c0f197ac9115d12dbe957bc1ce6b6493e09d4e45901dea8becba9577bb0dd50a

Analysis

max time kernel
144s
max time network
140s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
25/08/2023, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minuteman Press.xlsx
Size

137KB
MD5

99554c70f9e7253cf931a77de616acf8
SHA1

abc4ba9ac90a22440bb4ffdedc273bccd8b3b979
SHA256

c0f197ac9115d12dbe957bc1ce6b6493e09d4e45901dea8becba9577bb0dd50a
SHA512

a698847f90c3098f0efbfd0a937f6ee615f26477d005cf537d71e63646b633b526d826363bcf9556e6e0c915b71c7bbb59cd3e9dbd723dd3778d20052d385d0e
SSDEEP

3072:8X9KNtRrJRHHVOUAupw7cCznF5RSabRQUkFWnBu7Jkg:M0NtdJRVOUAuYcC7FDF1VnByyg

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 10 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ce10890cc8fcad40be947aafbd3b927a000000000200000000001066000000010000200000001bcd63bd308f3f239da18f8c917b9697d81f806aecbee07a5af51a8af250cbcb000000000e8000000002000020000000bf168af25386ccb5d0f539c7da180a938a83b79ba861f8bc18a812db9060fdd89000000068a36787a0f77754a22b6dbabba1d139cc5eb9757ba53beaccabd0667ff9fffa93f258015872aa520d97ffe7c9098a8f148f5a93382a46835b62124abd86f37d61cf466782f3250ce1962720bb33cce1f81ad871a9a05280017e41615f54ba8d88e1eb853a163c63f78faa971290039844be24d230ea1f6f5a01838a368073d42176adee34ac2f404ec50c02aa336a9f40000000cbeac2aa024ef0fc8d01ffc42b8f86872a8434cee50970c67ed0e728be031cb1a9c213896e81fba9955f47336da76c56f25b1024f6d4a6bff32335c5273daeda	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1b1cd3dfffd6d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 795e49c3ffd6d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bef23ac9ffd6d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = a0ecca1475edd901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "399707298"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\LastProcessed = 507c2dd6ffd6d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{5166E530-CBF8-40BA-BEFF-16CE218004B4} = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3060	EXCEL.EXE

Suspicious behavior: MapViewOfSection 16 IoCs

pid	Process
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4556	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4556	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5844	firefox.exe
Token: SeDebugPrivilege	5844	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3060	EXCEL.EXE
3060	EXCEL.EXE
5844	firefox.exe
5844	firefox.exe
5844	firefox.exe
5844	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5844	firefox.exe
5844	firefox.exe
5844	firefox.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
4168	MicrosoftEdge.exe
3432	MicrosoftEdgeCP.exe
3432	MicrosoftEdgeCP.exe
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
3060	EXCEL.EXE
5844	firefox.exe
5844	firefox.exe
5844	firefox.exe
5844	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4264	3432	MicrosoftEdgeCP.exe	75
PID 3432 wrote to memory of 4264	3432	MicrosoftEdgeCP.exe	75
PID 3432 wrote to memory of 4264	3432	MicrosoftEdgeCP.exe	75
PID 3432 wrote to memory of 4264	3432	MicrosoftEdgeCP.exe	75
PID 3432 wrote to memory of 4264	3432	MicrosoftEdgeCP.exe	75
PID 3432 wrote to memory of 4264	3432	MicrosoftEdgeCP.exe	75
PID 3432 wrote to memory of 3164	3432	MicrosoftEdgeCP.exe	79
PID 3432 wrote to memory of 3164	3432	MicrosoftEdgeCP.exe	79
PID 3432 wrote to memory of 3164	3432	MicrosoftEdgeCP.exe	79
PID 3432 wrote to memory of 3164	3432	MicrosoftEdgeCP.exe	79
PID 3432 wrote to memory of 3164	3432	MicrosoftEdgeCP.exe	79
PID 3432 wrote to memory of 3164	3432	MicrosoftEdgeCP.exe	79
PID 3432 wrote to memory of 5052	3432	MicrosoftEdgeCP.exe	76
PID 3432 wrote to memory of 5052	3432	MicrosoftEdgeCP.exe	76
PID 3432 wrote to memory of 5052	3432	MicrosoftEdgeCP.exe	76
PID 3432 wrote to memory of 5052	3432	MicrosoftEdgeCP.exe	76
PID 3432 wrote to memory of 5052	3432	MicrosoftEdgeCP.exe	76
PID 3432 wrote to memory of 5052	3432	MicrosoftEdgeCP.exe	76
PID 3432 wrote to memory of 5252	3432	MicrosoftEdgeCP.exe	85
PID 3432 wrote to memory of 5252	3432	MicrosoftEdgeCP.exe	85
PID 3432 wrote to memory of 5252	3432	MicrosoftEdgeCP.exe	85
PID 3432 wrote to memory of 5252	3432	MicrosoftEdgeCP.exe	85
PID 3432 wrote to memory of 5252	3432	MicrosoftEdgeCP.exe	85
PID 3432 wrote to memory of 5252	3432	MicrosoftEdgeCP.exe	85
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5764 wrote to memory of 5844	5764	firefox.exe	88
PID 5844 wrote to memory of 6024	5844	firefox.exe	89
PID 5844 wrote to memory of 6024	5844	firefox.exe	89
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90
PID 5844 wrote to memory of 6116	5844	firefox.exe	90

