hxxps://www[.]darknet[.]org[.]uk/2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/

Analysis

max time kernel
23s
max time network
50s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
19/03/2024, 00:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.darknet.org.uk/2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Universal Phone Converter"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\darknet.org.uk\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "DebugPlugin"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{37A9D401-0BF5-4366-9530-C75C6DC23EC9}"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "804"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "German Phone Converter"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40A;C0A"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech HW Voice Activation - English (United States)"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40C"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Zira Mobile"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft David Mobile - English (United States)"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.darknet.org.uk\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "409"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\doubleclick.net\NumberOfSubdo = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\darknet.org.uk\Total = "6969"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Japanese Phone Converter"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Discrete;Continuous"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SR Engine (11.0) Text Normalization"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Mark"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "11.0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{6BFCACDC-A6A6-4343-9CF6-83A83727367B}"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6987"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "I 0069 Y 0079 IX 0268 YX 0289 UU 026F U 0075 IH 026A YH 028F UH 028A E 0065 EU 00F8 EX 0258 OX 0275 OU 0264 O 006F AX 0259 EH 025B OE 0153 ER 025C UR 025E AH 028C AO 0254 AE 00E6 AEX 0250 A 0061 AOE 0276 AA 0251 Q 0252 EI 006503610069 AU 00610361028A OI 025403610069 AI 006103610069 IYX 006903610259 UYX 007903610259 EHX 025B03610259 UWX 007503610259 OWX 006F03610259 AOX 025403610259 EN 00650303 AN 00610303 ON 006F0303 OEN 01530303 P 0070 B 0062 M 006D BB 0299 PH 0278 BH 03B2 MF 0271 F 0066 V 0076 VA 028B TH 03B8 DH 00F0 T 0074 D 0064 N 006E RR 0072 DX 027E S 0073 Z 007A LSH 026C LH 026E RA 0279 L 006C SH 0283 ZH 0292 TR 0288 DR 0256 NR 0273 DXR 027D SR 0282 ZR 0290 R 027B LR 026D CT 0063 JD 025F NJ 0272 C 00E7 CJ 029D J 006A LJ 028E W 0077 K 006B G 0067 NG 014B X 0078 GH 0263 GA 0270 GL 029F QT 0071 QD 0262 QN 0274 QQ 0280 QH 03C7 RH 0281 HH 0127 HG 0295 GT 0294 H 0068 WJ 0265 PF 007003610066 TS 007403610073 CH 007403610283 JH 006403610292 JJ 006A0361006A DZ 00640361007A CC 007403610255 JC 006403610291 TSR 007403610282 WH 028D ESH 029C EZH 02A2 ET 02A1 SC 0255 ZC 0291 LT 027A SHX 0267 HZ 0266 PCK 0298 TCK 01C0 NCK 0021 CCK 01C2 LCK 01C1 BIM 0253 DIM 0257 QIM 029B GIM 0260 JIM 0284 S1 02C8 S2 02CC . 002E _\| 007C _\|\| 2016 lng 02D0 hlg 02D1 xsh 02D8 _^ 203F _! 0001 _& 0002 _, 0003 _s 0004 _. 2198 _? 2197 T5 030B T4 0301 T3 0304 T2 0300 T1 030F T- 2193 T+ 2191 vls 030A vcd 032C bvd 0324 cvd 0330 asp 02B0 mrd 0339 lrd 031C adv 031F ret 0331 cen 0308 mcn 033D syl 0329 nsy 032F rho 02DE lla 033C lab 02B7 pal 02B2 vel 02E0 phr 02E4 vph 0334 rai 031D low 031E atr 0318 rtr 0319 den 032A api 033A lam 033B nas 0303 nsr 207F lar 02E1 nar 031A ejc 02BC + 0361 bva 02B1 G2 0261 rte 0320 vsl 0325 NCK3 0297 NCK2 01C3 LCK2 0296 TCK2 0287 JC2 02A5 CC2 02A8 LG 026B DZ2 02A3 TS2 02A6 JH2 02A4 CH2 02A7 SHC 0286 rhz 02B4 QOM 02A0 xst 0306 T= 2192 ERR 025D AXR 025A ZHJ 0293"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6849"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "309C 309C 30A1 30A1 30A2 30A2 30A3 30A3 30A4 30A4 30A5 30A5 30A6 30A6 30A7 30A7 30A8 30A8 30A9 30A9 30AA 30AA 30AB 30AB 30AC 30AC 30AD 30AD 30AE 30AE 30AF 30AF 30B0 30B0 30B1 30B1 30B2 30B2 30B3 30B3 30B4 30B4 30B5 30B5 30B6 30B6 30B7 30B7 30B8 30B8 30B9 30B9 30BA 30BA 30BB 30BB 30BC 30BC 30BD 30BD 30BE 30BE 30BF 30BF 30C0 30C0 30C1 30C1 30C2 30C2 30C3 30C3 30C4 30C4 30C5 30C5 30C6 30C6 30C7 30C7 30C8 30C8 30C9 30C9 30CA 30CA 30CB 30CB 30CC 30CC 30CD 30CD 30CE 30CE 30CF 30CF 30D0 30D0 30D1 30D1 30D2 30D2 30D3 30D3 30D4 30D4 30D5 30D5 30D6 30D6 30D7 30D7 30D8 30D8 30D9 30D9 30DA 30DA 30DB 30DB 30DC 30DC 30DD 30DD 30DE 30DE 30DF 30DF 30E0 30E0 30E1 30E1 30E2 30E2 30E3 30E3 30E4 30E4 30E5 30E5 30E6 30E6 30E7 30E7 30E8 30E8 30E9 30E9 30EA 30EA 30EB 30EB 30EC 30EC 30ED 30ED 30EE 30EE 30EF 30EF 30F0 30F0 30F1 30F1 30F2 30F2 30F3 30F3 30F4 30F4 30F5 30F5 30F6 30F6 30F7 30F7 30F8 30F8 30F9 30F9 30FA 30FA 30FB 30FB 30FC 30FC 30FD 30FD 30FE 30FE 0021 0021 0027 0027 002B 002B 002E 002E 003F 003F 005F 005F 007C 007C"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\darknet.org.uk\Total = "6933"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SR en-US Lookup Lexicon"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HW"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 5 IoCs

