1b88f9245d7d9af58c189290ba3a1722afb506d2853c9a329186568df3a62961

Analysis

max time kernel
242s
max time network
219s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23-11-2022 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MicroSIP-3.21.3.exe
Size

8.4MB
MD5

349388dcd0d7fe5788fadc507e24ec67
SHA1

6040763487840999b962f78555e07aee4dbe47a9
SHA256

1b88f9245d7d9af58c189290ba3a1722afb506d2853c9a329186568df3a62961
SHA512

9861acb60712c2b2c8320e00cd3b241b6eb92d80e0f0ae06603aeda3ae3747495fc0c404b52daec1d0c66cb79f9ff7acd54a66a8b4818124cd68933b2736b8e5
SSDEEP

196608:pn/1btqdYfCY80dP8jY+Q5p8LdMXpsEw9yCl6ilU:d/Nt4YfCYLujY+Ip8mXpsvyCMuU

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

MicroSIP.exe

pid process

4548 MicroSIP.exe

pid	process
4548	MicroSIP.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicroSIP-3.21.3.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\International\Geo\Nation	MicroSIP-3.21.3.exe

Loads dropped DLL 9 IoCs

Processes:

MicroSIP-3.21.3.exeMicroSIP.exe

pid	process
2780	MicroSIP-3.21.3.exe
2780	MicroSIP-3.21.3.exe
2780	MicroSIP-3.21.3.exe
2780	MicroSIP-3.21.3.exe
4548	MicroSIP.exe
4548	MicroSIP.exe
4548	MicroSIP.exe
4548	MicroSIP.exe
4548	MicroSIP.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

