hxxps://www[.]bing[.]com/aclick?ld=e8vAn9alPcezg8dcAr9Aq8mjVUCUzOUPipfj_1aKrK9iYxIKUzbK_ddjFN1LOXPqZNn2d9F8LFvX9BZQ1Su7ASi2e8Dp5RWrkYJdHyMfi8NyPk6SZqYr5pMB7wTvREQdrqBX_twUaQ6U4YhnF0y8gK8n0gu-xagGbbdn0TA_xrmF3n8WLsUHo0uVXV8lazPOQC77twCg&u=aHR0cHMlM2ElMmYlMmZhcHBuYWRvLmNvbSUyZmFtb25nLXVzJTJmJTNmdXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkU2VhcmNoX1JPQVNfV1dfTVNQcmVtaXVtJTI2dXRtX2lkJTNkNTY4MDE3Njg2JTI2dXRtX2tleXdvcmQlM2RhcHBuYWRvJTI2bXNjbGtpZCUzZDg1NzdhMzA3MWJjNzEwMzEyOGZhYzVjM2E2M2ZhOWFhJTI2dXRtX3Rlcm0lM2RhcHBuYWRvJTI2dXRtX2NvbnRlbnQlM2RBbGwlMjUyMFdlYnBhZ2VzJTI1MjBEU0E&rlid=8577a3071bc7103128fac5c3a63fa9aa&ntb=1

Analysis

max time kernel
1799s
max time network
1730s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
20/08/2024, 16:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/aclick?ld=e8vAn9alPcezg8dcAr9Aq8mjVUCUzOUPipfj_1aKrK9iYxIKUzbK_ddjFN1LOXPqZNn2d9F8LFvX9BZQ1Su7ASi2e8Dp5RWrkYJdHyMfi8NyPk6SZqYr5pMB7wTvREQdrqBX_twUaQ6U4YhnF0y8gK8n0gu-xagGbbdn0TA_xrmF3n8WLsUHo0uVXV8lazPOQC77twCg&u=aHR0cHMlM2ElMmYlMmZhcHBuYWRvLmNvbSUyZmFtb25nLXVzJTJmJTNmdXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkU2VhcmNoX1JPQVNfV1dfTVNQcmVtaXVtJTI2dXRtX2lkJTNkNTY4MDE3Njg2JTI2dXRtX2tleXdvcmQlM2RhcHBuYWRvJTI2bXNjbGtpZCUzZDg1NzdhMzA3MWJjNzEwMzEyOGZhYzVjM2E2M2ZhOWFhJTI2dXRtX3Rlcm0lM2RhcHBuYWRvJTI2dXRtX2NvbnRlbnQlM2RBbGwlMjUyMFdlYnBhZ2VzJTI1MjBEU0E&rlid=8577a3071bc7103128fac5c3a63fa9aa&ntb=1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
2044	msedge.exe
2044	msedge.exe
5476	msedge.exe
5476	msedge.exe
5760	identity_helper.exe
5760	identity_helper.exe
6716	msedge.exe
6716	msedge.exe
6716	msedge.exe
6716	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6788	dwm.exe
Token: SeChangeNotifyPrivilege	6788	dwm.exe
Token: 33	6788	dwm.exe
Token: SeIncBasePriorityPrivilege	6788	dwm.exe
Token: SeShutdownPrivilege	6788	dwm.exe
Token: SeCreatePagefilePrivilege	6788	dwm.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5924	StartMenuExperienceHost.exe
4160	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 3540	2044	msedge.exe	85
PID 2044 wrote to memory of 3540	2044	msedge.exe	85
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 2196	2044	msedge.exe	86
PID 2044 wrote to memory of 324	2044	msedge.exe	87
PID 2044 wrote to memory of 324	2044	msedge.exe	87
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88
PID 2044 wrote to memory of 2804	2044	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/aclick?ld=e8vAn9alPcezg8dcAr9Aq8mjVUCUzOUPipfj_1aKrK9iYxIKUzbK_ddjFN1LOXPqZNn2d9F8LFvX9BZQ1Su7ASi2e8Dp5RWrkYJdHyMfi8NyPk6SZqYr5pMB7wTvREQdrqBX_twUaQ6U4YhnF0y8gK8n0gu-xagGbbdn0TA_xrmF3n8WLsUHo0uVXV8lazPOQC77twCg&u=aHR0cHMlM2ElMmYlMmZhcHBuYWRvLmNvbSUyZmFtb25nLXVzJTJmJTNmdXRtX3NvdXJjZSUzZGJpbmclMjZ1dG1fbWVkaXVtJTNkY3BjJTI2dXRtX2NhbXBhaWduJTNkU2VhcmNoX1JPQVNfV1dfTVNQcmVtaXVtJTI2dXRtX2lkJTNkNTY4MDE3Njg2JTI2dXRtX2tleXdvcmQlM2RhcHBuYWRvJTI2bXNjbGtpZCUzZDg1NzdhMzA3MWJjNzEwMzEyOGZhYzVjM2E2M2ZhOWFhJTI2dXRtX3Rlcm0lM2RhcHBuYWRvJTI2dXRtX2NvbnRlbnQlM2RBbGwlMjUyMFdlYnBhZ2VzJTI1MjBEU0E&rlid=8577a3071bc7103128fac5c3a63fa9aa&ntb=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb944d46f8,0x7ffb944d4708,0x7ffb944d4718
  2⤵
  PID:3540
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3540 -s 796
    3⤵
    PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:6632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:6656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1436,7179757632240605303,9754193467889762460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3656 /prefetch:2
  2⤵
  PID:6628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault97329bf7h265dh4395h86d6h4765398eec3a
1⤵
PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb944d46f8,0x7ffb944d4708,0x7ffb944d4718
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14977273605810544052,4861205809205065619,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14977273605810544052,4861205809205065619,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5476