pid	Process
3060	MicrosoftEdgeCP.exe
3060	MicrosoftEdgeCP.exe
3060	MicrosoftEdgeCP.exe
3060	MicrosoftEdgeCP.exe
3060	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4352	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4352	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4352	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4352	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4540	MicrosoftEdge.exe
3060	MicrosoftEdgeCP.exe
4352	MicrosoftEdgeCP.exe
3060	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76
PID 3060 wrote to memory of 3268	3060	MicrosoftEdgeCP.exe	76

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.darknet.org.uk/2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/"
1⤵
PID:3400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4540

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3YLBHQZG\f[3].txt

Filesize
176KB

MD5
8b455f26eb5c49fc6a627e0440f9836c

SHA1
ba203602e478bdf2e6b19eb428c0c613a4aa762b

SHA256
fb3290118fe890d928234782fc5412892a231bf9431af284bddb894ea05174a0

SHA512
546cd5aa88b2a6504b7cf021e37e6bfdbb4a5130594318d025fa446e968cfc99c621bf4a708e20eb9b0f9c023e9aa745f6903b980b5c1a2a836d3427667a31a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CWI5TG4Q\45724205b9cbdc36d15f8718951eb91a[1].js

Filesize
53KB

MD5
45724205b9cbdc36d15f8718951eb91a

SHA1
f95d5f77877d7d5840e28804916a99e8a790438f

SHA256
0ea6356d669df5d23f757ee61b858966efcadfd8c42ea024bf3c5c721fe1fe95

SHA512
26a7ec8a1f8a9388f2f563dc8af79a06d499f2464f2be66eb0b7e558f851ccc1fbfa018e950eae8e3619127af1c1c536549ec26f1a44f729d165788dfe2d5a9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CWI5TG4Q\f[1].txt

