hxxp://bing[.]com

Resubmissions

05/08/2024, 02:59

240805-dgqgmavenp 10

05/08/2024, 02:53

05/08/2024, 02:51

05/08/2024, 02:48

05/08/2024, 02:44

05/08/2024, 02:40

Analysis

max time kernel
272s
max time network
282s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://bing.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MBRiCoreX.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
2552	taskkill.exe
4536	taskkill.exe
664	taskkill.exe
2072	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{A9947E0B-2687-4DEB-99B3-D102D2DB756A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Annabelle-Ransomware-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
960	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
2404	msedge.exe
2404	msedge.exe
2912	msedge.exe
2912	msedge.exe
2464	identity_helper.exe
2464	identity_helper.exe
916	msedge.exe
916	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
960	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1900	AUDIODG.EXE
Token: 33	960	vlc.exe
Token: SeIncBasePriorityPrivilege	960	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
960	vlc.exe
960	vlc.exe
960	vlc.exe
960	vlc.exe
960	vlc.exe
960	vlc.exe
960	vlc.exe
960	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
960	vlc.exe
2728	MBRiCoreX.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3592	2404	msedge.exe	78
PID 2404 wrote to memory of 3592	2404	msedge.exe	78
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 5020	2404	msedge.exe	79
PID 2404 wrote to memory of 2144	2404	msedge.exe	80
PID 2404 wrote to memory of 2144	2404	msedge.exe	80
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81
PID 2404 wrote to memory of 2480	2404	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bing.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8fa23cb8,0x7ffb8fa23cc8,0x7ffb8fa23cd8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1832,15928237939028714772,17737099097158645576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1188

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_Annabelle-Ransomware-master.zip\Annabelle-Ransomware-master\JigsawxD\Resources\annabelle.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1900

C:\Users\Admin\Downloads\Annabelle-Ransomware-master\Annabelle-Ransomware-master\JigsawxD\Resources\MBRiCoreX.exe
"C:\Users\Admin\Downloads\Annabelle-Ransomware-master\Annabelle-Ransomware-master\JigsawxD\Resources\MBRiCoreX.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2728
- C:\Windows\SysWOW64\taskkill.exe
  taskkill.exe /F /IM wininit.exe
  2⤵
  - Kills process with taskkill
  PID:4536
- C:\Windows\SysWOW64\taskkill.exe
  C:\Windows\System32\taskkill.exe /F /IM wininit.exe
  2⤵
  - Kills process with taskkill
  PID:2552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill.exe /F /IM wininit.exe
  2⤵
  - Kills process with taskkill
  PID:664
- C:\Windows\SysWOW64\taskkill.exe
  C:\Windows\System32\taskkill.exe /F /IM wininit.exe
  2⤵
  - Kills process with taskkill
  PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a7ed7c99ee3dfa3f97f3d2c2243c2bf7

SHA1
4e12fa9872b0452d574d288041fc90663ecae2b2

SHA256
4edd52a684e33c0fca2cea5046aa0c80c5aee47ca0d2cda2f186b68bd7230cf2

SHA512
98a07ea4504d87aabc70eeca903bfd89dcdc5aa195668634545b314b8394508217cd636eef949c8ef407592e574137696654f3292a33bccd64538523fd2a78c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b08af03aec87c1e3fa5cbf60e6bacce6

SHA1
1290dd1cb38d6a3156b5ca06caf353556420ecd0

SHA256
0aaa45ec636129cb690ecb2b38f45a9c7ac887f7f1099298c74e9fbc5e67000e

SHA512
79be98adcec7c3bac4cfd20539fa6898fac9bc311694157a09b8664718a8cb9edc0fe175db1e827d1dc18db521bd8c4556c8817c656734241fa479e81d7ca50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e603f81711e798f3f34038c87ef160c5

SHA1
73959bffb2fc73e9a42ae1238edf38a61fbb2f8a

SHA256
6d777d43113fc16aa22635712f663000fbb0e1cbd11a3812d6a6599cb67e086e

SHA512
7a92864a5932e82ec8bca98c85953c7034567b8316b7b586f5bea3a5694d176a45ef09ec889f83216ca6c08aa39ed86c10fd42a9fc735c6271b204221ace7676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f4e8bb97737d54226f2ca9c9758b934

SHA1
425a51146f3e70038fe12e967abd1d59bf875e10

SHA256
8593c4bbf894043f62673c40efcb7f068018a8734bffb1c7aafa71b390d213c6

SHA512
0e9fdce44c84516ac12dba6f5c7ef4e7408b6cc916e3d4a96dab0ac4a8ce99f5977a2639c39851f58520cceece92f8729717da08f55d35dff641a7707c5de52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d0b9db994e121da864e3bc88e9df82a