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Minuteman Press.xlsx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4168

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5052

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4556

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4424

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5152

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5764
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.0.1819308484\778999060" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1596 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a3b0807-669b-4b63-bd68-1668e61aca30} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 1776 2c9ffc03b58 gpu
    3⤵
    PID:6024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.1.1280152897\2047396943" -parentBuildID 20221007134813 -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b43182e9-e629-46a3-b808-015078e89192} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 2132 2c9fe9fc558 socket
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.2.235086025\904554413" -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3304 -prefsLen 21120 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7cb1d17-13a0-46b2-b403-6835117bf59e} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 3508 2c986ed0058 tab
    3⤵
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.3.1105484889\584404772" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 3828 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d786c74-3cd3-47f9-a627-717729e3eb1a} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 3840 2c985b38658 tab
    3⤵
    PID:5912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.4.2139260591\1430690700" -childID 3 -isForBrowser -prefsHandle 3088 -prefMapHandle 3104 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01251565-fdea-4e87-aec7-df5d2bb05908} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 3080 2c988ab7a58 tab
    3⤵
    PID:6076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.5.1190904431\757761054" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 5056 -prefsLen 26699 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f09a2160-a2a3-4cb0-befd-16712c1d54f0} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 4736 2c98639e958 tab
    3⤵
    PID:6868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.7.1668866557\1407986993" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26699 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ef2e9ac-8449-4a8a-8a00-96b050e0025d} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 5324 2c98a683c58 tab
    3⤵
    PID:6884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.6.752518901\919732649" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26699 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1120aac2-3f58-4b3b-a763-40f1a2193dec} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 5124 2c9897b6258 tab
    3⤵
    PID:6876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.10.1290621021\1388632078" -childID 9 -isForBrowser -prefsHandle 6028 -prefMapHandle 6032 -prefsLen 26874 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a6372da-eaee-46b9-be74-13bf5f6b57ab} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 6020 2c98b882858 tab
    3⤵
    PID:6640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.9.1660390174\1887256202" -childID 8 -isForBrowser -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 26874 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d91f29f1-b818-464b-881d-181d1e131c16} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 5828 2c98b884358 tab
    3⤵
    PID:6632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.8.48216663\556803112" -childID 7 -isForBrowser -prefsHandle 5720 -prefMapHandle 4936 -prefsLen 26874 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d7cc1bb-6e0e-4afa-9f57-f35c53c3261a} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 5728 2c98b885b58 tab
    3⤵
    PID:6624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5844.11.1038259836\42615971" -childID 10 -isForBrowser -prefsHandle 4660 -prefMapHandle 5316 -prefsLen 26874 -prefMapSize 232675 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bef4a734-1ba1-4a49-a7d0-e4f7dc2d655e} 5844 "\\.\pipe\gecko-crash-server-pipe.5844" 4672 2c986e54b58 tab
    3⤵
    PID:6868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T5JYCXSS\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
0e794dcb33dbbb281e693685bba3c6d3

