Overview

overview

7

Static

static

3

golddroppe...]_.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    golddropper 2.3_[unknowncheats.me]_.exe

  • Size

    6.7MB

  • MD5

    d01bb6830594b6464dcd99cc4a1de4ca

  • SHA1

    3111f7c9bdd9ef6907c3028d8b4513ebb19bb155

  • SHA256

    1ee280d3e520f5e6218e5cdd97e51e369aa54a1a7c4ab046c90f58c3e7de99b7

  • SHA512

    2dd8559fc2a415cde6361bac89c5ffdfc1066693d144269e382c5f5523935ee699021df3065ed230aedc32f2e636e6b358ad35b06a941c770dd772dbf77873e7

  • SSDEEP

    196608:AyFpJskAmlLIZRDK2Y1JqEpxmU+f4DIJ:3pekAmUFY1xc9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 41 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\golddropper 2.3_[unknowncheats.me]_.exe
    "C:\Users\Admin\AppData\Local\Temp\golddropper 2.3_[unknowncheats.me]_.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\golddropper 2.3_[unknowncheats.me]_.exe
      "C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\golddropper 2.3_[unknowncheats.me]_.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1112
      • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\golddropper 2.3_[unknowncheats.me]_.exe
        "C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\golddropper 2.3_[unknowncheats.me]_.exe" "C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.unknowncheats.me/forum/red-dead-redemption-2-a/567212-gold-dropper.html
          4⤵
          • Enumerates system info in registry
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:4664
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd791646f8,0x7ffd79164708,0x7ffd79164718
            5⤵
              PID:3280
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
              5⤵
                PID:4352
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
                5⤵
                  PID:1624
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
                  5⤵
                    PID:2588
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
                    5⤵
                      PID:1536
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                      5⤵
                        PID:3924
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                        5⤵
                          PID:3656
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                          5⤵
                            PID:3308
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                            5⤵
                              PID:228
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
                              5⤵
                                PID:5168
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
                                5⤵
                                  PID:5184
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                                  5⤵
                                    PID:5364
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
                                    5⤵
                                      PID:5408
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
                                      5⤵
                                        PID:5400
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
                                        5⤵
                                          PID:5392
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
                                          5⤵
                                            PID:5384
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
                                            5⤵
                                              PID:5600
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
                                              5⤵
                                                PID:5684
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
                                                5⤵
                                                  PID:5676
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
                                                  5⤵
                                                    PID:5700
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                                    5⤵
                                                      PID:5692
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
                                                      5⤵
                                                        PID:5772
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
                                                        5⤵
                                                          PID:5816
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
                                                          5⤵
                                                            PID:5856
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
                                                            5⤵
                                                              PID:6048
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
                                                              5⤵
                                                                PID:6372
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:1
                                                                5⤵
                                                                  PID:6404
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
                                                                  5⤵
                                                                    PID:6396
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
                                                                    5⤵
                                                                      PID:6588
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
                                                                      5⤵
                                                                        PID:6596
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
                                                                        5⤵
                                                                          PID:6668
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
                                                                          5⤵
                                                                            PID:6676
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
                                                                            5⤵
                                                                              PID:6752
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
                                                                              5⤵
                                                                                PID:6744
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
                                                                                5⤵
                                                                                  PID:6976
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                                                                                  5⤵
                                                                                    PID:6968
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14109766572507814037,1733198538836486610,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
                                                                                    5⤵
                                                                                      PID:6960
                                                                            • C:\Windows\system32\taskmgr.exe
                                                                              "C:\Windows\system32\taskmgr.exe" /4
                                                                              1⤵
                                                                              • Checks SCSI registry key(s)
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              • Suspicious use of FindShellTrayWindow
                                                                              • Suspicious use of SendNotifyMessage
                                                                              PID:4800
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:4616
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:3364
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:2944
                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                    "C:\Windows\system32\taskmgr.exe" /4
                                                                                    1⤵
                                                                                    • Checks SCSI registry key(s)
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:6960

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                    Filesize

                                                                                    64KB

                                                                                    MD5

                                                                                    d2fb266b97caff2086bf0fa74eddb6b2

                                                                                    SHA1

                                                                                    2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                    SHA256

                                                                                    b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                    SHA512

                                                                                    c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                    Filesize

                                                                                    4B

                                                                                    MD5

                                                                                    f49655f856acb8884cc0ace29216f511

                                                                                    SHA1

                                                                                    cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                    SHA256

                                                                                    7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                    SHA512

                                                                                    599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                    Filesize

                                                                                    944B

                                                                                    MD5

                                                                                    6bd369f7c74a28194c991ed1404da30f

                                                                                    SHA1

                                                                                    0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                    SHA256

                                                                                    878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                    SHA512

