05a8645520dbc1bc3c4b691f56ff0af191e42a21c87304cdf9da7e58ca8105cf

Analysis

max time kernel
60s
max time network
62s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
04/07/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mf60-full-download.exe
Size

23.2MB
MD5

4b8cc7ee1841b333698abb9b625dba4c
SHA1

8220424e572e96822322863d0858e679fe0dba8b
SHA256

05a8645520dbc1bc3c4b691f56ff0af191e42a21c87304cdf9da7e58ca8105cf
SHA512

9c8b5e3aed036d251f72868ed691231bfb3033e3aa35eaee17d013ae6c726c548f8f07672149fde159fb2987d393812e676f8fe8491e661e396f6b2c913d82ad
SSDEEP

393216:HdHfP8l7jdVzsuZYUbdXgzSTDFDxZZTdnoaH2c9IPrcNQAPhqchREYymmpQfd:HZP8l7jdVof6pg6ZTepKNQAPBEYb/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2664	Mario Forever 1.exe
1656	stdrt.exe

Loads dropped DLL 38 IoCs

pid	Process
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Hi-score\urbagility2_connect.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\MMFmenu.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Uninstal.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-bowser-battle.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-map-6.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\gmon2.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm38.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Hi-score\connect.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\aae\aac.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\aae\aad.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-Music-Map-1.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\gmon10.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm26.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Hi-score\check_score.php.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Hi-score\view_score.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm30.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\Music-Start-1.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\world1.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\world19.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\fmod.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm14.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm28.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-Music-Straman.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-Plains-Level.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm888.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\forevermopt.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\in_nsf.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm18.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm22.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\aae\aaa.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-complete.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-map-2.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-map-8.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-music-presentation.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-undergrounds.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm29.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\out_ds.$$A	mf60-full-download.exe
File opened for modification	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Uninstal.exe	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\zlib1.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-music-level-1.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm31.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\malpki.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\Music-Map-Complete-1.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\aae\aab.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm34.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\world14.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\GZip.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Hi-score\DekompilatorWartoœciDlaSkyrptów.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-music-castle-2.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm32.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Hi-score\check_score.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Hi-score\mario_score.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\dtbrowser.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\in_spc.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\bass.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-map-3.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm-bonus-level.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm33.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm35.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\ktkm88.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\MMFbars.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\SXMS.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\gmon3.$$A	mf60-full-download.exe
File created	C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\gmon5.$$A	mf60-full-download.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\forevermopt.INI	stdrt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2457560273-69882387-977367775-1000\{5FBBA973-E06B-438F-B2B0-4A72B451B924}	svchost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4964	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2664	Mario Forever 1.exe
1656	stdrt.exe
1656	stdrt.exe
1656	stdrt.exe
1816	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 1656	2664	Mario Forever 1.exe	81
PID 2664 wrote to memory of 1656	2664	Mario Forever 1.exe	81
PID 2664 wrote to memory of 1656	2664	Mario Forever 1.exe	81
PID 1656 wrote to memory of 1868	1656	stdrt.exe	85
PID 1656 wrote to memory of 1868	1656	stdrt.exe	85
PID 1868 wrote to memory of 2728	1868	msedge.exe	86
PID 1868 wrote to memory of 2728	1868	msedge.exe	86
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 3636	1868	msedge.exe	87
PID 1868 wrote to memory of 4924	1868	msedge.exe	88
PID 1868 wrote to memory of 4924	1868	msedge.exe	88
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90
PID 1868 wrote to memory of 3708	1868	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\mf60-full-download.exe
"C:\Users\Admin\AppData\Local\Temp\mf60-full-download.exe"
1⤵
- Drops file in Program Files directory
PID:1216