MicroSIP-3.21.3.exeMicroSIP.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroSIP = "\"C:\\Users\\Admin\\AppData\\Local\\MicroSIP\\MicroSIP.exe\" /minimized"	MicroSIP-3.21.3.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows\CurrentVersion\Run	MicroSIP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroSIP = "\"C:\\Users\\Admin\\AppData\\Local\\MicroSIP\\MicroSIP.exe\" /minimized"	MicroSIP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Windows\CurrentVersion\Run	MicroSIP-3.21.3.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.microsip.org\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar\WebBrowser	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "French Phone Converter"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{14E74C62-DC97-43B0-8F2F-581496A65D60}"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 51e0d6d06eaed801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2013.1022"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Zira Mobile"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033David"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d6c433ff57ffd801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658 = 03000000010000001400000083da05a9886f7658be73acf0a4930c0f99b92f011400000001000000140000003656896549cb5b9b2f3cac4216504d91b933d79104000000010000001000000062455357dd57cb80c32ab295743cccc00f00000001000000200000006811c6215f18c75fdbe32cf56bd66248562a7fa3ba459cfee338745061e583941900000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d705c000000010000000400000000100000180000000100000010000000bb048f1838395f6fc3a1f3d2b7e976542000000001000000dc060000308206d8308204c0a003020102020a613fb718000000000004300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131313031383232353531395a170d3236313031383233303531395a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f66742053656375726520536572766572204341203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100d00bc0a4a81981e236e5e2aae5f3b2155875beb4e549f1e084f9bb0d64ef85c18155b8f3e7f16d40553dce8b6ad18493f5757c5ba4d47410ca32f323d3aeeecf9e0458c2d947cbd17c004148711b01671718afc6fe73037ee4ef439cef01712a1f81264377985457739d552bf09e8e7d060eac1b54f326f7f82308228b9e061d3738fd72d2cae563c19a5a7db26db352a96ee9aeb5fc8b36f99efaf61c581b9756a511e5b752dbbbe9f054bfb4ff2c6cb85d26cea00ad7df93ed7fddacf12c731ad9193755badd22788ea1d49b09f807223171b094aee0b0e726445790819715ce61ec65e24bf185521632f8b578aa7ecd4dec8321a4a89bbe9a6a04e0a31ccd56186cfd6b2f423ee237f272abd07873727bdeec0058e52130a3083a99ef9fc3f77a169665b5c381aff4397049aff6a9f66a0038f9b40819e01a35a55676225f6af269ae3ead58464db854f68941441e72b1bc122753d2c1ffb2cd50981eb5f4bbb6c28239d9ac1bf23b27846ab0c6260bd73a10e7b3db7cd356ac534c0bfa3b313774d8592bf9007919067bfd1c1d42d4410d2f050ed56b4923ffcfcdf87a82cfda3c2ddfe8d8120418ba1e8877b8981f1007bbc8057e0b09bf6bdde34e5bb0f9c784a63bca4c9f5b6229f7c7a2a89588702ce5c13f3c52234f409ac33185832fbf29f11d508f219607ceeff280c2447d9b62ef2fc37789ab454d533e0279d30203010001a382014b30820147301006092b06010401823715010403020100301d0603551d0e041604143656896549cb5b9b2f3cac4216504d91b933d791301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014722d3a02319043b914054ee1eaa7c731d1238934305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f436572417574323031315f323031315f30335f32322e63726c305e06082b0601050507010104523050304e06082b060105050730028642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f436572417574323031315f323031315f30335f32322e637274300d06092a864886f70d01010b0500038202010041c861c1f55b9e3e9131f1b0c6bf0901b49db69074d709dba62e0d9fc8e7763446af0760894c81b33cd5f4123575c273a5f54d848ccba45dafbf92f617085742957265057679adeed1bab82e54a35107ac68eb210ce32581c2cd2af2c3ffcfc2bd49189ac7f084c5f914bc6b95e596efb342d253d54aa012c4ae12765309560e9df7d3a6498850f28a2c9720a2be4e78ef0565b74ba11688de31c70842247ca47b9e9dbc60005e6297e393fca7fe5b7b25dfe4537f4bbee63ef0db0179421c6e856c7db64430fba5379293b2a5ee20ad3f53d5c9f4286b57c1f81d6ab7562ab627811ca62d9fe7f4d0318397a82ab6acbe1b41f5e4895f56fbda5ad35e7d5594107e5357f44a3d402ac8bd679f84e110eefdda6b158249fc461dff4506749c4214edc539d3b3cd0b832790435192f24482ae6e9a1517b219fac7456c98017bbf37a9b088a492bc3838e01de47c97981a2e5fef3865b7352fbd7f4f21fac48cd26f06f94935eadf200f25aaea60ab2c1f4b89fcb7fa5c54904b3ea2284f6ce45265c1fd901c8582886ee9a655dd21287945b014e50acce65fc4bbdb6134699fac2638f7c1294108152e4ca0f7f90c3ede5fab08092d83acac348362f4c949428925b56eb247c5b339a0b1201b2cb18e046fa530491cd046e9405bf4ad6ebadb824a87124a80094ddbdf76b9055b1be0bb20705f0025c7d30efa16ad7b229e7108	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "376034191"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{2984A9DB-5689-43AD-877D-14999A15DD46}"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Female"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "375382741"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4ea2672d58ffd801	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HW"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\AudioInput\\TokenEnums\\MMAudioIn\\"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Zira Mobile - English (United States)"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "DebugPlugin"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

MicroSIP.exe

pid process

4548 MicroSIP.exe
Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

736 MicrosoftEdgeCP.exe
736 MicrosoftEdgeCP.exe
736 MicrosoftEdgeCP.exe
736 MicrosoftEdgeCP.exe

pid	process
4548	MicroSIP.exe

pid	process
736	MicrosoftEdgeCP.exe
736	MicrosoftEdgeCP.exe
736	MicrosoftEdgeCP.exe
736	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	3628	MicrosoftEdge.exe
Token: SeDebugPrivilege	3628	MicrosoftEdge.exe
Token: SeDebugPrivilege	3628	MicrosoftEdge.exe
Token: SeDebugPrivilege	3628	MicrosoftEdge.exe
Token: SeDebugPrivilege	236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4720	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4720	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