SHA1
f49ae3616dca728cd1906fb1f2c8db33ffb6afab

SHA256
90d383ad51443f646d9c25e008c5c170a02d9cb1f97aeeefe4c8152a00e8f63e

SHA512
1f025c5287b6b832be3a8e7fef2fa78d8cd337574b7c1125599f41e8025904541761743a912290176a2e06410bd8441997ef3f0463a97be500478686a654dc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cb6a6b354d3daeeb10ac209d41a6f1c

SHA1
06119949eb14cee2652761e1d05494cc48241b16

SHA256
fae1dc9acbf6c3e87b637629a6b451ecb98dc027de7cf0d1d30dd8fd7c1ca7d9

SHA512
b52ed06713c00c60da2ef1f1fad3ca52695bf572af662d6dd9236c7e607f26b86ccc5b2da948eca471c955fb58cea080d1e29475158c14a2d55f6296b811e899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35948a74ccc56f07c122962738afbe4d

SHA1
2323cde0c95ec6282a8873b5a979b459100733f2

SHA256
698304b60e114f0564090f45be1a42c7f3aa2df3713726261a218c38f13992bf

SHA512
0ef6e608678f8df912a9931513f39b1dbaf9e79e1f4bb8fdc869318e7e000adb191e330092c40da65dba8ebb7dc87215493e8d79a80f9a1d530428a8d62b3979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85b084f5d4e4aaa0cd54a04b440e09a9

SHA1
8f758df41960c145a1a67412b74b9b44f2516ec3

SHA256
47ad1c570b27ab9d4ec81a88f90e359daba06f39ee16d839192ef36ec898d8e9

SHA512
90b6f1c2205db3446ebd7740b7e0c3469581a9472d3d62c846e2675facd7df5425b11234aa39a31adc435d9b79594b1b714317b244657fc2595a3e53441d51bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08951ec4a02abbf9b31994b8485ab62d

SHA1
9e8096351be83e04ec56c4ef806520e78d120fdd

SHA256
462ba126376d65c4b1d81b29e144dbe094d9992f25a09edff64fc0e23328c904

SHA512
bb62cb75f23ae92a8ca62d280af1f7eef335ce82c0e5bdc69902852a890ef7d22ec404d801302cdbf80ef5fe7911f7bec41c36887a4ca322a8377d39bac929f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a146c2304dea82c64ed2723149967e0

SHA1
0d9bb982c0d8f27e6a339f75bdedfd44093e9677

SHA256
947fd4c3c4c67c339e21c48f368f2b6d63dfd809d3c6b5d1ea9b5e3df0932f60

SHA512
0dfc09909081d31d0229af622ec2d43399d8e272877386f95a4d9eae7e8a2bf5f788af61665a379c7c7d7e52921f2e05db5b719542cf42ca1f60b8430f68c420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
3a92298a4780cae2de76052e1128cb79

SHA1
8c1a3d65a1cd0efaa61a68373ed00294b0314fce

SHA256
7d08e53e554d992736260d3c81438a5180e070ab1b5aaf70bddd4894272a2d22

SHA512
d1d02fa449412d9c9e71700db3ba0a754b8a87dbc0d56d9c70ab1cce726410dd7fac34d2562c2aa2b3b8c17e779e4f6420d42d2b488eb96f24e214ce6bed69f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a2aaa48fc3967e51cd00c4674533ae2

SHA1
f86bde3e8eccb17520899884fa87af5c04051367

SHA256
f2f971fba58d8bb028f09144b0e00b9399a2b3fa6a2d96a11571b7e17e3414b7

SHA512
c765002e0381b5013c954602e391003e139839cc700869b311e16c7e9fd74b7bfc3fc34692bff96f59929d46454674cc6417216d76227edcb95ff6c34a250ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c809fb2737a867c5877b8a5fca27417

SHA1
0d50a1b1030109e3a3bd504be7de90c1e1c1dede

SHA256
acb1fb6ae9a78125596e5f9991c05e7ef1162affd89001aea93f72f05bb3c8ec

SHA512
3d977fd3bbbb9ed28a1fae0547ea26a6aaa55ed7fb835debef446b196f458b4641032015bb15e23ae954c91150e78b309905820e588d1e59b20dca4330ca9733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
b0d693fc1ccc46706730013ced39348f

