aafffe547de1f166e4aaee963d2b9af93b1f09c9a4e1cb4d551cb7d07c2b84aa

Analysis

max time kernel
150s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
29/06/2024, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Furk Ultra.exe
Size

87.5MB
MD5

09e2e90098a609fff4d1aa0af3a43621
SHA1

9041c201d1c6999453ba0e00a995a51beab1b430
SHA256

aafffe547de1f166e4aaee963d2b9af93b1f09c9a4e1cb4d551cb7d07c2b84aa
SHA512

2ad82c3028925f76edcc31ef31e057d081baf213c328b1412bdc61686912a2f36ee08afdf1f3527589be87629ce9e014690c9f371ed510ca651a0c9115e8714b
SSDEEP

1572864:9GeYzsQMjvg7bz9gwWxsF28gZqYyxv3G6W3OS1cHyf/u+w76YHDwRqiA:4IN+WxsF28gzevG6W3OS1jGWKDw4iA

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
3200	Furk Ultra.exe
2396	Furk Ultra.exe
1484	Furk Ultra.exe
4076	Furk Ultra.exe
4880	Furk Ultra.exe
3308	Furk Ultra.exe

Loads dropped DLL 11 IoCs

pid	Process
3200	Furk Ultra.exe
2396	Furk Ultra.exe
1484	Furk Ultra.exe
2396	Furk Ultra.exe
2396	Furk Ultra.exe
2396	Furk Ultra.exe
2396	Furk Ultra.exe
4076	Furk Ultra.exe
4880	Furk Ultra.exe
3308	Furk Ultra.exe
3308	Furk Ultra.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Windows\CurrentVersion\Run\Furk Ultra = "C:\\Users\\Admin\\AppData\\Roaming\\Furk Ultra\\Furk Ultra.exe"	Furk Ultra.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Furk Ultra.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Furk Ultra.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Furk Ultra.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3308	Furk Ultra.exe
3308	Furk Ultra.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe
Token: SeShutdownPrivilege	3200	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	3200	Furk Ultra.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 3200	2824	Furk Ultra.exe	82
PID 2824 wrote to memory of 3200	2824	Furk Ultra.exe	82
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 2396	3200	Furk Ultra.exe	83
PID 3200 wrote to memory of 1484	3200	Furk Ultra.exe	84
PID 3200 wrote to memory of 1484	3200	Furk Ultra.exe	84
PID 3200 wrote to memory of 4076	3200	Furk Ultra.exe	85
PID 3200 wrote to memory of 4076	3200	Furk Ultra.exe	85
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86
PID 3200 wrote to memory of 4880	3200	Furk Ultra.exe	86

C:\Users\Admin\AppData\Local\Temp\Furk Ultra.exe
"C:\Users\Admin\AppData\Local\Temp\Furk Ultra.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
  "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3200
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1628,i,12946014290234803681,2691207703467846266,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2396
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --mojo-platform-channel-handle=1920 --field-trial-handle=1628,i,12946014290234803681,2691207703467846266,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1484
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2244 --field-trial-handle=1628,i,12946014290234803681,2691207703467846266,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4076
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1628,i,12946014290234803681,2691207703467846266,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4880
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3708 --field-trial-handle=1628,i,12946014290234803681,2691207703467846266,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Furk Ultra\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\libGLESv2.dll

Filesize
6.8MB

MD5
18d62249e5bd4fa1f66c95a9ee9eb275

SHA1
4ea5d8344a8fc09ed2bda4d3034c3c8410c85e91

SHA256
3299de173b3e5ce2f69476b77d96f6a758b2ccfdf3ad811902e5cd511c6888ff

SHA512
fa29557836e56f981249ee8500a8271a7795cbe2a4afb6abbbd57e4aa26c6b731d151258f093643bbfa18cd9adf706a9e4d532481c62d713b7f1a1045301dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources.pak

Filesize
4.9MB

MD5
c7b17b0c9e6e6aad4ffd1d61c9200123

SHA1
63a46fc028304de3920252c0dab5aa0a8095ed7d

SHA256
574c67ecd1d07f863343c2ea2854b2d9b2def23f04ba97b67938e72c67799f66

SHA512
96d72485598a6f104e148a8384739939bf4b65054ddde015dd075d357bcc156130690e70f5f50ec915c22df3d0383b0f2fbac73f5de629d5ff8dab5a7533d12b

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\icon.ico

Filesize
28KB

MD5
e718b557b56021745c64f924972e082a

SHA1
fd77644ba0e3e643fe31a9d8e8dabb43b1741342

SHA256
8b063509b751d03434b657a555a0a863573f0b7261d4ecf675f969fc4abb1514

SHA512
f528be23c02847bf8efd2eb8f04e02597a23aa4fee1e3f62ab35403eb2df89dbdb0695a7b41516ea5d5188d901dd9a1140727cec0e06599533ee578555940fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\lib\main.js