SHA1
0ac5653e0d57e920ed7ea72eb70c0f2fa17a3ce5

SHA256
a855c8a8abfb94788cc8a29532071e9bf9367641c4df62d90f7351e9901b231b

SHA512
9c5621fee1ef26d434765f6a40d88829183d8b01b857a4b0acd7b9f85ed336f2bcd47e8572a3531d2a50489b4bcd1def98425b19ae3ef41985ca072a6540ddc3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K38Z2OTU\url[1].htm

Filesize
310B

MD5
0f7036b10421c2ecaf7a9388672f24c0

SHA1
975d77d41e38eebe3da002cb84b6212d602f1f6f

SHA256
04408871f5e89f4d2f2cd568ec8ed7a7e47d43c08ea1be11ef3cb72e6a6f0074

SHA512
cbc2592cce0cd09e2e098c366f5fb126508a099e0028847151edfab64734e0234ec7cec30f17b271f11c805dcbf4b90fa6c29707249b787c2ff53c67896d9300

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1YUGV77H\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2XQOXU3V\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9J3BURO2\api[1].js

Filesize
28KB

MD5
edbcde7402e6acb63167572645982f3f

SHA1
1e2d65ed3606a7946422b3977ff79affe34fc16d

SHA256
1ae488283b6cebf52b5bd97cd3dbe44e84ab7e87234525258a07e59a1904c2ed

SHA512
185b44a3e78326b2c68d7532b2c32686d91cb5be70f2735d85e6c6ffcf9cd947844318d32eb9e1b2af95dd82ee110f7bc6d1914449e600ab03bfecfb5beba32d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AOQ6HJ3U\challenges[1].css

Filesize
6KB

MD5
2c78b7f8fa496092bf41d5edd51611e7

SHA1
8b0b1b276e8194b0a5497db478ec2ea9b4f83c42

SHA256
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

SHA512
53a7750ea46082968c2ec557857ad3975cddb0b45595259f0f3e9fc16360b87c5f257e058489ecaf80e61a97f92f1c5e34fa2f6fcfe922f4ae22392ffd75b4da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K38Z2OTU\url[1].htm

Filesize
310B

MD5
0f7036b10421c2ecaf7a9388672f24c0

SHA1
975d77d41e38eebe3da002cb84b6212d602f1f6f

SHA256
04408871f5e89f4d2f2cd568ec8ed7a7e47d43c08ea1be11ef3cb72e6a6f0074

SHA512
cbc2592cce0cd09e2e098c366f5fb126508a099e0028847151edfab64734e0234ec7cec30f17b271f11c805dcbf4b90fa6c29707249b787c2ff53c67896d9300

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2U1O6Z69.cookie

Filesize
74B

MD5
21630b683cd9abac526128d0a14395aa

SHA1
2a1b249145f1b87b7ce006c2487fe13d584a18aa

SHA256
121f88f357de36b31d59f78c57a7a700ff506f91d7d7a586135f3f24aab87b1a

SHA512
e79050eb940c147c5664c8f048ee740e417afd4825133a437e14db833cac258b5959bc1a6ea7362b07f8d4bd15d3aec8f6917e07e7a94ce2dc21b95d74b84712

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3VCGW1KY.cookie

Filesize
74B

MD5
edf87cdac0b2426d02fea83bcd3ff20e

SHA1
ea79304d3cbcd977c2bf4a7a27f3e15cc706d718

SHA256
a948fa19b05ad0caeee193ed3c2d887b2856901d3198ed8598bbf469d9d551a1

SHA512
476d092094a45352aedbae076490764fce5ae4667c256b172cf742291acd252e623cb635c15a6259650301e2d7112bc24fbae310773678ed344af09756ba51af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GV0J55NI.cookie

Filesize
74B

MD5
e88034a438bc392dd80f321e70c7484c

SHA1
74aab15241ae83477016e364b2b8c97ac2491fb9

SHA256
dd016b08ae0c9a9a38f1a47681352db64ff7558617ed74bd91066aa1029e2132

SHA512
6c7993c1d5d76bd3950955f0ea3c38acb2ebb369f4a9e40aad4be12c65fcb8d93bcc898487ff12c9035c8883f56ffb5976a8974f575e83a26ba427c170b001ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NS66AAZN.cookie