C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Mario Forever 1.exe
"C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Mario Forever 1.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\stdrt.exe
  "C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\stdrt.exe" /SF "C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Mario Forever 1.exe" /SO364544
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softendo.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd1a4b3cb8,0x7ffd1a4b3cc8,0x7ffd1a4b3cd8
      4⤵
      PID:2728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
      4⤵
      PID:3636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
      4⤵
      PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:3436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
      4⤵
      PID:4380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
      4⤵
      PID:4580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,12170164952483832673,13571637648112534856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
      4⤵
      PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softendo.com/
    3⤵
    PID:2028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffd1a4b3cb8,0x7ffd1a4b3cc8,0x7ffd1a4b3cd8
      4⤵
      PID:1188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:3724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\softendo.com\Mario Forever 6.0\Mario Forever 1.exe

Filesize
18.8MB

MD5
9a1bc5401cbc79549f3551f96a17e881

SHA1
6ffd28063f0f19eebbf8bbc873e38dced9443eee

SHA256
3727cf1266018faf4e7e9f2ae210b4c579615daa529dd42a3444ea5faf03390b

SHA512
164ee41da6684795736e4bf5d31a28e560ec0e153300f93b935500f053a3dd6d7e756c9af73bd6b91de2b6ace0691ce4e390886ecf93090939ce55b9c1b99476

Download Submit
C:\Program Files (x86)\softendo.com\Mario Forever 6.0\data\1-music-presentation.it

Filesize
20KB

MD5
f49fdd2329f1b574dab47f95252927ac

SHA1
5a2add3559792dec35d9f1cce6ca8d26deb2af9c

SHA256
0b21c8c2e440074899535814a569c3002bfb927b59a1de887af76547d70a376a

SHA512
676ee5845febe12ae40d6ba3818d601be562365f609c152312b78d265c26154d71f57aef3861d4b9171468902ba4edf6d1df9148fa7ea81145394f29ce4d6f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b91b6ba3f8be31d8519abca23b1198df

SHA1
8228e0b5264029a4958ba01e159ebd2ec2318ac4

SHA256
b8d11e536ce0af6787a3f1fc5cf1251546c4da3b4bbcb2d1d2eca7e83591ab6d

SHA512
e0729fc98f35efa88d7330ab8f78375cd2aeaaaf3a366579ce4b6380b1f5bcb2cf54259e3b178c8436fbe8255458a39f533a668ffc3f61a898044fbb99c635a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3e1d8862a557397ed3f4ea6355b906c6

SHA1
2cbbd45be3f93a9800c9d12e643852eba6a839b7

SHA256
de2e29df44fd6c735fcf5b0af7b2a9983c3ce5f8076a4ab7eb1df26e30e7cffa

SHA512
bacdc4e472ba8535ea57767f243b11ac8eca7c225201eb98504d29e8e6161a28f0883a61877ad43648a4acc32d4fd6e10985117058d6c35766163abf42a4d77f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\Flash.mfx

Filesize
24KB

MD5
04b9034c953425bcea37facf1752657d

SHA1
bd20efd26c8f1037017089a3cb303a06c90eb4bc

SHA256
79f7e7ca364d3d575b653d0cc5be37d49c3bf2c66d967b280e3119e54a2fc63d

SHA512
73f639e7c99def1431a8c0d65ac4caf7251deaf70d272fddc970d2cd0694716f5d6240b880d3a9e849d9ef727e5fb70cd17b1ffe5d90d688685faf1dcf7570b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\KcActiveX.mfx

Filesize
288KB

MD5
4866841ead5116ca9a31fd0a4d84c5c9

SHA1
3e4081d0d280462603790b96819dd17fa842a6c1

SHA256
d575eff4a9d1e5f2dec7ec2959b6fa78152ff7619203e60efb7482ccf01f688c

SHA512
4ee542e1861416a8bc3e9630ee4cd63246e1097624d59cb89e1a94df23d1b164d4b3f13917ce941637f92a5aebe28fa0e806b4b285e86283d9e2c49d176ec580