MicroSIP.exe

pid process

4548 MicroSIP.exe
4548 MicroSIP.exe
4548 MicroSIP.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

MicroSIP.exe

pid process

4548 MicroSIP.exe
4548 MicroSIP.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicroSIP.exe

pid process

3628 MicrosoftEdge.exe
736 MicrosoftEdgeCP.exe
4548 MicroSIP.exe
4548 MicroSIP.exe
736 MicrosoftEdgeCP.exe

pid	process
4548	MicroSIP.exe
4548	MicroSIP.exe
4548	MicroSIP.exe

pid	process
4548	MicroSIP.exe
4548	MicroSIP.exe

pid	process
3628	MicrosoftEdge.exe
736	MicrosoftEdgeCP.exe
4548	MicroSIP.exe
4548	MicroSIP.exe
736	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

MicroSIP-3.21.3.exeMicrosoftEdgeCP.exe

description	pid	process	target process
PID 2780 wrote to memory of 4548	2780	MicroSIP-3.21.3.exe	MicroSIP.exe
PID 2780 wrote to memory of 4548	2780	MicroSIP-3.21.3.exe	MicroSIP.exe
PID 2780 wrote to memory of 4548	2780	MicroSIP-3.21.3.exe	MicroSIP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 236	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 736 wrote to memory of 3256	736	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\MicroSIP-3.21.3.exe
"C:\Users\Admin\AppData\Local\Temp\MicroSIP-3.21.3.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\MicroSIP\MicroSIP.exe
C:\Users\Admin\AppData\Local\MicroSIP\MicroSIP.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4548

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1792

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:736

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:236

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4720

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\MicroSIP\MicroSIP.exe

Filesize
11.1MB

MD5
75b37ce6d2d15a267bd11b8c0318145a

SHA1
13970186c25689d1aeb82d10e3947abd5600ca06

SHA256
81912859669835592342abc5416d9fce8ca455d371824b60a86af5d8289f9c76

SHA512
e5e34f5acd4fbfc01516f227725ace1ea04dd74255b1d79cbe253e97b61f2ef1f786989b5213ebe701eb303ea21a6a1029c59b4be691960dcb2589a05e4426e8

Download Submit
C:\Users\Admin\AppData\Local\MicroSIP\SDL2.dll

Filesize
845KB

MD5
70353a2e0375015d2a15e7ab5c7adce7

SHA1
00b649ead53c912b4324aab5b92982523ba01153

SHA256
afeddf0ffdc0dba31883efa7d41727e0d1042a02471aad241cf415e903169fe7

SHA512
8fe4f90b76c3a6349024b5429365485d449db49024750b3ce49785266e92f58074c47e7a1b398572026ceca10c3f2b168dec495d046c9c2a0cd7596b0b995b8d

Download Submit
C:\Users\Admin\AppData\Local\MicroSIP\avcodec-57.dll

Filesize
4.8MB

MD5
d04d538a6d8a1403c4d8bb1e787c0d57

SHA1
4b00fbfb8c3ff1e1d252bf7f02f2a8cd2f9b8d5b

SHA256
5348a7c4d0efee615ef8869b04b19fb5ecb9e46c4a797fbb83b29225672763a7

SHA512
e752eed2a415c57950bdcec97b92816e6e97bfd5aaa4cbf86a25a462a22076da10a7259ab0b29c54e666216655ee241e89be45897ecf75675191a8b956a47480

Download Submit
C:\Users\Admin\AppData\Local\MicroSIP\avformat-57.dll

Filesize
345KB

MD5
11df4d971cfc63a4fac48e1a0478fc99

SHA1
a0e060229ec33aa8fc83756e6122ede19a85f7f0

SHA256
df599c6944c31fd3ea212a1b080dd851d823886bbbc59a9814a910c793426e65

SHA512
0189909d95b5c75e8c0b74f70528289a5b768ca8e4140388280f7cd98804e3cb480a7cae3ca14596538635a04b3fce49a894aaef588bca6b6e0a4418b7bf9493