Filesize
240B

MD5
2bfcbb0e91224149f81139305c982ac8

SHA1
0eacb996e86546480fc644fe5a9ad76bdea1a3d3

SHA256
32b36455f87cb6184cea04ad57c313fd1ba6d164bf44a991fe1944b247a2368c

SHA512
844fca904f3b8204f3b447b070efabe4b0268293fc8069c9748951e9e527519ec07a3243f331f5e90917c97617be533010a693c656ef0b8c5ba6b3fe3a48bb4f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\P258Y1XD.cookie

Filesize
74B

MD5
b7f380d12a8885d9a4e3c21239b82882

SHA1
678eb39610cacd52437202a3015700a25436f948

SHA256
aa7d5771565ce67eb21dcacd6201de2dca15c72660d21eae3c4dbe8c9c7e0863

SHA512
9b50e82033c49eb84289a89f80a0c2ae53fb62296182363d04041bf0508a41ec533865c4e2b0acbbf4c5d26df87a5166c62283a44cad2f6c81b0aff2a2d524d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TNXX2F00.cookie

Filesize
74B

MD5
b7f380d12a8885d9a4e3c21239b82882

SHA1
678eb39610cacd52437202a3015700a25436f948

SHA256
aa7d5771565ce67eb21dcacd6201de2dca15c72660d21eae3c4dbe8c9c7e0863

SHA512
9b50e82033c49eb84289a89f80a0c2ae53fb62296182363d04041bf0508a41ec533865c4e2b0acbbf4c5d26df87a5166c62283a44cad2f6c81b0aff2a2d524d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
6345406f1ff6680a9341efa991df2dbe

SHA1
f350b7f5a3cce695dc1817203e8a1ded459345f2

SHA256
cfc7b2e2e8abe068d6b4b5a4305b326050513dd52c502992f0707cc19570d40a

SHA512
83e54924f17e9d76404fcf2f6d458ec43d5cce8bfbb743fbf9d0f0c0510aaea87460d79bbaad17ac3996a1609b54264f570c5bf92c04e3ab58fd6b39f58ad56d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
cfbc16e33dcbef6f773f0f79af528f45

SHA1
ecb8d5e8107bc671dd57fb2a137c00bffa419f1f

SHA256
f0937890fb1053069baac97b7992c6d22cb74cae20317fc05d51070d96950ffa

SHA512
59ac2ead1eb84edffb06867850beb1e63f72c5b5415abd2fd4e7c2a1922c368f612d2a0288c00e32d5da47c4a77968ffbe72660a8d1f577f44fb20df9c11a4af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_493284374B90C6C6F6636D109026CDE6

Filesize
472B

MD5
e24d71b62e3bbb13b96bdb8f206b5385

SHA1
f2fed53f537777abb97b0eb20296ebb25f36a0da

SHA256
434a35ddd7e5ee7f635a9e16d70a37fd82ab515523a27256cdb32e20c26b28d6

SHA512
8aa7539df594957f81dbb9bc36205efa43bd106f49dc4cc429a61301759f9d90a4fc90bdb8c2a6d7b60f4f29e326a10801f46811e661520fae2b9827f9cfd81b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
fe849803acebe8066d0e7f72bffb3172

SHA1
1ac429298ec802ede1658c1a679f28b6bf783ded

SHA256
a30599b84c8802c487fe9326497b34adbefe10016afc236a9ad0489d99c6b605

SHA512
37e1af8012ea3facf063392bb9158ad4cf33fe8badbd3fe9689092f22bcdd533065cf94aa930082279486f5dde87c9353fef9434210ab182780ca36aa0fda82d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
b14ffac1a7a595bb2353dd6b9a705a2f

SHA1
378f1ba2f989c675a054a17f36511221244f0cc8

SHA256
0579a5c53fff4503ceb18d9726fbc792b0d12fe6a818bd59cb96e23319a9a66d

SHA512
be73a73ed2fac1501246cbdeb1bfb5af053fe6f535b9d8b7c6d21eec8bb1c23113f09dedb2dec27639ad360c724e118b5fbfebe01ed546bc0283c74e52da77e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
4e4bd1038d0792eac4f06f27632e19be