                                                                                    8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    efc9c7501d0a6db520763baad1e05ce8

                                                                                    SHA1

                                                                                    60b5e190124b54ff7234bb2e36071d9c8db8545f

                                                                                    SHA256

                                                                                    7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

                                                                                    SHA512

                                                                                    bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
                                                                                    Filesize

                                                                                    64KB

                                                                                    MD5

                                                                                    3a61c4a921a5ca2d7b5f9cb7a3f14b86

                                                                                    SHA1

                                                                                    baa77a16eb147b94d7650abc46428f184b84bf87

                                                                                    SHA256

                                                                                    db67213db9a2565c4dc926aa6c9a8a7c613d65f81c0e4ae4eee328205aff5ccd

                                                                                    SHA512

                                                                                    ce4f8c1190af97e7cb76e931551df68595763b351b1524ed67a36272db8436ebf77af972fece9e311c80fbbf3578b2ec2e9121ad3ec1cf21cf1c313b1c7b17ff

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    470c1b278c39a1b1a4b1b1afc165df52

                                                                                    SHA1

                                                                                    1eae1c99009a6b6b5975067ffb94610d4f13232f

                                                                                    SHA256

                                                                                    e97bab60e5ac72878ee9b5233f209f943f4733dd11300f441f4c7ee21ca7c4af

                                                                                    SHA512

                                                                                    d156cf9e226914d6b936803880addb7a78f408ac51a6939a0c3eea0a103c522e127f39829efe40d837868a376f8bb43f6593a698784096a83c06b2d73c206667

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                    Filesize

                                                                                    111B

                                                                                    MD5

                                                                                    285252a2f6327d41eab203dc2f402c67

                                                                                    SHA1

                                                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                    SHA256

                                                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                    SHA512

                                                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    ff6985f4f6a6cc7a2d092bebce4e6b6c

                                                                                    SHA1

                                                                                    4f7927af420b7bb32aa7170ebf77c8c0cd5661a8

                                                                                    SHA256

                                                                                    ded81180d3cb4cc719b20a4e3013c6797b87c8789bb6f4643962fc56b358753a

                                                                                    SHA512

                                                                                    66052dfa025f53de1125d4398f6c2e02c530fecd00bac68b044df070c5a1329da7999253464d98db2f585e9a99d02f9ebb9f340554c32ef6b6549e9528c0d5ab

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    49ac4d083afc37428b9d80930843a921

                                                                                    SHA1

                                                                                    a040b042b5536b2952321e55912d650c91068bef

                                                                                    SHA256

                                                                                    f1d4138061df5255d1cf5aaf2fd10763c8800ed8c4fb8957b1d66b1f59c8bbef

                                                                                    SHA512

                                                                                    32ed0fc0cf0f1536ba82fc7e728815c5757df3ea0b391fd9ed5eedea9752acd805605a00ab9db7ab5309c5df8cf3fb4bcd4bc8a2060c977b8fcfd3908d32704f

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    7KB

                                                                                    MD5

                                                                                    cff1ccb713340b86176744c7b42f96af

                                                                                    SHA1

                                                                                    37580e183ff1f1fd46c3cc997638a26d7c5820a6

                                                                                    SHA256

                                                                                    b8b8f87914859a045664e369dbb5de47aeb293600e5c9efa79dc34639fb7cd9d

                                                                                    SHA512

                                                                                    2d7ff8de0c6371ad6be9728fb72e8897993bf9003641f115aad879dda4a96469c22109e590889b10544d79d78f293d22c67ace0fcbb8a3e4b0b50378d70d0924

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    13KB

                                                                                    MD5

                                                                                    b0017c7adb38b284141ca95b60629c26

                                                                                    SHA1

                                                                                    2c7443f90f5f9faf3da18ff90ed2295085e3544c

                                                                                    SHA256

                                                                                    5ebeeb42f6d0e3077c9fa7dcebc174420b0bfef240cb502faf43384f451e1485

                                                                                    SHA512

                                                                                    65fd7ea0febd61a61c737fa4acab151129208176b328023093b7f3f9141e0f98b5b716da0b398cf2a078cac0475601c725f82530e563ce7e26a58851e3aba468

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    d6b8202db12d80cc6b1e31c2158a664d

                                                                                    SHA1

                                                                                    d6bfc7ff6264f1a4e4659b192d90f847b58b4c39

                                                                                    SHA256

                                                                                    65b9320327002e388340706f3d62f47a691e377ea14dd02e53d72cd217e96ddc

                                                                                    SHA512

                                                                                    fb6d0ccd18db63506610110792e4ecebd4a498b639945fe493a6d1058698e291651614a4bc340be9e4e9be5424fb5e71139236b31891182a91b9f2c0d01043c4