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\KcBoxB.mfx

Filesize
36KB

MD5
01dcf2e65b27b8d63c48285d73f603b6

SHA1
de2697f3d99727b4b80737c24ec7f772c39f8285

SHA256
bd920c75e355ed392d93f6ee7e469637a48d1a1cecd1f5e0acc1ac5ffb888e7a

SHA512
631e736c7bd82518483975a843ba11b46c1615ddc4a0fe3ef2d3a578d97cec3d46f3f58fc09d3f78f2fc33e04938eff46b71835d8d018309a2a9676bdba59983

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\MMFS2.dll

Filesize
336KB

MD5
8db8f18923be9b91a21f2c7466e3c940

SHA1
d807860d21d2e01d7df14108578f3971a3c9783e

SHA256
e49b305d92bdae08a7852ca8168167453277a6554f6bf5878c4b86ae8bb525d6

SHA512
f9ba41e8adbd15c2c04321fdd95b57d4a04011550db72c0141d3cafd3eded95e1bbb3a46faca7aaaa008f6e3a2ba326797eb3bb3528dea7c28827ba6165ba2e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\Onu.mfx

Filesize
175KB

MD5
64cc6a16ff801438b8b78e382f74fefe

SHA1
b0ba9e394c01f31a84d7c69309a8330d515fe88d

SHA256
276486bcb8219f5336348403336e0dbcc3d066c39d439494625e785dd05bf45c

SHA512
53bcb8dc42308a47b460d52ca89fa68324c5fab0d12fe03185a48a6ee08bf49d2091c095cc5d37dc8db862fa006e7f34aa3b391f96f120e9a9e8b32ff03a0d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\OnuEng_AdvSound.mfx

Filesize
96KB

MD5
f783f62733df13b6ad6253ebb4e56e3d

SHA1
7cdf9d826f442d5980bde5791af342852d640166

SHA256
2b08483a3ae957bdf51ee825a594824d748604291dcd7c0c60a245486d92a8cd

SHA512
798c8b27db6815875fafed180deef06e49068ddf1d82491e699d2cf923cd33a02dc3217011e117acec3c7edc0f877d4c59111244d9e00d47574ae48e791a74d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\OnuEng_Mod.mfx

Filesize
540KB

MD5
dddf56ebdaa9fef687a0290682f2ea00

SHA1
44d16a6a47a61bf39067b080d97c72271c701189

SHA256
31d35807040f1c332c092319b62d1f13420405c5e6da243308072e34627ca763

SHA512
2ee30e66d69c11bd0fb77a38e2e5ddbe84ce64c4b2fa4d68e7b1699989c7b918054b6986c724d6e287080795b3508215bcb2f914a9ea46552dc956d89111ab9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\clickteam-sinewave.mvx

Filesize
32KB

MD5
15c679a9d1966fcc2909c8ae5275574e

SHA1
ae65e7fd44978eac5feda912faf658c67901d2b5

SHA256
a780b59ca7e67728ef2dcf47b21d0e8853581280e12ceca51d3dba1ff0288a7f

SHA512
f134c2d039d4e2b1d6ccf1f55b7ab3fc97894dbb71cfa62c841cdc859e9bca5e1bf45713d6ddb608702aac29ecbecae76cc38a93fb0bd681f37ab66a0fd2dc7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\ctrlx.mfx

Filesize
44KB

MD5
69166379f7d468c005e793d01972ebec

SHA1
3919eff0106bd9c6097c6e5564e02abfc96882d6

SHA256
4c9bc669e3e6c9db686fd282f3ed63081d923c9a56673894affe3fbdc25be9da

SHA512
027c0ef9253b9c0805fe2fe331ac30a724b8a8e42a1e839616f687d5b692b45cd438c04fecc25e37a0b236b43f35086238ab34ba6591558c7fe3e3f0c7198d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\joystick.mfx

Filesize
36KB

MD5
fe5ddb35c07c41c74a4a7d35f125fdd6

SHA1
3f7d959f2bc7245fa385732442063108aef2b059

SHA256
7a15ad3c645ab6292cbff0c57c39e1d5fda18cfa8899dbd01a759e8d7a9e435d

SHA512
53c653ea63af88c609ad4d64c60fe61b4f1b68b9a13c20a11cdfdb4f349b7a5d4c748fc882a4b0fb61edf352ff80c9ec1396f616b07fadd9fe09a02b9133c6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcclock.mfx

