122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Resubmissions

28/12/2022, 19:37

221228-yb6lwabd55 8

28/12/2022, 19:35

221228-yandxaed9z 1

28/12/2022, 19:22

221228-x3lkcaed8x 4

Analysis

max time kernel
281s
max time network
295s
platform
windows7_x64
resource
win7-20220812-es
resource tags

arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
submitted
28/12/2022, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft.exe
Size

397KB
MD5

d99bb55b57712065bc88be297c1da38c
SHA1

fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512

3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
SSDEEP

3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2208	LauncherFenix-Minecraft-v7.exe
288	LauncherFenix-Minecraft-v7.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1344	chrome.exe
1376	chrome.exe
1376	chrome.exe
2884	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	892	AUDIODG.EXE
Token: 33	892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	892	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe
1376	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
2020	javaw.exe
2020	javaw.exe
2020	javaw.exe
2020	javaw.exe
928	mspaint.exe
928	mspaint.exe
928	mspaint.exe
928	mspaint.exe
2156	javaw.exe
2156	javaw.exe
2156	javaw.exe
2156	javaw.exe
2156	javaw.exe
2156	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 600 wrote to memory of 2020	600	Minecraft.exe	28
PID 600 wrote to memory of 2020	600	Minecraft.exe	28
PID 600 wrote to memory of 2020	600	Minecraft.exe	28
PID 600 wrote to memory of 2020	600	Minecraft.exe	28
PID 1376 wrote to memory of 1728	1376	chrome.exe	34
PID 1376 wrote to memory of 1728	1376	chrome.exe	34
PID 1376 wrote to memory of 1728	1376	chrome.exe	34
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 976	1376	chrome.exe	35
PID 1376 wrote to memory of 1344	1376	chrome.exe	36
PID 1376 wrote to memory of 1344	1376	chrome.exe	36
PID 1376 wrote to memory of 1344	1376	chrome.exe	36
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37
PID 1376 wrote to memory of 1636	1376	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:600
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Minecraft.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2020

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d64f50,0x7fef5d64f60,0x7fef5d64f70
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1044 /prefetch:2
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2524 /prefetch:2
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1412 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3708 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3816 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3900 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3904 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3976 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3968 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4060 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3124 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1012,10774292999769546188,3323325038830933295,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:2080
- C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe
  "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
  2⤵
  - Executes dropped EXE
  PID:2208
- - C:\Program Files\Java\jre7\bin\javaw.exe
    "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2156

C:\Program Files\Windows Defender\MSASCui.exe
"C:\Program Files\Windows Defender\MSASCui.exe"
1⤵
PID:2792

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2920

C:\Users\Admin\Desktop\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\Desktop\LauncherFenix-Minecraft-v7.exe"
1⤵
- Executes dropped EXE
PID:288
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\LauncherFenix-Minecraft-v7.exe"
  2⤵
  PID:3004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\BackupOut.pps

Filesize
300KB

MD5
07f95d3042285cf342f35da65359ac8c

SHA1
8d5a0505ac983ca7d717141ba135422fbeb50306

SHA256
24ed3de5a5aad644143a2a20415fcf53d69a3f0eab7d2bb02e344893d15be887

SHA512
6310fc83ff1680d4ce0f3ae586c33f93e2aad343875ade7a2a7f53ad0a4e0dfdc9255405c860d873ba73f4b8523122860944abe8c2034232ce27549a7c09e759

Download Submit
C:\Users\Admin\Desktop\BackupStop.avi

Filesize
532KB

MD5
05aff84f1e32ae647a07d9a8f08ae469

SHA1
cf5bf03cfa8d049ed0f2aabfc6a9eb39c9c55996

SHA256
f7b522005824dd48ec9a762d2961cb1e38176b12466ded5e2412f0c50367b112

SHA512
a1ef44948253abb87a85c723fdde1b448947c8d2279c0fa6013e2c0b68708ce78087554dbc70b0f17fc4707fcdc7838a6eef0d6a27341b8936cca8b6e4b2518c