SHA1
5c23bae5cb10ccb11801489e55abceea0169d06e

SHA256
bd82bd720a9ce5a8724bdf916189f0f91c90deb7b8c5596b940839964c047995

SHA512
94c550e817cfbc373beae02cb1dbf44cc498c2527d101bf464d38c0f2f97ca9d3cd1a3b1ba0a783bcc95c4a0d183118d844bb364ff608f178c5ac002916902cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_493284374B90C6C6F6636D109026CDE6

Filesize
402B

MD5
8ee55d7eba1d80b1092a65d674021393

SHA1
1e7689c2580230466ce3b93d01dbc95875e2ff77

SHA256
68d20086edbee331983d973a152cf187a80bcc55386a6bd0928a821d7e73fff3

SHA512
d1194672984f567cedd7f54433806e4367ee3a174da906bbf8697e78207ab8cf789759e4ce0d1f8d4aff3bb8c3b626bde5d931a1084a9655815de50e515ed3e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js

Filesize
7KB

MD5
a6929cfbb14d3fdc4f4abcb3c445661b

SHA1
66bc6a2bb45379245a40b512de95b5e094a7aa22

SHA256
b021936c4991177ec135ead65951c463b8fc3940c55f0f7abad998819603841b

SHA512
a4143a3bcdb52a33f77f9e82d459187d97258d2f892232a8db4ce4bccf6af156fed1ff82c950319d4bf2f7deaebd12cc1473faa482e3f8ef42a6a1f56c995894

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js

Filesize
6KB

MD5
9fb461d832aa9ccb3d75bc25e3d72c48

SHA1
6d98f49ff75954f3ce81e0b9ea5e1ccac1113109

SHA256
8240dc01812711ba0727284445b868c8c9cc15543fa4e5dc2337d9151cd20c05

SHA512
72e7bb1cfb54d2906fb167d7e879844309c5a69b39f51d231429b31fb1f9e9ca7920965466979a07884d0900bec9b1c93312e19dab1bcec83168217bf5d977ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs.js

Filesize
6KB

MD5
0d3069afb47de65cb1cd81daa84d2cf2

SHA1
5ce714cde88c1192625ef9689c8bb462030383d0

SHA256
c2361643f0b5282ca21a857889a0e9e3ad9dd312458ad3f4562dbbc32da7fc77

SHA512
ebd71795ceb165d982285fe7eeebd6f8043b60ae44032aac9143023463b2e6a104626cd3a81e787bbf60bfb865c3e210fe92a5336bcd653d372026e4721fe718

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5eb96e8b561b1216cfd1923e264c6ead

SHA1
7a6658a67ff586c85e04c7a9b8105bc5a2cd13e7

SHA256
9ac775c1f00e496db71e570c478cd71dbc2324cd0fe5f40a28a35ed97268e4f1

SHA512
84f83b911fbcd4bce3ebef8f8a3abc2c28ba25ededa5608934ac2e498c3ffbfb096d0315fea47457b081937dd940d598004a8dd67662b8f25029b9ddf83a30fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
77da53313a7f0a2e52bccb089203fadc

SHA1
6b8a6ad13d4ab1ceaa054c4cee2b27e06501d54a

SHA256
f01a2c1eb02c294617073d142ee1eaf278e16c69b27872b232655568bd2a2a47

SHA512
794769ee8da3a6dbfe1efc046c3344e44ba4417c482a08f9a92af8398343d598b37a8eb7a802abbc8a0b900e7904d0c82811a342aa942a2e09128aedf8733428

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
bc8796dc619c9fa6d7a2a09d5e0b1135

SHA1
16be95133115cd79f59a6504435b0e0d37111086

SHA256
12be441e67e9b3159ada8cc980a51679b90cef16887d91ea303e5e8499c97123

SHA512
b8ae814e95dcb35d64d461051866b41b72e734e559961c5f50a4a66ef057a7aa4feb60c0e2ef2e9bf010f4e1ba1c2ac02a3b37757cf4b2fe00747ef6a11b45af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
eab4adf7449c349812ecc76becf13092

SHA1
1014e3df6db5c42ba6c3726d49be5d3926089785

SHA256
826d99bd8f5f34b669ed8b3b951934f958e24b0c78cf6d21b44d13ad004c8c61

SHA512
253524b007ccce5c50e5e54bfddf868dd326a8fb9e35380cb2638f308e0520dc51065c039867dca2507d9db1220741da14c4e7512ecfdab9fbd12b4ca757d5f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
543cf6beca7258a1da5731ccf9b99e9c