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x2f8
1⤵
PID:5400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5728

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5924

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5224

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
533KB

MD5
5f41d26aa9a82c0f70da84ea703bc2cc

SHA1
0923a2bba6334285f0be6858681bb686f5124210

SHA256
f3525191eac6fba32b46ad6fbdf4a6c9aebd64406ce39ebbfc47b53369e69ad6

SHA512
4e0d37d3bdc3db65a972468cda8f0bf6736f53418e1728fd20c79c3ebb312ea2d17411d3ee979a9723cbf1ad55286a09299b1217d71d3fe14fa4858cb757c1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
20KB

MD5
88924e883819450fea6752faf211c02e

SHA1
f65cd48ba61e6854b8695490e82b8ef1256c0ad7

SHA256
2775bac57d4aa61e0bafe9902dda744b81a6bc392a953a125fad1da7c949fbec

SHA512
c3aaeb5f7016f819015b54ac7f2cde14cb71b613b046b7097a61d7836f3cf67d38bc6eaad619561c72828d6f930de0362cacddade2f4590389e6c363755c68e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7deb75062646b74167a24fc354a76074

SHA1
0f53fedb9c91f049e8419b459bee887e2225360b

SHA256
e8de107a17cd6ffaba0e0165b0f3f5c0daa8c936968ec541cecf1b67441d5dd7

SHA512
dca06fb1d593a2cee09256b093ad71faf2ef588d76b1094bf66423d0f9d96cd7d2873b3a949c26f6296f68aba34d49adefb578921636a860a4053fed8cdda6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
59d3622ad14362fc1f1ed7533b7ad03c

SHA1
b17a42b6ed90edf363481160fba6566ac4849243

SHA256
4a6997690309d7d879e4ec22b6dc86d4bf2b3bbd76167227e0fee95a723f3bd2

SHA512
b1b3d8b49a431d54c94baf2585470fb31ff8d5e43b82300117c8b27a9f2ed5e158b31b31c9c72432aa0219a797fcfbf07401f637219e85101f43f36317af9ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
91a44b1cb339d2c0657a8e147931ca37

SHA1
a3eb7892080222a4447118122eb2f1bf91ad274b

SHA256
8b9fda2c99f92c7be6679030f60f90505e4f7531c49dd57f53746a40231f3933

SHA512
1937d53fc3c7a94c8ae54394c4f23e2b62bfae72d696aa6592db58135c1b071e7775ad79c2edb0d8392855d91f04ea8562ab8e53539187b4d0c4287d6d01f71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa2b89c823a169af026cd1d6ba560d9c

SHA1
9e0e198ad5b70f80b09c79e95bc1bc5cfe09ec20

SHA256
b6d50aac1baa6f20b06de633dad7521cc0eda1cf696e6626a691940c076ea959

SHA512
15936b210901458b54fc8198f3a315ba47a82227544619082df33ed20d2ba3623b56165ef5abdfc43264b5c687fc14d4c7753425c0f70a30174f0cc2aa697928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
238cd2b0ef577785602e1d5c3fff2065