Download Submit
C:\Users\Admin\Desktop\CompareSubmit.TTS

Filesize
377KB

MD5
dbde1b1efcfc9f6d0df63212b81d4b81

SHA1
1137627eaaaed0bf7e495345743747015dfd1d01

SHA256
ac05025aaab9d07fad827773233ec8e499e3db8d91a92d2a5f529fcfbeefd9a1

SHA512
5f174e557dde01e13d8b3b625509a57e854b6869ad17700164ae8f1fdd5425a9897c8191148ee06765add8660f9f0c33cdf40089abfbc6938fd645579f07efe5

Download Submit
C:\Users\Admin\Desktop\CompleteSplit.cr2

Filesize
493KB

MD5
2054143e52736ebcf86fef541da99774

SHA1
15e839a01d300e769887ebda7e33775390956b6f

SHA256
0eb53b40609f3974dd9714b4818a5bbf24551bb42a271233572b33870dd84cbf

SHA512
fa81d25759f525ccc609a36bf36721e752f7c9b6677bee27469ddff0495be64e9c321745519b7da818ea2edd721ee1e2a8f2697ed034f72805ee91fc473f65f4

Download Submit
C:\Users\Admin\Desktop\DebugUndo.dotx

Filesize
474KB

MD5
a5bf3dd65d58b25608efab6227472024

SHA1
3b9eedcef532e6fba7e6867e56bd1113836eb6b1

SHA256
97e0164da41ec97298be8b685d06a4504722679b2df364b5392c54e5a7472adc

SHA512
7366dbddd9ea00c5a1b1ec12f53129832a84336166e279510f4e631a64a8b5b7a456086cfe6c8c2727333d99cadccda7ac8c10bd4a7c355f36552a035d76a36f

Download Submit
C:\Users\Admin\Desktop\DenyDisable.rmi

Filesize
571KB

MD5
2c388f3b3db90716860e222479a3f319

SHA1
fc525126d3ef3919d05ac8207f87e08b8a346a8b

SHA256
cbc929ac356970ee01bb8ed4a8bd6789198aeac3a5631d2285c738ebf7e245e6

SHA512
0b88881437d886ec0b049be4bdbfd858f9f1953cc81311048e7016be1ac386cb96519a77762f1e33b192d1172e58aa82479c2c444af5d716cbd4e71c84031b38

Download Submit
C:\Users\Admin\Desktop\DenyNew.xls

Filesize
358KB

MD5
160a86dd17606b5ffd5221639d67de4b

SHA1
899676283faf7ad12e8b3c4f3891bb58ab0d0a59

SHA256
bfcf0b10c1904ea6a5675e9dea631c958c6c2f2c513b1b49d1a777d58e8565d1

SHA512
e961a6ac7ffee11bafd7574d9679d84224f232a8d27ffaac605975a7370b0f61d35956b790ab2e67d8407c0b136059824387e9b6b4f158788d46f7846018bcbe

Download Submit
C:\Users\Admin\Desktop\DenyRevoke.ini

Filesize
871KB

MD5
0f8d7224508195ced2788c686a73a13c

SHA1
1526c95d8d14e8f430d082083c5c842bf8841163

SHA256
93afdf2dec041e65cd7121d163d68d7569b530b651610831e57ded626206d2cb

SHA512
224d2423d310581ece325d824e63cbda3b4390d303bd8ad677e11b884e4ea4d6c921f0f922fa09f36f3f06af42952740f66092ff5bd8c2e21bbce1fc8624daac

Download Submit
C:\Users\Admin\Desktop\DisableBackup.doc

Filesize
241KB

MD5
71979b80ef6801c3d0f3659eebffe025

SHA1
362347302d595a8eebc336f184a065292a3b4733

SHA256
3f4311a5b5cbe829ea112bc31bfa05457bc8a2cdeb85c6eb291b42d34329b039

SHA512
218373c0bd74759d52d03a7d3d2e8cf863a21c170a1c5e396c8884484a87a50636de3e317edea77861b710cc7794adf210561c0e9d7125ebc4f7a5dfb0c72aa7