Download Submit
C:\Users\Admin\AppData\Local\MicroSIP\avutil-55.dll

Filesize
653KB

MD5
feb0edb1ae28f50cf919fdf86fe90b48

SHA1
2f43c05e8b2dc38ade56a6a66d25dcb8d1cc49ef

SHA256
bfdec4fa40ce1164b3bffa2116a3151548f03004257241a07a77572152064191

SHA512
b9dceead27b501ff71ad1fe8e889618b0d87593e9d13206c7122cf8e8c0f54bcc833ce41fcad7f26333b92d51233509ee0e7945fef55333c9f046a7c8e95fa44

Download Submit
C:\Users\Admin\AppData\Local\MicroSIP\microsip.exe

Filesize
11.1MB

MD5
75b37ce6d2d15a267bd11b8c0318145a

SHA1
13970186c25689d1aeb82d10e3947abd5600ca06

SHA256
81912859669835592342abc5416d9fce8ca455d371824b60a86af5d8289f9c76

SHA512
e5e34f5acd4fbfc01516f227725ace1ea04dd74255b1d79cbe253e97b61f2ef1f786989b5213ebe701eb303ea21a6a1029c59b4be691960dcb2589a05e4426e8

Download Submit
C:\Users\Admin\AppData\Local\MicroSIP\swscale-4.dll

Filesize
495KB

MD5
62c0267fe5c7133eb74fd52324a3b7f6

SHA1
f00c5099ee00eb0505decabfb81b76662cfe3e9c

SHA256
4992639df7187dff687ae00403d587b3adc721f8c23ca395e71ec6628e38e743

SHA512
0dde02caa4d447cf6ea26042e39a7e1ae5410620867e1042be235cc35706ce7c84f6497bfede481d55e2de361bff4938aa2d9b4b511d00df9ea7bc701d1106d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OPUCQRS7\branding[1].png

Filesize
1KB

MD5
5fa765d6ecd4ddbe72abbac8698fa4b0

SHA1
468231e63b1ab3ed01a9488f5c981b141a54d024

SHA256
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

SHA512
2b16afd708fa0bfab449f74dd118108777cd0097d1f3359892cd4a310bc4298248e5f49685b87eb59f3fa3e1bcde22941f80906cc17f9cc8225367399f300a3e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHR2E0B5\main[1].css

Filesize
5KB

MD5
9597d4ebc59b0ce15b1bef526970c8ba

SHA1
666b55ea7c6e7370d8fff2a44149cb4609dd693d

SHA256
d0f2c7929524a31bbfe492e947ffb1071d2134524c17578e5cc30ccf037be73d

SHA512
2485a8bad598e57f3128ab425cc9e0ef593782f2cfb248295aa852d0bc36466e23f40434e93dc6e8d76625423d5708b9a9c06125f55d927964ac04d0ef0542b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHR2E0B5\main[1].js

Filesize
696B

MD5
e0589d5518564a3b04cf66bd7963a274

SHA1
6535d03dd99f2a6748009f734a68b5a88f9169ef

SHA256
566376e41a1792227a5211766565b2ea0eaa0ac94bba94793ee38e94f7bda8c1

SHA512
16c6d370db30a37c0efa09f1255154fd2cf32ad74dfd80f9d0cd61166debcb8cbc8404f713a9355ff3c94c0caca530d5005a06ade73cbb6cfd0e91ee51381c40