Filesize
29KB

MD5
aaed27e95f23c9a82eb2eb601eac3bd6

SHA1
49ddd6f9081f334825b8544bc2abe667bdbd4851

SHA256
6ce4844dac7fea1e64925cbc809d1aa273c0bc7965ce7161c6cb86099b92e2bb

SHA512
637b64b8ff2a51ebd42e63ce22e735df285cf6a2b811945f3782b95b3c61822d10c6eb4e91701ece3df4bb8f06b5101e8eac5188b54a037b610468b4f6d1fa51

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CWI5TG4Q\f[3].txt

Filesize
205KB

MD5
c3e502a121ee1893044e732afca36d8e

SHA1
e59d9253b92c6ad6bb3aae704b4ddf8e063fe088

SHA256
4b10a155838bd5355a620824cba9d3611cd77be60ac2b23e4296c6f66bedef35

SHA512
243c82b1028c90644a47478ebf0396a407377fb520db6cd9436546fbfcebcbc676e236c83f0315e9e68b28a1dcff961695f70c87e160596b7b8d3cf689319d24

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K82UCVOZ\d36uSxnIL8ldx8TFx91fzHwYiWmBZ4lpuKiJzeb80YQ[1].js

Filesize
51KB

MD5
fc806dbb3261002aafe4b284c24554e5

SHA1
016d8889479b9c62ed263b9ee165592968b7a02b

SHA256
777eae4b19c82fc95dc7c4c5c7dd5fcc7c18896981678969b8a889cde6fcd184

SHA512
99ac5d85f27780e3a74d49ea1b5ee193545c858f88015456cb0a858f76311ee24b64d58118f7a835b32fa8614b093f6fe050ac7337868ef1270cc81cb15e027b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K82UCVOZ\f[1].txt

Filesize
2KB

MD5
4c38d208d9d973925492b711fcbbf71e

SHA1
ca9aecef92acf22b2234e16dbb52133e45a80cbf

SHA256
cdbe9b84c30a00229826b0b1e354c94d36dd6bf16e6580bbef43877689c8f5bb

SHA512
24ed59d2de3c055a0a64ffe7a37eee094a8b7512489a04be0fc53de80bf21d16f2fff68be1cac49f2e7b4f75cb7ad32793501494982c5723fe135a6d7d88e2fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K82UCVOZ\f[2].txt

Filesize
30KB

MD5
2fa7d99995a29b526b8b23dd82f9f107

SHA1
9825be196fbe3226d418359aed6a7cb61450b3ab

SHA256
b4665fbd1c393f6a6340aa12fdfe61c9481dd3a6e9292a850feef98a621e89ba

SHA512
afe362f90cdccb5e1a7e9f6cf4b3a7da503c091a1d41f81d3c5215970b8c8955b9c758a3f2212c7242afa77f3f54e36fc6c37f6a2a42cfa15121ce9ddf7bd71a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K82UCVOZ\f[3].txt

Filesize
2KB

MD5
43df87d5c0a3c601607609202103773a

SHA1
8273930ea19d679255e8f82a8c136f7d70b4aef2

SHA256
88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

SHA512
2162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K82UCVOZ\pixel[1].png

Filesize
170B

MD5
e7673c60af825466f83d46da72ca1635

SHA1
fc0fcbee0835709ba2d28798a612bfd687903fb5

SHA256
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

SHA512
f1c33e72643ce366fd578e3b5d393799e8c9ea27b180987826af43b4fc00b65a4eaae5e6426a23448956fee99e3108c6a86f32fb4896c156e24af0571a11c498

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\460GURFM\googleads.g.doubleclick[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YTO8ONG1\www.darknet.org[1].xml