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                    Filesize

                                                                                    24KB

                                                                                    MD5

                                                                                    121510c1483c9de9fdb590c20526ec0a

                                                                                    SHA1

                                                                                    96443a812fe4d3c522cfdbc9c95155e11939f4e2

                                                                                    SHA256

                                                                                    cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

                                                                                    SHA512

                                                                                    b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    b4a04e1c2ae0c9a65458d53b7bd938ca

                                                                                    SHA1

                                                                                    0f3440ab03b37f5714fb56d0e09d0444f1551e69

                                                                                    SHA256

                                                                                    ba9de19dc661959da61df4b25d16d667decdbc80ec577c8124fd358a0c11d46b

                                                                                    SHA512

                                                                                    6bfa6db13034cbc80b05a246ba3ff982f5d781b578663e051645291be601b9621687206a2f2f5347ec5f31d03b73dd747246644df9e2a898cbddd5a48e737333

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                    Filesize

                                                                                    3KB

                                                                                    MD5

                                                                                    9ded41097c9f1000056e6f47094d0657

                                                                                    SHA1

                                                                                    569d9926103e14d55f1df854a6ee025281a5fc96

                                                                                    SHA256

                                                                                    38712e6b03f944f4e638490f2b476752b4367e653e139417dc01fe020ccaa2cf

                                                                                    SHA512

                                                                                    8d2afd47d65016d76b7279d666213b5464ebd574ecf082a17b061b40022d4b82637e02aa107c8f4fe95b7aede5f05a113c59c108ccabb088ed12a71668a1e987

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fb53.TMP
                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    bfef594412aba18c3e04e40d42f5f5df

                                                                                    SHA1

                                                                                    25b6122d925119b010a291680c57a2b9ce45e86f

                                                                                    SHA256

                                                                                    afcfc87e15f675769bf8230736a692ae54b55135b350126f60bc06f0b7b95cbf

                                                                                    SHA512

                                                                                    f1ac69bf0b39f29406dfa6bfe7272f72adaa6218a005e1801c5c124286b9319f073098a8dd78877def56272a9093aad05efaf4d31c473e963c773aecc3e2d52d

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                    SHA1

                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                    SHA256

                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                    SHA512

                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    8fd617dbd9c2d95447b462c61c1b521f

                                                                                    SHA1

                                                                                    d7bbad6fd1db114f14f71e053459ff775df017a6

                                                                                    SHA256

                                                                                    3bd209752040bf132ebc3472abbf2b496a1fc85387a3aaa01cc30001914c2769

                                                                                    SHA512

                                                                                    cedc25c02d6f10f3e8ece6a348851ff4135a28d111fe4c9c61f933779edad52b140b04dd960b7b8a2d857092d6af337a317099558ecfbd76324c497f2a3ff9c1

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    935e10043a707cc43b31d5b94d699786

                                                                                    SHA1

                                                                                    7e48d9af27e713d3b2ce1e2e8992b0e51b821052

                                                                                    SHA256

                                                                                    a40a62905a69098a15fda20ed1fb5fac59a33e1db66e9f5da64a4f2fc0bc133b

                                                                                    SHA512

                                                                                    388e304034db3128897e6fc3902794335f94f60dfa477858d45437c19ff6e6630c02c1d7fc8d6a3a801606274ed23bd7d2cc793159363443c83ef41aaa9f9b39

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    65c8ded55068117eeb15f912bf54b132

                                                                                    SHA1

                                                                                    7fe41c77aacc666e5f05fee4435057d27f97b707

                                                                                    SHA256

                                                                                    7aa86db74ee71c56adb6cc3b386e9d32549a42dec015e42b49ccab43ddc51509

                                                                                    SHA512

                                                                                    d7e4a83d7a13a9a1fca27318b42497a13626b1e754176eb72f8b73db0d391b1b31a8c4d65606342efcf8514995d2dab69ea273a39649587fd5fccd40ab76e338

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\CET_Archive.dat
                                                                                    Filesize

                                                                                    6.4MB

                                                                                    MD5

                                                                                    78d8b82388e858e386b50627de79ebba

                                                                                    SHA1

                                                                                    c519b78eaa0c218837c853d08069dd38eb74887b

                                                                                    SHA256

                                                                                    c189074c956bef7fa6dabe4071399c50acef35e02e482c896ae5c7b19412826a

                                                                                    SHA512

                                                                                    e4f181ae3e092b861a28063ceda56bba67631c3b84338eed2ce067c03ee5c9adecae4dd49fdfbcfa676d9be58201697dedb105492fb09825b6c70e6d3fc94877