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VD2GC2SJ\brandjs[1].js

Filesize
13KB

MD5
5fd232d76f845e55064ad5069abfc141

SHA1
afaa74984a2c8eb086ff2d22e0ad2abfce7d272e

SHA256
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69

SHA512
1c38c412d4b7633c7039f26c7d50ba7a82a631058acf1c66f774659856b69fa9dc237d18715deec5602279ad0d7f25669662012da427c9c85671f5bd749255c4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VD2GC2SJ\logo[1].png

Filesize
4KB

MD5
6b0cc348a9e9117b68c5b9bffa69ff55

SHA1
9277889954833483b28eb3419ab2d5b5c2960ba2

SHA256
c1ba39aee9e713a37b2637597d1c21b56b5a9e4a88694d4a85506b95209a39a1

SHA512
a87f2f5162ee3eb35d3725f900c9a070dc1193563b75e4fa764ed563eec126f1a0dc1eba86fcd77283a0123ab7de5dec6f6e9186883ad39a9d8bf5318c64c40c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9c094971a27ff86a263ae18cf5a0ff14

SHA1
368624fab92930f3edd9818b82341a152e72a162

SHA256
078a8257a7f0fe4fd6eb28f408e8ac24b0b018aaa023b37b1db23005ce91bd63

SHA512
236c9a1af251eb8175c25718f724fb564c6dd3aa48330641c0fa2bc2885c29d40f8cc504d1e68e5d9b4983760497b02aba396675deeaddeefce2214a3e6a82d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
472B

MD5
ae7674294f5a17ef8761b33ac4dad848

SHA1
30a771e623dd1e3cb8694bb5f71393aaa9e87b6a

SHA256
cac85ed50ce25c45d5093aaaa231a0d1cd9667f47bd2312947070ba202c5d96b

SHA512
ab4a0adbe606ac6b1b8c87fb24fa23c7fdd23fbdcfb616f24fe1269dd4d409c45d7b64cdf65b08caa13e88b4461b29d2bded7e197120a7f65a525c2c5e905a5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
822d01aab830e5cae8025db2c3f36ca4

SHA1
09e7e6accf68443d140b3fb502488879e3e2a5de

SHA256
c8ef7223b7feb7c48fa1a88d9f027e4e4f7e8c8f94eaf93fd82cb16034bb3a74

SHA512
6787bfb8c3d48229c1b7f68ae3f06396fa82aaad9b339ed2a399538df21aa2837f98b8990296ef9bb4f32347b2e300ffc0f9d8e17467a6d4be0d135f0775ba23

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_2D4EC0371780BB99FA1BEED5E5CAB6A7

Filesize
279B

MD5
722f87e1b6965b629f823040dfc2aedb

SHA1
5577c1b5ddadc226c5ba531f984589a9b5c8735b

SHA256
d13624854624e40e434996c821e0d97d6e0730c36eb2b244bb5316840296eea5

SHA512
329293ec3efcd05a73524a29836f4f8982e4f8c0fb88b80f44a57e347b2a264e025ea7ccaf2a5e2103ba00dfd6281e45b3b7ceece397b09915a8716957423bfc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2

Filesize
472B

MD5
4f22437494cab8f3b1de6d48c3677f43

SHA1
42461557365b59e300ae356c37b95f652e10dacd

SHA256
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf

SHA512
87d5a2470096b5f680a383239bdeb8466ba8927b251f443d7c640da0d1fc18b82e2f52c6a864bedb50bd0636724752151a742c0e306ea2e4b0c57e59867220ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a14151a186218e2efb6e7a7ef1d726d1

SHA1
a4f92d1a63199dd03f1ae19c24e2cdbc2f180e86

SHA256
5300c1e18e2ba6c8644202654f331a83ef80737031508830b87b302da1aee493

SHA512
3191b9be0b3cc49b9bdf3d32721f50b9a0a9e01e4bfdd316d732243bb153155ec845bcea762f6ae2a5aa78cb33373eb783e1bc99692aaafd6f74611ec61dbb1c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4

