94b952270bd41e7341ffb40c4ec30477e2484cf06b0bb6dc3398c36d62d3a782b14e30bf1d942712e34c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_A83A97708CE96FC26E06A3D724322DEF

Filesize
430B

MD5
0653860bbd9fab9f67fe9fdfd601f5fe

SHA1
543717b00deb0957271644dcd4051c9e4dcd58b6

SHA256
3c67fb93999738e7f57c71273d1022dab75594d91396f2bbcac67e89a9c0712c

SHA512
ce59de8762eab135b23a64c562b773bc0550b5627da55cd9c6eb9729a20c059360bf315eaa38f2a9ca098c8c61c345cd9bfdf3689e56da1498dab9af9bf8e3e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_F0D50A4367A618DF509B0016B83B8E3C

Filesize
400B

MD5
5e1f482fdfd348fe5331af09cb935f7f

SHA1
a44188ccb5cd4be6414217326ad143c675773345

SHA256
0018255373dc8a7bebe91748503ef768c66a580de76c0ad385f8611bfceaf1ba

SHA512
db055b2edf6b7a99f34804f9c3eb0adc203fcdaf37b45f1629d13f15b8f1a1c3c80c1c87c2a1e23ae2a38c5267d4ed5f806eded86dd6143086b604e7f3945e37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
396B

MD5
2867a190797a869d96276940dda600b6

SHA1
cd1e883eaafcdb620d268266da10d914b26f589b

SHA256
fbd5616eeef9484e103877ba20cf8f875aa99870a9c8246aad31ef6f2b391370

SHA512
393e119c07301d1664dee88747494aca827fee76426d408fe5af002f46c7d43fe9d494053d22881aba53f54b7a5585f6881e62032f2791b64d3763dbb3447ebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE

Filesize
416B

MD5
2f6cec863a85334dc218ec94b2c053d9

SHA1
c2cda0cf78bb29d80bfa6fef3c2b07c5314307ac

SHA256
e2f86e3505a309f62e4b000019f4041db7dddbdd4742b53ccbcd87654f830e97

SHA512
eedb7cae9cd53299f0685513d9219602a2ade1a5917c397e3464baa558c6ab4d4d0d97c8635eda0ddb973724865b986595a2f9ea653cfd40f2a8d6598904134d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
398B

MD5
3c9b6893dadb372d1f4f88ed6e9b894d

SHA1
10df3789b335e77d99df670e7f417ec2bbe480cc

SHA256
e13dc46da17d7229fd8d26b8ec1ad1152c55748a2967fbdfc97bd8e913f6f067

SHA512
d0cef5fb997393113973c2b4dac1f17ead5c95bd88b4a316d9d503bdb0e5016e772608a27365e2b111537e3716c55169c8f88f5a40e31ef1ac72808617f0608f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC

Filesize
408B

MD5
9636da42df50c22e8af801e8ea6049eb

SHA1
1a3c394dec3a4c9414bb814c2a4819e70e41cef2

SHA256
37ffa39ea629d69fa3aa717b72ae9e93e60bc4795569dad2359b8e3a570d76dd

SHA512
919d3189673ee721e5945d01a073ffa4d61f66786ff60764cac46bc04530c3b9d4c45b9bc87b3a6636628bb7a4ee029ac0ee76acc728553038de0974cfbb3666

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_1E65FD33F74047223AF4D58CBFD34BCE

Filesize
402B

MD5
8db82d35e3f044d2ccca6768fa3a8641

SHA1
70f13c375487d896a08324161d964900ae15ee02

SHA256
793570f451359ea5dbeb5e407cb2e204473230f06e4e728f54ba7af7f09574ee

SHA512
72106cc0d323b949ce699c6e9a32b8ecba20a86b663f405cf695f57a076b9786f48f1aec8ed082e882c178d517c540a5d75be77ae05524c64f718af8d337def9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FAC339B39377A299AE11B4D208AD3090

Filesize
260B

MD5
d3520be3b01de30a0ecd0bd739737bc7

SHA1
60fb7bfdf199adc438d26b774f57788b0c83bf6c

SHA256
02b2e66ad6a0a9838e1a68edcace8a8519d0a8ae844a35ffc93677d27c5c6e8b

SHA512
0105dcf5a2ee4871e6ac126df516e3dbf7d5ea145cdcba988a71fb0bd5a71b1ea51980dfeb0112757ed63b4efd2d5d437e4bd60773bcf4eae0baf2e0459d14e0

Download Submit
memory/2820-155-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-148-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-161-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-162-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-163-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-164-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-165-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-166-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-167-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-168-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-169-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-170-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-171-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-172-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-173-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-175-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-174-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-176-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-177-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-178-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-179-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-181-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-180-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-183-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-182-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-185-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-186-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-187-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-184-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-193-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-192-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-195-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-194-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-133-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-134-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-135-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-136-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-159-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-158-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-157-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-156-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-132-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-137-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-154-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-153-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-152-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-151-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-150-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-149-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-160-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-147-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-146-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-145-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-144-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-143-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-142-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-141-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-140-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-139-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download
memory/2820-138-0x00007FFFBB010000-0x00007FFFBB020000-memory.dmp

Filesize
64KB

Download