1770c1362842209b3a76c517fcf0ed903cbde2dc29a139ed00219753f22698f1

Resubmissions

20/06/2024, 14:05

240620-rdzg1s1fma 4

20/06/2024, 14:02

240620-rcc8dsvhqn 6

Analysis

max time kernel
132s
max time network
169s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/06/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

e702f4e1e02f2a684d9e63b99f03342a
SHA1

ec9129c468d9e1420da467f219358fa79ca79c90
SHA256

1770c1362842209b3a76c517fcf0ed903cbde2dc29a139ed00219753f22698f1
SHA512

310c656d7ea11dda0de6e8972628adbbbbea466a1b2bed28d5533639b80ef638aa5ff88810262ff00f8af69505fb7ecd8df3b7bb75f477ad1288376c0b231f91
SSDEEP

384:cD4XYspY1ocy4r4lbGawBvhpN4c2gdK2fa2hOwV0b06fQfNxCqcR1:Kv1ocy4EEaMJpNx2p2hOwSb0gyxQR1

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633657859844600"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "3492"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "4165"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{25F6B5B1-8D84-42FD-BD90-98C95AE9954E} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 30d4b3ec4cc3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "233"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dc2f53871ac3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "425673734"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6b36da8a1ac3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
5904	MEMZ.exe
5916	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
5892	MEMZ.exe
5892	MEMZ.exe
2560	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
1240	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
1240	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
2560	MEMZ.exe
5892	MEMZ.exe
5892	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
5904	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
5892	MEMZ.exe
5892	MEMZ.exe
2560	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe
1240	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
5904	MEMZ.exe
5916	MEMZ.exe
5916	MEMZ.exe
5904	MEMZ.exe
1240	MEMZ.exe
1240	MEMZ.exe
2560	MEMZ.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4232	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	404	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4828	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4828	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4828	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeCreatePagefilePrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4016	MicrosoftEdge.exe
4232	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe
1828	MicrosoftEdgeCP.exe
5904	MEMZ.exe
5916	MEMZ.exe
2560	MEMZ.exe
5892	MEMZ.exe
1240	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 4828	4232	MicrosoftEdgeCP.exe	78
PID 4232 wrote to memory of 4828	4232	MicrosoftEdgeCP.exe	78
PID 4232 wrote to memory of 4828	4232	MicrosoftEdgeCP.exe	78
PID 4232 wrote to memory of 4828	4232	MicrosoftEdgeCP.exe	78
PID 4232 wrote to memory of 4828	4232	MicrosoftEdgeCP.exe	78
PID 4232 wrote to memory of 4828	4232	MicrosoftEdgeCP.exe	78
PID 2784 wrote to memory of 4408	2784	chrome.exe	85
PID 2784 wrote to memory of 4408	2784	chrome.exe	85
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 192	2784	chrome.exe	87
PID 2784 wrote to memory of 392	2784	chrome.exe	88
PID 2784 wrote to memory of 392	2784	chrome.exe	88
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89
PID 2784 wrote to memory of 2228	2784	chrome.exe	89

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"
1⤵
PID:5116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4016

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4828

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffdc9a9758,0x7fffdc9a9768,0x7fffdc9a9778
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:2
  2⤵
  PID:192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4624 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3084 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1828,i,14675305016988943760,1597172987154058510,131072 /prefetch:8
  2⤵
  PID:5244

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5424

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
PID:5856
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5892
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2560
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1240
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5904
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5916
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  PID:5644
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:6056

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
PID:5788

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
PID:5164
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:6008
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:6000
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:6016
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:6024
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:6028
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  PID:1080
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:5324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
186d573d824a0ae8ff2464d9e4a6471b

SHA1
c851d7757aeba1b8daf1d81f3778238e71e7ac00

SHA256
1f041e571883ba341537cc7eecfb22f955b8d1230752dedf90caf38c650d3b20

SHA512
d1d8449e8533d19192073684a0b81429e1f03572db4e61ef629f7635feec0e3c5e17bfe599e450bc677bdd59ec2f441a73de1bf2dab6e915762e5ec6bb56d22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9e43357a747c269daab3dd3d805249ec

SHA1
8baa9163fc1ea4dff406687a06d8b8a5a814110c

SHA256
f99a6ee2322b7b06988ddcb27f6e60991a83ee4cccf583a41178edcebf931a12

SHA512
a859f6630d715bde1359286ba03ed525e6f80072594783fa1708711439cdd0b8197f29915979b7c16f525befe5c9259be5a799684b5e59bb0072857b6d1bca99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
715449eb2d25d04bebeede36c1a3a292

SHA1
a312f8fd6f72f835b51fda7aa55ba52981a2f07c

SHA256
b2a28bf336347723c4981c19cd9bd630c9c81f8c18af33fe073f9038a6c299e2

SHA512
e50174081ae22bbd949244c12295439d4113c5ef270751a74705d8e8f45e4295dc4d95b8ef37beef6e7fb81c620a43ddc719d219177130c96661ac07f64784a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
489a3521f3768f46bb2b1c1fe9f9fab1