Filesize
402B

MD5
1a36da07c86db7ead57aa56d4fc6b62e

SHA1
6d21cff5aa966d1e09645b601e3cd5aca796025d

SHA256
6bffb7b6fe89c7976a55beccce88724a69d957108abbf0097e57efe12a7475ff

SHA512
d0d19d68b083ee78fc23b33d7e71f4a71ac868814a1a3032ff5b98b09c9d2df6416977872d26079d05fe1d64e51016d1c008de87e393ddb1c5563ccc2f1fa0c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
569430de50ee01c82036a027c8a94f85

SHA1
ec3ddac9acfe2c9c5b8a8e2abef0d3493b52d77e

SHA256
81aa6f82fe6309faf9072b24a70b3aa4d15479cd870970f0439f4a8cec199baf

SHA512
ad512956d1630d73d9b594f3219d968038cd161add3f0d5b13b4723e0e51f624573cf4a43fb67c287738c051e962cdc01f9884348840dabed1559b2c259157f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_2D4EC0371780BB99FA1BEED5E5CAB6A7

Filesize
426B

MD5
46e8573a4f32ba015dbd63edf46039bb

SHA1
25f0d9017b0538d0e0f801633dc04a0c70ae82f8

SHA256
fde982c246645de1d91dc05b6431805111e42bcbf3b014c1a02a41f1797fe2c6

SHA512
698d29945ce71afd5d8d79734267218490b641e86696fd7f1926e3fb76633e60fd85423fdf11b1f2adf06a224a08e865d39beb6dc4d12e77db75f61addbd7d0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2

Filesize
410B

MD5
0ce3aa73b3605c44939eb110d032289a

SHA1
74ae0df838e345f367bbb8349e02c1ce27dc25ff

SHA256
14b2b5e9ac60e4ab4409e6c8a5365e20be9b426add1c691f92ffac745e8d8e29

SHA512
2cf0d334f76a35ffb70e1175631fec45ed72dd0c6d96687d07d51540d900cce943c8b6c7d215c234e33af0401fcec45120300bb37fb19ca7b363176bddb619f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
7493e4820bcc632ddee1133656be3a38

SHA1
20448f830e2c31fe09effa31c410d26d2cdecf79

SHA256
2f7aabaefe5b3a6ace55427837940bdf73c2491df9196ff08fd758159edf925b

SHA512
5a343e69da3f2f6c5a0abfbab31f717d70ba675ac27037775ce99fbb3933498b08b5012561c61a3609379e60aa92d8b197a7106f28c4ca6bd74d4779462cf822

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
\Users\Admin\AppData\Local\MicroSIP\SDL2.dll

Filesize
845KB

MD5
70353a2e0375015d2a15e7ab5c7adce7

SHA1
00b649ead53c912b4324aab5b92982523ba01153

SHA256
afeddf0ffdc0dba31883efa7d41727e0d1042a02471aad241cf415e903169fe7

SHA512
8fe4f90b76c3a6349024b5429365485d449db49024750b3ce49785266e92f58074c47e7a1b398572026ceca10c3f2b168dec495d046c9c2a0cd7596b0b995b8d

Download Submit
\Users\Admin\AppData\Local\MicroSIP\avcodec-57.dll

Filesize
4.8MB

MD5
d04d538a6d8a1403c4d8bb1e787c0d57

SHA1
4b00fbfb8c3ff1e1d252bf7f02f2a8cd2f9b8d5b

SHA256
5348a7c4d0efee615ef8869b04b19fb5ecb9e46c4a797fbb83b29225672763a7

SHA512
e752eed2a415c57950bdcec97b92816e6e97bfd5aaa4cbf86a25a462a22076da10a7259ab0b29c54e666216655ee241e89be45897ecf75675191a8b956a47480