Filesize
8KB

MD5
ece2e723a72d12337cdedfaa9cc645d8

SHA1
3504c95ae8393ad7f5d06912baad178ba2200b1f

SHA256
b6beb490b36e1f8685f9837d8ef23d93efd716eea83cae894bba629cbbbef161

SHA512
aef7425683899ee80c78aa1127d1558670e602ebcb306631ac976a1f24b921e7205465b4b3b05fed2b97d7668cc8bd01c96b6aae2c108d39ba26193cb8000d7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JMXSTV88\cropped-site_icon_new-32x32[1].png

Filesize
552B

MD5
b23bd34c86513b99e8996bfc6f55487d

SHA1
3e40901b1217ce7d94dda98eede3f9738b8c69a4

SHA256
5090a46c3d778e4ebe004d6708c8d5cecd3712671686417c1c16ff8820c74f8d

SHA512
da29b135664fa65f511876160b8dfabcf0694706f7eabecbdf17627f1785e13d4fd4bc8b08fef351a790aca44177ff2d8960e97afce361ef5c528f2fc4890826

Download Submit
memory/3268-474-0x000001EACEC80000-0x000001EACED80000-memory.dmp

Filesize
1024KB

Download
memory/3268-506-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-121-0x000001EACD1C0000-0x000001EACD2C0000-memory.dmp

Filesize
1024KB

Download
memory/3268-184-0x000001EACE2F0000-0x000001EACE2F2000-memory.dmp

Filesize
8KB

Download
memory/3268-318-0x000001EAD1300000-0x000001EAD1400000-memory.dmp

Filesize
1024KB

Download
memory/3268-410-0x000001EACE120000-0x000001EACE122000-memory.dmp

Filesize
8KB

Download
memory/3268-416-0x000001EACE130000-0x000001EACE132000-memory.dmp

Filesize
8KB

Download
memory/3268-426-0x000001EACE140000-0x000001EACE142000-memory.dmp

Filesize
8KB

Download
memory/3268-428-0x000001EACE150000-0x000001EACE152000-memory.dmp

Filesize
8KB

Download
memory/3268-440-0x000001EACFEE0000-0x000001EACFFE0000-memory.dmp

Filesize
1024KB

Download
memory/3268-525-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-316-0x000001EAD1300000-0x000001EAD1400000-memory.dmp

Filesize
1024KB

Download
memory/3268-485-0x000001EAD3100000-0x000001EAD3200000-memory.dmp

Filesize
1024KB

Download
memory/3268-208-0x000001EACD8C0000-0x000001EACD8C2000-memory.dmp

Filesize
8KB

Download
memory/3268-204-0x000001EACD130000-0x000001EACD132000-memory.dmp

Filesize
8KB

Download
memory/3268-202-0x000001EACCED0000-0x000001EACCED2000-memory.dmp

Filesize
8KB

Download
memory/3268-193-0x000001EACC9F0000-0x000001EACC9F2000-memory.dmp

Filesize
8KB

Download
memory/3268-341-0x000001EACE000000-0x000001EACE100000-memory.dmp

Filesize
1024KB

Download
memory/3268-508-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-507-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-509-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-510-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-511-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-512-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-188-0x000001EACC6B0000-0x000001EACC6B2000-memory.dmp

Filesize
8KB

Download
memory/3268-520-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-523-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-513-0x000001EABBBE0000-0x000001EABBBF0000-memory.dmp

Filesize
64KB

Download
memory/3268-530-0x000001EAD4000000-0x000001EAD4100000-memory.dmp

Filesize
1024KB

Download
memory/4540-0-0x000001B934D20000-0x000001B934D30000-memory.dmp

Filesize
64KB

Download
memory/4540-371-0x000001B93B9D0000-0x000001B93B9D1000-memory.dmp

Filesize
4KB

Download
memory/4540-366-0x000001B93B9C0000-0x000001B93B9C1000-memory.dmp

Filesize
4KB

Download
memory/4540-35-0x000001B935BE0000-0x000001B935BE2000-memory.dmp

Filesize
8KB

Download
memory/4540-16-0x000001B935100000-0x000001B935110000-memory.dmp

Filesize
64KB

Download