SHA1
d36d7a3cce9c3634ff06960bfdb54b6540c9ba49

SHA256
e3378e9af7a62dcfaf083f4b3f366cbedeade8a6c8b22af80248cb42902e2fc6

SHA512
9af29dda2bc1d01f9b6f59100ca0dc00ea32627ad1f3b02e1558f8e1724aece9156bc94760036fc380e43bfb6af505a19f368dc28eac6dffd81a357400e7688c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f0459eee450293d40c7401adde46caf9

SHA1
9d28c33f3449ffb11d9716b6511dba468328f75c

SHA256
94a51084f2a29574abb667e8e0af076847c55c60a1c74a7ccafcf881a4c39a87

SHA512
80381c9ef5e95c90c7f6c033c7b0c0106f388e956c7cc9e8bbfc5a16253c585cbda86180bdff64bcefb6e2343e205894d175e9c7f7024bb06155a947edec3226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c8250d450e5b095de4599199da2b7e5

SHA1
a0db1a91b290d5a9e8d4564326d4deeaa4cc1201

SHA256
668f30fa88f0b17192ac2adab5c881cab9a78f8fcb339834999f17dc5bde563f

SHA512
f84e783d743efd5fdedb7c21a57eab78faad37906f076d547173f32b6c7b11ff9f351f05ce0362d0e2eea60ba4a4eedfff2569f103046a977b0857e9814abd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0f37a4f9dc203362a64002d6df8241c2

SHA1
f95c1a451a2c704774398d36f2ea08e9ca3e7746

SHA256
89fcfcf7f8997a5468b72cc62d968383dd7276baafc1492c98ac9cbea247eba4

SHA512
96dd20b7270219589502202a4e6fd194b34c510c0bea6d099c412faa40fd6a20ae6388d629ff84b8a71f5cdb26d84d0b0d86dd156dd9e03029137d46f0402be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9029e1c51429021a002f8d3d37a1f9c3

SHA1
2dc682b841bddd4f190cfc0a8d0d6ec4fe620195

SHA256
0e05d8091f54b610490539a3d18fcc08ea9ffc6d1a73fc2bb32c39168f6e0cde

SHA512
d52ba281795c7c9628b7b4c6dcf9a93cd36e56cbd09e157b9e1c5ab1d6c583fca04a387119c6dda05c28d55c27adaa09af56bc8a4bb526b1f74365a18499f454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
21c88bb8c030b0d96f1c400e9f9ae31e

SHA1
7829e8be15f89cb909f3f85bd1ed246e85ce28b9

SHA256
ee8d5a0647aa36067b543481711d0c7669515179626663211bab572e760778cf

SHA512
a4b00eda5a79367f5eb98da3c64765398e179f3a062959568ba151436ae641cd8d444610f10684114e64fafa76bd55e709989bec8e1ed534f1ba544ccaceda5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1fd26a0cdd5cc586ac658396c9cba212

SHA1
82ffd88f117059f031ebb787d40581714aa769da

SHA256
1a1126c2faa5da37294805de46ebb6c64595967f17ef8d028108fccb2f0ca68a

SHA512
30da1bb3759214c2b0551a75a7d93a45a2a272e7ffda5c579d0152adb3f9ac00c6411eb1006bcc89db25655ea6b378db74ae0cef111dd6d35242874eeebab3f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
4fee29473bf9710214cdbc15cf400329

SHA1
0bdd484c83e09acbe7e233c97c9a9d943b53ff80

SHA256
315de6481dcc7906a43c03307e43d0a4a60807c2959e422a5d5182a125793922

SHA512
191e99e7cc3088929b301c059411dc10ddd209674b57f8bb0d9874eaa96012953c0addb713eeeef6f54e9db1c9dcc8fad6b36e4280561f1183a49ecf8aea0421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f2e82711-eb8b-471e-97f9-d6f075779e03.tmp

Filesize
6KB

MD5
24337e9be4f59c2fe848307b24bba10d

SHA1
649483ec8298ef364acccdec4e533ab683e12dce

SHA256
655ad95df1b896c510b0bd58752017f98844b6f87f586a7c7d45eec81fec9726

SHA512
352726d8195ab49f303580669591f5f4ebcea6d7c286b8f528ab5f93448a5934f9812b9151c48932c4f20d2d8568fa29bf1e9dec55c16c28406af6733068c322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
286KB

MD5
84286e3146a95315894a8b13cf81ba83

SHA1
5a2a924ec18f2b9394ee84794511d326a080e71a

SHA256
9ff754f8e7cea16de4083fcdf8e5e1fc97b80036545f95d4e9a286f3de60dcc8

SHA512
31235eb1c8e5fe094139c95b8a77553386b9efb09e1300f2ac43d70c479f4e09a579868bfea9d1009aa3cd4dc85a387784b4de5d1006e4554304f4c8133c4eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
8ced32755a982b07b47424f6c043977f