Download Submit
\Users\Admin\AppData\Local\MicroSIP\avformat-57.dll

Filesize
345KB

MD5
11df4d971cfc63a4fac48e1a0478fc99

SHA1
a0e060229ec33aa8fc83756e6122ede19a85f7f0

SHA256
df599c6944c31fd3ea212a1b080dd851d823886bbbc59a9814a910c793426e65

SHA512
0189909d95b5c75e8c0b74f70528289a5b768ca8e4140388280f7cd98804e3cb480a7cae3ca14596538635a04b3fce49a894aaef588bca6b6e0a4418b7bf9493

Download Submit
\Users\Admin\AppData\Local\MicroSIP\avutil-55.dll

Filesize
653KB

MD5
feb0edb1ae28f50cf919fdf86fe90b48

SHA1
2f43c05e8b2dc38ade56a6a66d25dcb8d1cc49ef

SHA256
bfdec4fa40ce1164b3bffa2116a3151548f03004257241a07a77572152064191

SHA512
b9dceead27b501ff71ad1fe8e889618b0d87593e9d13206c7122cf8e8c0f54bcc833ce41fcad7f26333b92d51233509ee0e7945fef55333c9f046a7c8e95fa44

Download Submit
\Users\Admin\AppData\Local\MicroSIP\swscale-4.dll

Filesize
495KB

MD5
62c0267fe5c7133eb74fd52324a3b7f6

SHA1
f00c5099ee00eb0505decabfb81b76662cfe3e9c

SHA256
4992639df7187dff687ae00403d587b3adc721f8c23ca395e71ec6628e38e743

SHA512
0dde02caa4d447cf6ea26042e39a7e1ae5410620867e1042be235cc35706ce7c84f6497bfede481d55e2de361bff4938aa2d9b4b511d00df9ea7bc701d1106d9

Download Submit
\Users\Admin\AppData\Local\Temp\nsqE303.tmp\LangDLL.dll

Filesize
5KB

MD5
109b201717ab5ef9b5628a9f3efef36f

SHA1
98db1f0cc5f110438a02015b722778af84d50ea7

SHA256
20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319

SHA512
174e241863294c12d0705c9d2de92f177eb8f3d91125b183d8d4899c89b9a202a4c7a81e0a541029a4e52513eee98029196a4c3b8663b479e69116347e5de5b4

Download Submit
\Users\Admin\AppData\Local\Temp\nsqE303.tmp\StartMenu.dll

Filesize
7KB

MD5
6bd0f48ebada20615976d587933ec18e

SHA1
c664841af354bf3dfcb56810351b5c8966abacba

SHA256
40bacf4d323ec800803add519c00075998da102b1fb41340dfe0429707ea1e9c

SHA512
d25428f7af93863905e17bbcd56c5525ce7f589b347ea981bff043f10cdfffd4d909064ebd7d66c9c3761551b870464a78b0d8e15db6a947f7f8c73b21aec184

Download Submit
\Users\Admin\AppData\Local\Temp\nsqE303.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
\Users\Admin\AppData\Local\Temp\nsqE303.tmp\nsDialogs.dll

Filesize
9KB

MD5
ec9640b70e07141febbe2cd4cc42510f

SHA1
64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

SHA256
c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

SHA512
47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

Download Submit
memory/2780-144-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-187-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-156-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-157-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-158-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-159-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-160-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-161-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-162-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-164-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-154-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-165-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-166-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-167-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-168-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-170-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-169-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-171-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-172-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-174-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-173-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-176-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-153-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-177-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-179-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-152-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-180-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-182-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-151-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-183-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-184-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-185-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-186-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-155-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-121-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-150-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-149-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-148-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-147-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-146-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-145-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-120-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-143-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-142-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-141-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-140-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-139-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-138-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-137-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-136-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-135-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-134-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-133-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-132-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-131-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-130-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-129-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-128-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-127-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-126-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-125-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-124-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-123-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/2780-122-0x0000000077710000-0x000000007789E000-memory.dmp

Filesize
1.6MB

Download
memory/4548-211-0x0000000000000000-mapping.dmp

Download