Filesize
36KB

MD5
ef7573d82a6bcdaeef0a811b7bc2cee8

SHA1
ea8129500d95f8ecf0fa32e790e2d1399c6e4d2e

SHA256
9c9f75b5283077c0cc3734dc5c8e6d1aae7eb291e5bd966d7e320ba3a43d3c63

SHA512
586ef6e1acba1437bb6ab45a49dbc5b7e4933cf942b9a26c42e787353c52281be114ec1a00960f13ef3c14e07a56401024205c3e51fd18d8fed8d4533658de8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcdirect.mfx

Filesize
8KB

MD5
2c9f79ff0d729e9af6a752a5770c41c9

SHA1
35474b266e5ef0e1bc65d577722294f01dfccbe1

SHA256
8214b6ee131f300d0c4382cfefd6b707f0c20ff9845b46d46daacc2cc46b10ba

SHA512
3fb98f969455cc6d7d54d5d71e7d177bcb87c131de1a639ba81d03f8f4129b92bd22dbee83d5e470f2ce3a415bf8dbd6a0094845f5c7b2d18539c9c9ea77be96

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcedit.mfx

Filesize
32KB

MD5
7030084bb5b7b22557127088be659944

SHA1
68cfd0a14361e9abd4ce79960c91f5fb03c46531

SHA256
8dcf830e23362f826342ceb42e1c5ed0880495e1695816cc2d68cd70fd7013d7

SHA512
dd7720661a00bb201baba07d7a57294218c0801d622e2733ff55ee2da2b9e2857b6ec5126fd3663dde92409791b0b4a6ed8b9041af139855fc1a2659f81e4cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcfile.mfx

Filesize
36KB

MD5
4ebd503e3c9c36634c3af68df73d5be3

SHA1
5f4d3635622ea6dfd43069d58babb2c433dfad01

SHA256
9564c5d67d5ae62fc6654255592b45668e354a3d6c3738f99e3848ad4d9b00f7

SHA512
05b70e22431dc0c866a6ca486ad72ea3f55f5e0da8c7398fd06079b708c6d08e12af4c52ead83208bb8a8fbeb1eee7b48dcd73ca4ff1910ab1bb15aaead32a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcini.mfx

Filesize
28KB

MD5
327d297396ee9936732d689690ae4c8c

SHA1
440059d8593303eb9f3b56a797b010bdc2368889

SHA256
f77641a7091ba7ca5831d18d8575098b2531072f916667a460a5bebb101b717d

SHA512
70099a675e12dc673c77d3cacbdbc405edbbc57ad5ee0f0173e019bf13d530ea1a9a2c066037716d3ffed278f80264ef8863a220c590e22e216e458b6a825a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcmouse.mfx

Filesize
7KB

MD5
276de64b9e556f529e44d55326e96843

SHA1
491a6119b621ac42e7c890234739a60c6428e7be

SHA256
0a14ad266ee394057ae389f9af08cbc0050050e3d4a839f91df894fd33582349

SHA512
6fd18d0a042b7535f3001f4a20663d5ce4dbbf19b150b1750fc5a0e9cfefc428714c48936f108aa72d305ab6ec7514585fcbb337bc7d7b44902032e3cdee6674

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcplugin.mfx

Filesize
24KB

MD5
f9cf0b796469a6dc42bcf53f44b86bd4

SHA1
ab550444462b73e5a4b7c4cf18450b6cbf3f6199

SHA256
06b59a618468d42b1bfa47dc79d00e11cd510305a7c39e70c8a7f3c533207cc6

SHA512
660cfa53996f221a004260b6da0fe04c89bbdbd66f2e884500d8048cad7122481bb3d2924451727dfd486c13af0903774f8a2e0fd2815bb175ccb87886d2ad98