Filesize
496KB

MD5
7327af37c332ad146899073ec665a18a

SHA1
d35b0c9187a674bbe16687dc7c857d65b94a6f36

SHA256
d6d58a6a98a77a3c0cdb45e642d0a5d125ff3d75bb1f42e7803d100a9160dd05

SHA512
39d35e82d355b573e7ad153b2f4a36b226c39127bd19c48f722b670813d86adfc658563afa53c4129289ad397985f801020daf11174f7df850ea622cb0356435

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\lib\preload.js

Filesize
12KB

MD5
cfd7e6489b0d63738319982f68ff935e

SHA1
d05ab48d9dc3a52946511c2c4cf5de0fcb4f1290

SHA256
d50ca2fa212df1c1ff69b5d26ba594bd39bfd86a71b068a650cc577e5dc9a94e

SHA512
9b4c0fb83033163f8e8e35c9da2d33265f7d36eefa22774399abaf867e3d22a3e0cba71f2bb2037fe055e5b9932b25dd98a63b7543c3a15f2667ec40d7bcdf93

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\nativefier.json

Filesize
958B

MD5
41dc3e744563e3642c2bc516997d6f56

SHA1
549a2bd27f5d97c3f18f28375c6d769739c3818e

SHA256
405878eda58ebdfa94a7d47192c0ac36a26e88bc995cc4a858ac4e197c1c5146

SHA512
79b44908c531ba3921d9637b1df56fe71e4e519556f16d569e3aa94e71e1c7160eebde274a90d354c9f40ba7d92a25e8253f3cd0ead1825855d7a055426f8070

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\package.json

Filesize
597B

MD5
3bc4c02fee47249319a04daad21b4930

SHA1
32a161782fa72efb0c189d6c6240b1add0513f0d

SHA256
38bdba6eba2bc4ded383d59ec5d53cb9516ce0ea6db65d477a02242bd115dfbc

SHA512
2152d5f4ff69ea2db7b576cccbf695a7cd70ec339fb5f79b8359cb2d7fc79767cd491fc7e14cd4cfec9dab8562a11d3b223f88680f03b4edaf925c83a41b756e

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
5ae51c6b23959b8e99574b7df281aa70

SHA1
31ff3f9197db16df7b5fab561b79613f79d37c5f

SHA256
1ef164160d1db28508c39e6a19657dcb2aaa6380b9d7dd992d44505a86a63951

SHA512
3ecc4898491c7392c9742096e6cafa125fdd5b353172a394acc49b1771fdf1f8824ee4d68c5b3fda071652b928e05ff2ba6c730123ac0e309f965616c30e0d84

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
862911fcfda8b6117f5b124d679974f3

SHA1
4bf06627503c0bdfde5a536d53c77b82050a0eb1

SHA256
94cf5fcdc46ba2479c6727626dbb68a6fbbc006ae8dd94e3246fce191563b22b

SHA512
c6146c9b55c2daa4c793b20a1060d78c453acb3ce7ba5408b9451c39fa4d452228678207b3fb403c107c9d2519d8d4c006c4d605ad1d05e17870fb0c83461b61

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\Network Persistent State

Filesize
1KB

MD5
2e1b821b8b4579864046c5b795de3446

SHA1
c47ada06d91bd9f6ad7cc9360abd60e0012b7bee

SHA256
0739eb34ddcd9644c12c8d9d99bfc76475ad618c609f1c02014c413f89391086

SHA512
bac05d536304e6b1cc68ee97e95ae43609eb2d401276acc8bdb13ab4d70d30d3b9401e097425f20f5da78a7b69a2a6cf4316d5dbe761e6368ce7aa72ff71c954

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\Network Persistent State~RFe58b2ff.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/2396-216-0x00007FFAA1880000-0x00007FFAA1881000-memory.dmp

Filesize
4KB

Download
memory/2396-320-0x000001EC881D0000-0x000001EC882A6000-memory.dmp

Filesize
856KB

Download
memory/2824-0-0x0000000001370000-0x0000000001371000-memory.dmp

Filesize
4KB

Download
memory/2824-184-0x0000000000730000-0x0000000000A13000-memory.dmp

Filesize
2.9MB

Download
memory/2824-202-0x0000000000730000-0x0000000000A13000-memory.dmp

Filesize
2.9MB

Download
memory/3308-396-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-398-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-399-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-397-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-401-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-400-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-391-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-390-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-389-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/3308-395-0x000001A393610000-0x000001A393611000-memory.dmp

Filesize
4KB

Download
memory/4880-313-0x00007FFAA2460000-0x00007FFAA2461000-memory.dmp

Filesize
4KB

Download
memory/4880-379-0x0000020EEBE40000-0x0000020EEBEE3000-memory.dmp

Filesize
652KB

Download
memory/4880-361-0x0000020EEBE40000-0x0000020EEBEE3000-memory.dmp

Filesize
652KB

Download
memory/4880-340-0x0000020EEBE40000-0x0000020EEBEE3000-memory.dmp

Filesize
652KB

Download
memory/4880-339-0x0000020EEBD60000-0x0000020EEBE36000-memory.dmp

Filesize
856KB

Download
memory/4880-314-0x00007FFAA2470000-0x00007FFAA2471000-memory.dmp

Filesize
4KB

Download