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\CET_TRAINER.CETRAINER
                                                                                    Filesize

                                                                                    126KB

                                                                                    MD5

                                                                                    d2169e648af89e65d9ef214e77060e85

                                                                                    SHA1

                                                                                    16809d00de061163c24f6598d521686be687d921

                                                                                    SHA256

                                                                                    6036a93f655d29d884554203737552ad162d81eafc370c7e1321f06388fabb2b

                                                                                    SHA512

                                                                                    8a616176b2a9a9f5a060d7602c2d035b3d93d6be729e3cedd8c5097307442182d6b1301031eae884d4f266c790ac444a8e6e7e447b314d50161a63eb5343b406

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\defines.lua
                                                                                    Filesize

                                                                                    12KB

                                                                                    MD5

                                                                                    62e1fa241d417668f7c5da6e4009a5a6

                                                                                    SHA1

                                                                                    f887409e3c204a87731f317a999dc7e4cc8d3fcd

                                                                                    SHA256

                                                                                    82e8ef7df20a86791cef062f2dcacb1d91b4adc9f5dea2fd274886be8365b2f8

                                                                                    SHA512

                                                                                    2283cbb9e1d5d53ad1ed9bc9db6034fb3c53c633b11001f373523640bbbba95da9a3a0866c7d5fa0620facab7d18c8577dfd69496fc7319e0a4a74d0b9e10c45

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\golddropper 2.3_[unknowncheats.me]_.exe
                                                                                    Filesize

                                                                                    3.7MB

                                                                                    MD5

                                                                                    081c0d2e4503ea0894498c74c33a95c2

                                                                                    SHA1

                                                                                    6fb20038c2f22c9e0e6c07f9b5762f62f9a35d64

                                                                                    SHA256

                                                                                    57039cc4ac8bc5f4cb8665d989a586c5812aae088e524cc8f7c87fda283a6c12

                                                                                    SHA512

                                                                                    126384d81de01a3b989ca4d2e5101c711ce4cebc136ff05b517463e2474bc2fe611bdf429ed0f6ca373f85c92eb9633adafc26cdcefe6f5f00b3102473103ab7

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\golddropper 2.3_[unknowncheats.me]_.exe
                                                                                    Filesize

                                                                                    2.6MB

                                                                                    MD5

                                                                                    f9ed3b5192f851762b01fa88d451dd11

                                                                                    SHA1

                                                                                    3ff11272d05c0c2801282f850234d69fedf74be4

                                                                                    SHA256

                                                                                    7e85b8f11b9e7dc17295af56ad3060bb678e7eb3cbc911a8f974d1a8d5a2b31a

                                                                                    SHA512

                                                                                    82e17a193423178ca74304077a1441f6cb4496ecbc72a1132373143c6460e97edf92aff531a2698df3c38695f950285f1176f0ae68f53807baacf01c3fa47047

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\extracted\lua53-64.dll
                                                                                    Filesize

                                                                                    528KB

                                                                                    MD5

                                                                                    b7c9f1e7e640f1a034be84af86970d45

                                                                                    SHA1

                                                                                    f795dc3d781b9578a96c92658b9f95806fc9bdde

                                                                                    SHA256

                                                                                    6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff

                                                                                    SHA512

                                                                                    da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3

                                                                                    Download Submit

                                                                                  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETA519.tmp\golddropper 2.3_[unknowncheats.me]_.exe
                                                                                    Filesize

                                                                                    225KB

                                                                                    MD5

                                                                                    971b37cedf686e0ac8ca0297a953aad9

                                                                                    SHA1

                                                                                    8ea777fa6c70a619d4e92cc6435c4eba2b16a23e

                                                                                    SHA256

                                                                                    1965546a19990b4523a1588eb0d7fdd42bd443e2bcc632dae04343d358394ae7

                                                                                    SHA512

                                                                                    2f0f3facf2587b751bb658eaab9ca1536d7326956b0eeca7bd0badc893c0878741f8bb56d8c1e360f2cb4bd9442866bd9faf7bdec7d02105f6c149640cf180d8

                                                                                    Download Submit

                                                                                  • memory/4800-16-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-28-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-17-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-18-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-22-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-24-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-23-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-26-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-27-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/4800-25-0x000001AC56180000-0x000001AC56181000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-551-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-549-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-550-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-561-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-560-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-559-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-558-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-557-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download

                                                                                  • memory/6960-556-0x000002370C860000-0x000002370C861000-memory.dmp

                                                                                    Filesize

                                                                                    4KB

                                                                                    Download