SHA1
e64062d433892854541278e52f5d6840c8010fa9

SHA256
bb913ed01e59329bdbaea3dacaa260ed676ce90f847bb88ae6bb6e363c6209de

SHA512
f86eb346d1a52d745bfe193538ec10fa8bd08c6fbb68140dadcb0f513bc4fe84cde7a737394778aec226b48649c4f21d0e03947b548d8d2602436df7880d42f3

Download Submit
memory/3060-339-0x000001CC00000000-0x000001CC016AE000-memory.dmp

Filesize
22.7MB

Download
memory/3060-362-0x00007FF8908E0000-0x00007FF89098E000-memory.dmp

Filesize
696KB

Download
memory/3060-0-0x00007FF8527F0000-0x00007FF852800000-memory.dmp

Filesize
64KB

Download
memory/3060-17-0x00007FF84FBF0000-0x00007FF84FC00000-memory.dmp

Filesize
64KB

Download
memory/3060-16-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-15-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-14-0x00007FF8908E0000-0x00007FF89098E000-memory.dmp

Filesize
696KB

Download
memory/3060-13-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-251-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-356-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-12-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-18-0x00007FF84FBF0000-0x00007FF84FC00000-memory.dmp

Filesize
64KB

Download
memory/3060-11-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-10-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-8-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-6-0x00007FF8527F0000-0x00007FF852800000-memory.dmp

Filesize
64KB

Download
memory/3060-5-0x00007FF8527F0000-0x00007FF852800000-memory.dmp

Filesize
64KB

Download
memory/3060-3-0x00007FF8527F0000-0x00007FF852800000-memory.dmp

Filesize
64KB

Download
memory/3060-4-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-2-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/3060-1-0x00007FF892760000-0x00007FF89293B000-memory.dmp

Filesize
1.9MB

Download
memory/4168-211-0x000001A3AA620000-0x000001A3AA630000-memory.dmp

Filesize
64KB

Download
memory/4168-330-0x000001A3B0C50000-0x000001A3B0C51000-memory.dmp

Filesize
4KB

Download
memory/4168-227-0x000001A3AAE00000-0x000001A3AAE10000-memory.dmp

Filesize
64KB

Download
memory/4168-246-0x000001A3AA7D0000-0x000001A3AA7D2000-memory.dmp

Filesize
8KB

Download
memory/4168-329-0x000001A3B0C40000-0x000001A3B0C41000-memory.dmp

Filesize
4KB

Download
memory/4220-905-0x0000018D2EE00000-0x0000018D2EF00000-memory.dmp

Filesize
1024KB

Download
memory/4264-331-0x00000231F8460000-0x00000231F8462000-memory.dmp

Filesize
8KB

Download
memory/4264-347-0x00000231F7940000-0x00000231F7960000-memory.dmp

Filesize
128KB

Download
memory/4264-508-0x00000231F7590000-0x00000231F7690000-memory.dmp

Filesize
1024KB

Download
memory/4264-327-0x00000231F8440000-0x00000231F8442000-memory.dmp

Filesize
8KB

Download
memory/4264-303-0x00000231F7570000-0x00000231F7590000-memory.dmp

Filesize
128KB

Download
memory/4264-292-0x00000231F7510000-0x00000231F7512000-memory.dmp

Filesize
8KB

Download
memory/4264-290-0x00000231F74F0000-0x00000231F74F2000-memory.dmp

Filesize
8KB

Download
memory/4264-288-0x00000231F7430000-0x00000231F7432000-memory.dmp

Filesize
8KB

Download
memory/4264-286-0x00000231F7410000-0x00000231F7412000-memory.dmp

Filesize
8KB

Download
memory/4264-521-0x00000231F6940000-0x00000231F6960000-memory.dmp

Filesize
128KB

Download
memory/4264-523-0x00000231F7900000-0x00000231F7920000-memory.dmp

Filesize
128KB

Download
memory/5052-371-0x00000262FF500000-0x00000262FF600000-memory.dmp

Filesize
1024KB

Download
memory/5052-649-0x00000262FE960000-0x00000262FE980000-memory.dmp

Filesize
128KB

Download