SHA1
e0ca649458d09f57c5aef98875665c7cbac415c0

SHA256
19c871e9f08e74845691e440072e7ee0de82800200432b76a8a604d79abf0000

SHA512
f60952ad269ebddb20a0a514fcf7ed6ecd0804de5b322907ce2798beae13cfa3af1e75e4767c8cdf6d0ca27069ecd4530fa2151415ada954882a5cf9701a69aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5a1706f151e3babd635c7b863343db52

SHA1
2c7c50682aa3f42625db1a525eeb38a2035585a1

SHA256
eaa883db4f2e2ee290ce5c467af7fc8c1a906c621276c00fb8f0db9e612bfeca

SHA512
aa3d99135fce764d80bc32029ef3d81d237c9bac4f2fc1f12db8b621856595669417f49254a2ed49eac69f501a9e0e42ac8026fdc8952c4b311791a6f181a293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d97698dd5c6cdc599d219aa51e639f0a

SHA1
bcbaed1dd7c08ead1dd747e20c16aff91aab2869

SHA256
079f9004ef808b6c5ed94b90dac633fe645f5a23e7e6cd6397ff173ceca629d7

SHA512
c26ab5a9f02a1cc1c2cd3ceddb7ced9d01db799009f7cb0c1dbdf05bc666395e162edbe1c68bf77b43374a7babde7014212ac18e5fe10d369e1805729397cdda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f0ffdfb8460ac76d0e35723d00128dd

SHA1
b17f0712f6ee9f742a93cbef1103638ff1df8753

SHA256
5b572d9cb48d394b2656fba2412b4cd952099e6bd951b89a6f7db37ab9709040

SHA512
f6b6d1b1a696336279715ec1f88a632090c718ba92f7a51e435cd3efc0f2fe3140409105adb8879731f78e0e5ecbb0e54a756281365184a9133dcb1336e14fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585781.TMP

Filesize
1KB

MD5
58ef497c8338502b1ad3e0e48ad655a3

SHA1
365bea55c30fd0b10aa2d49e7a637a836a6416e9

SHA256
c587b26138b80b2a6b08ab4345ad9cf1c94b5365b476492f5b8b87333db599b4

SHA512
9a016511dc3fad5c619219295e064ceeccb6fbc0c6b82b164e4e4f6c1ab38a406020ffe51a8e43b319b4c761f6d6057b3c2ae8c72436d866e32f4a1bb5d93d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
384e5b959ce3e59e12f93605f61043c4

SHA1
bb26bbf602cc8abcde380f1e91587f15c6485317

SHA256
b76542269d00a0859d591ec572b0dd408b2f4c15f0dae9c23be7dccfdf54e18f

SHA512
ecda40def5bc359a1b8e0e4a033f5fa68f7262f2b36e2149b1efd472a88673e24b381d34489e5bcc899ead1b057763eb940f7c3430dc88cdfcd03f47a0992e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
17df0cf65b819fa2a5ec336be6d50bdd

SHA1
c533a331558e9a54ce7ff4ebbc0d9f93eb525835

SHA256
cecf9f10d73f6980ac3e7523173b39dfd241a967647676de3fe7d38cada3659e

SHA512
fa470104de62cd1af021ff8e641736e38a24f5ed5f8247c54feed0108f6aacb0d563bb46d353a0509f5b19f41dcecaf71aac716d3ac30269212ab709f51a1f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb9d3a4e4a14fb2fb758edaba58c185b

SHA1
405e3aadb654bbdd8a8d20c2e7f07b40a336ba1f

SHA256
af41d088eb6545852ab4060c296db46fd1f61f39bcbaf0e7ab4261cdc6484b57

SHA512
86b27e6ef67886db28409c40cd0154cb48c6f5577615fe0a60b2856966baae36fad85974c1111cf761784149e302733c065cd654a6ecec707bc4292ec35c7ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4185fbe2f235c30bf78081463724707

SHA1
a7b3157aaffb7478348fc42aba20a40714fd3736

SHA256
dc8d54932eb66b971e5d89dad35e39a6e5cfe5f57ecf777e3b59a4e4597f5859

SHA512
66d9804df5386bf32625eba0c0281d3bcf0449fc76f4119f89512fdb752a50207b1c3ce9bfbfc473473fb42c2319fa9b41c4068e94e8cb9de37c9e4407aa9bc0

Download Submit
memory/5728-438-0x00007FFB9FCA0000-0x00007FFB9FD3B000-memory.dmp

Filesize
620KB

Download