SHA1
096987c642b33b5269baf0a92aecc2c2d92256c5

SHA256
e460501a1e3944df467ba76b037e711f93b9e08511646092c2ec08854ae85655

SHA512
f55f5eb3d72cf12a6d965bb6ef72f49fd1fcc53b295406db78561ee714fed6adcac315fe5eb0c610258c683c904162a894a2b02808ba96dd0128c3c0926b8c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a3bf13723a56046438e46637b3daf28

SHA1
0ae5655096e9bffa5193852e4e68eff89c8e6887

SHA256
04763009485053e58ce17c75ed4f32abe63a25ff0b59396c3c30cf722f6b1956

SHA512
e5d323c6e31ec1f2cdd239531e6595d414eb51b3b43c037ea3420f6c70f7098f55c838d7076a7b14faa9b0da2b134e5ef2690e9e68994ec06b9de896914cdb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9267a85475d613f8731c8bac0ac49c81

SHA1
0ebd71aba1ad2e385a268c52f63e0ecfcc6b3273

SHA256
d1d3c72f88b79ff898637b3554c93ceb465f365753b0195aa8e2e9fb6e7da540

SHA512
6493a773aaafed278fec1c5531ac58ccf69e722c69d406e82077f019dc1d9445dec8b8a4794bd8b6737f57c5920ad9adc09a06a4f1ea92fa17652e5f5481de86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58124b.TMP

Filesize
873B

MD5
e20fa7668cfe21ee8999a9a797d9d7da

SHA1
116e56a9f01fbb73853232e4ff0cd9ded3ef6f5b

SHA256
3e51e35426d5d1040370f78c7396eed625e680de862eb37e9f7b299df6b4eb9d

SHA512
9f9a71b9bfb7305374e2728bbe3170a3b8bad74b4a0982f3f24917db34c16990a18d43332ecef3004ba92a13637119f8bf05302d036fbd5612835785c5f7b938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e786a77d719dbdb747f4807fbb24e74d

SHA1
aec6543e4f99aefb4448bf72b877d9b5b44ed7ce

SHA256
b7e54cdfdfa62361fcf39de5d495822915b8449c044cabbb8f7c41581eae76c2

SHA512
9ed01b12b2fe7cee7486324f19f99b5f018b44344a8012cb4fe3ccd3971c7db891be009741a73899e40b46b7d7de9913666e5658b2b621d27255ed6d7888eabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
249123fb34768381c6a7565dbda3df5e

SHA1
df8550087ca4acf669fb7f67f288eaeec7ef2f0a

SHA256
600db4e5b84cb0731a459b1fb2328e78080a0acb2b5c6539c37fb1a9c8d8d78a

SHA512
fee59ca84b9c179e21ceb191bf2c14f0af58c7929fde4105cfd55069d6c13a21ebbf315fc7a1240d3498286a4b2b6096323b4f7b446308c3aebbae7938507b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7f75db56c44581667b7b7f11cc693c6

SHA1
37b00b91be595f1015402af27477bb797369c8cc

SHA256
725f6edcd3dbe81f8278e2a80661cec0ccebe9ea650e57fe23dbadeb18dba9c4

SHA512
278000bb2e2e644ea36b210daae495342e3f33babba60b6ddfe1371c9d2aa808b5b398479fde67c2df254e790b6182cb8cd30ae889bfb80a766e8ef313c56885

Download Submit
C:\Users\Admin\Downloads\Annabelle-Ransomware-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 297839.crdownload

Filesize
11.0MB

MD5
61d43205ded83503626741f07ea37ded

SHA1
00b364241ee0fde632f940440ee65febd6aef68f

SHA256
d2b410454059bf1f212ff9a0c5f418ca67dfc607f5b835767c59a967cd6dad3d

SHA512
667059925113b9413b9321929e8d2ccc1652bbc0eada21a2ee1c9207e02c7bd2bd5e249665758c4341b37e4579a0ba81b14f645dc4cc71ddab2038269cf3d62a

Download Submit
memory/960-1090-0x00007FF683390000-0x00007FF683488000-memory.dmp

Filesize
992KB

Download
memory/960-1091-0x00007FFB8FA60000-0x00007FFB8FA94000-memory.dmp

Filesize
208KB

Download
memory/960-1092-0x00007FFB7B4C0000-0x00007FFB7B776000-memory.dmp

Filesize
2.7MB

Download
memory/960-1093-0x00007FFB7A200000-0x00007FFB7B2B0000-memory.dmp

Filesize
16.7MB

Download