SHA1
908fefe16fe0612440930cf189474134f3f22fe5

SHA256
8f12868aabe303ad42e32c610e1fc9e0ea991cdb48e349a32e377964368fa0ef

SHA512
e4afe31e19f638b389076fa8959df6ecc0700659028ebe1e4b3fee84f4ab5b76d02d58e56e80f2d941ec853199dc879170598a49b9195e80e8a1637139770e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
0eef2cd1897ea2bd27d1a1200ce258ad

SHA1
aa0b7531f4e0d89879d274c7ef5ad1370e45a37b

SHA256
d2f307a477f320f300cc80b651d0dc70f2b94cac5e775cacaa39d6d9653b6b9c

SHA512
d1ed8ee6570804e2b569276fccac3011d54e0f257a7f8e555f389bd9c234f7029e5fbaaade44b17ab900da6cea33d4a8f2b135890a3fec7a4ac6aebd983aac79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
7db4f0481d2b5b9692e4cac764192729

SHA1
e52361f065403cdc43770748f0222b2427c1e7c1

SHA256
c77d689554e38ac01517f326b9d99054db1f895fde4fe04499648d9e0d9e7a5b

SHA512
568612aa04da93927515cf1a9656b1d3967b5efba12d71aed27b0a5a1117ffbb439e26fb3911bc22d3b5b4cd831698bc774f42d295013aeb2d170c35325af911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583236.TMP

Filesize
93KB

MD5
4abc07b008bdd6b8fd8a62c7987055ec

SHA1
3aa36d603f7b6316a47a6d4a403e6d9ae664c96c

SHA256
160b629009d7c61efbd8532a901bf7daee128e4018b69c800caa9251216c5bb8

SHA512
a1a95e724e08ed272e9bdfbf8f9b2dd304c441ec59eeb1b02c5271cef01885637d14e8e6d38265501fe64341b6ac4dfd35ae39ddbb54bf990e167b717e12c3ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\BO57K96A\www.bing[1].xml

Filesize
6KB

MD5
e14af8f22bd308e54f653f370c2d1c81

SHA1
dc3394713ddb70883810661beaef7200886575a9

SHA256
dd54179de85fe28fb2b3c6c44f6349cdec3c4deb18a3c4425a45c1ab373da30b

SHA512
8430b472e2128ed4dd3ad0fd07cfc7704fcadbdf29f3e15d949f3b5727ac74a988cbc03f783d1c5e5851d19bd5f4dfad376afbce925026200738ca4a4644c9b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\F6YMP8TH\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip

Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/404-44-0x000002AA0FB00000-0x000002AA0FC00000-memory.dmp

Filesize
1024KB

Download
memory/404-42-0x000002AA0FB00000-0x000002AA0FC00000-memory.dmp

Filesize
1024KB

Download
memory/1828-96-0x000001E76F700000-0x000001E76F800000-memory.dmp

Filesize
1024KB

Download
memory/1828-141-0x000001E77FA20000-0x000001E77FA40000-memory.dmp

Filesize
128KB

Download
memory/1828-146-0x000001E77FD10000-0x000001E77FD30000-memory.dmp

Filesize
128KB

Download
memory/4016-0-0x00000225B3620000-0x00000225B3630000-memory.dmp

Filesize
64KB

Download
memory/4016-35-0x00000225B2760000-0x00000225B2762000-memory.dmp

Filesize
8KB

Download
memory/4016-560-0x00000225BA6A0000-0x00000225BA6A1000-memory.dmp

Filesize
4KB

Download
memory/4016-16-0x00000225B3720000-0x00000225B3730000-memory.dmp

Filesize
64KB

Download
memory/4016-559-0x00000225BA690000-0x00000225BA691000-memory.dmp

Filesize
4KB

Download
memory/4828-58-0x000002651A620000-0x000002651A622000-memory.dmp

Filesize
8KB

Download
memory/4828-51-0x0000026509600000-0x0000026509700000-memory.dmp

Filesize
1024KB

Download
memory/4828-50-0x0000026509600000-0x0000026509700000-memory.dmp

Filesize
1024KB

Download
memory/4828-55-0x0000026519AB0000-0x0000026519AD0000-memory.dmp

Filesize
128KB

Download
memory/4828-56-0x000002651A600000-0x000002651A602000-memory.dmp

Filesize
8KB

Download
memory/4828-66-0x000002651A6B0000-0x000002651A6B2000-memory.dmp

Filesize
8KB

Download
memory/4828-64-0x000002651A690000-0x000002651A692000-memory.dmp

Filesize
8KB

Download
memory/4828-62-0x000002651A670000-0x000002651A672000-memory.dmp

Filesize
8KB

Download
memory/4828-60-0x000002651A650000-0x000002651A652000-memory.dmp

Filesize
8KB

Download