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\kcwctrl.mfx

Filesize
12KB

MD5
54dce6e0489b136375cfce1163c583e6

SHA1
02dc9db3cf5e41e8759c368f5e64a84f68086e41

SHA256
ad64a515466b3cc850da1074c7fefaf0076452b7a2ef9275d27368d81ca1a502

SHA512
ab2cd87d29dfd6f955fca35f45c72d99742ffcb3642a3d203bcb447a327097ee0ee2e726652b1b811dc95fc9fcee4fd1a166199d9a061ed111da7e87d129d689

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\libsndfile-1.dll

Filesize
317KB

MD5
3ab55e626f46606477852216f0352578

SHA1
c3440887056c7ade6eddbf7bafd4d136564dabd4

SHA256
6cf76262843b751d4d7fd7778c2ba232a13c1d5d742ad6720bd030df18dbaccb

SHA512
63ae167067e89dee9c62dfc9b3928a49fc94d59b447aab94a24a5aad18793bc5847578a277b9c196d0177b701f7db9977c0ca96bc29d2b7afc53724b104b523e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\mmf2d3d9.dll

Filesize
1.0MB

MD5
ca6119327ef3ceca67b1926c00116d88

SHA1
638e84b79d8bc9ac307a7f602c633c4277374ded

SHA256
ffeb1b3147f731efd1150a26290b9121705d158c4dc2cf810b4ba81dbed0a74e

SHA512
91033316e7e1ee2f93b5600e1d25df62511f81435eeb72fb2171bd42e2a005c8c68537155d76eb2c2080822e86475d0eb676ca517e898048671b3da6849de2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\oggflt.sft

Filesize
130KB

MD5
e925b7e0be07bc86cb8042168077bb04

SHA1
233c160b5264e1fa4f3b3ad6464207c09f698d26

SHA256
848d266c7676a5f59e66386d76679b97d2934166a8d829d5d000b217ab7a34cf

SHA512
0063b350116bfa478ecda081ae364e08c84cb97a337ff0b6e0d442653976c2663b8b2b430cca694f1a75fd93414d264b46da1331e7aadc2cdd424d69db27c31a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\stdrt.exe

Filesize
656KB

MD5
910ea133a545d1fe435e3c2942f1a5a8

SHA1
b4ebf54b5ad99f25ce9fe32df99c66d8b3fc2024

SHA256
8eb3008fe221a68b521488225163703a59fc5c5f2ce51711ee6051cc717ec3bf

SHA512
7b5a3619fc3d808819f19487f7a74a97b8771239f6b747d178ec69c441e0c90ca96d869a47cfe62cb928757a3972d7fd8889f89ef9b39157e73080d5ef38ca55

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\timex.mfx

Filesize
36KB

MD5
942aa7c4c4512ce6f776a5e38396c09f

SHA1
a5b326146238611b2187d0a9f9909e4ef0cc2ec6

SHA256
71a78bc13eff4e9c6bcc44b4f6b41840308f9d021cd00bb597bf7105f29dfd1b

SHA512
15f0d3aa10b3b901edee179fd1bb205d43a91f26839ac2fa7e4e418d8de6099fc87c3588b2a7ada02cab01d9392be78ae8c421de0763e2fc23f63503ae5c9699

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE1F4.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1656-292-0x000000006F140000-0x000000006F198000-memory.dmp

Filesize
352KB

Download
memory/1656-307-0x0000000008510000-0x0000000008521000-memory.dmp

Filesize
68KB

Download
memory/1656-263-0x0000000002430000-0x0000000002448000-memory.dmp

Filesize
96KB

Download
memory/1656-253-0x0000000002400000-0x0000000002430000-memory.dmp

Filesize
192KB

Download
memory/1656-258-0x0000000002870000-0x0000000002911000-memory.dmp

Filesize
644KB

Download
memory/1656-279-0x0000000002830000-0x0000000002854000-memory.dmp

Filesize
144KB

Download
memory/1656-274-0x0000000002A90000-0x0000000002B96000-memory.dmp

Filesize
1.0MB

Download