Download Submit
C:\Users\Admin\Desktop\DismountProtect.3gp2

Filesize
416KB

MD5
79b547dff3ea94765b36d8277932a838

SHA1
f92a74e77fd57694652e15400dab180fa57138e9

SHA256
83b7ef46b4f5d9b2a94efb3d21fc5f65ba4c4320b6a9abd57a2174d6f59db339

SHA512
f8f1672f2663dceb58143f9b6b9aa6cd0d740c6cd0b8e6ad856d78102882c91c02bdd112dd224f9563643afb314abea24161b6ce84006699de7933c7136a11d4

Download Submit
C:\Users\Admin\Desktop\ExportSkip.bmp

Filesize
454KB

MD5
8f4fbf22d50dcf15540d7705281bed72

SHA1
bb0b5c823430bbff65ac51802ada24ffeaf5a135

SHA256
14efae237e5bdd879aee255a207001211788e83910e93f9e27c7650b999a440a

SHA512
63dbab2cada4ebbd2c927a6b43d88f391a7da916bef3f5b3b28df1deb9454b1c4ab48f23d272bc9283ffbc78cd50c56c67a79be69346b249e5c05f3ceb56d4ab

Download Submit
C:\Users\Admin\Desktop\MountMove.wav

Filesize
280KB

MD5
276576b1e2c03af28219a3e774fc7c6a

SHA1
17dd5bd63571608842f956da22fdb3ef94a43376

SHA256
2a1097f8ae3046ab32a4841eead0d3b252d51eb426a96e1d8c879a826effebb3

SHA512
a26b0dfef5c70ccdef1b8cd7cbc322d152635f990ddaf2d0bd8e29568733f879205bf47f67e4102eafe5f331462868e00db43880d2b773e5fd853ba802aa50c3

Download Submit
C:\Users\Admin\Desktop\MoveGroup.7z

Filesize
338KB

MD5
6851ef54bdf9afc4f80948b4b39a8c28

SHA1
b070fce81ce1df59fe610a81be6763c792398f39

SHA256
ebca83f8f84dec01c0f7b156c700e4ad44ed463461598abd8062c717e8d5c935

SHA512
5342b0f4c1ba49d5ff5e119ca677a191249434a2dc05cf160a20048d6b7000f37e09cc75f3bc6f24108f743a162e77f007e1bd6290fd6a66fc30b17c0996ec25

Download Submit
C:\Users\Admin\Desktop\NewSubmit.vsd

Filesize
551KB

MD5
b7e536c29661502b7aab5ac142214423

SHA1
3077549fde698254c9b4b0bea3aba52cde31be0b

SHA256
ca4dd8f86264c4b583ead4c1cf2469c7d5b130fd919cd39a007c0c2d5be9a9ca

SHA512
ec5c3cdc591045dc91015eb6ae211a081706d4dca47227d529dffa2077ceb7b0d341959063847fea84c7c63105ef6345fc7817c330b6e4e0a13de56d9de24dbe

Download Submit
C:\Users\Admin\Desktop\ReceiveClose.bmp

Filesize
435KB

MD5
817ab25dedde6d89cf89cdc86a2c7c66

SHA1
983643fbac5c42ea65d577cc5e2ffb811537ff25

SHA256
0fa9fb372e486381fd0c68ae3cbd2442be28e5d1be46cba7c8e72fe5ca96caca

SHA512
744ce94b840a4ce2763336ae8d41a530d15ec4e4189cc0e2c87093d6df0ea5abcaa85c0fbff1b5b2868765a126bf0bbf205de8ef4d28259da2b2f0eff932acdd

Download Submit
C:\Users\Admin\Desktop\RedoGet.gif

Filesize
396KB

MD5
18297ab72de91d7d8c3c4f061f2aa98e

SHA1
1614334e867d7c4c92960f9c9828737346107f7a

SHA256
b85e3970a5d3273fe24dc43271feb64df4f7e814434dedc35328fe92e2b76305

SHA512
9f497ca3fc68a3bc2d94328dd19bb2ab10610144791e6ff54f8bfa22ca5480762a5c2142732f5115942e5efdeb0bd7b621bf2c612e33bb9cfd9d9e546ebdafd7

Download Submit
C:\Users\Admin\Desktop\RemoveReset.3g2

Filesize
261KB

MD5
5301920201fa473a27ffd5c9810fc872

SHA1
23882151e93ae5eb65e9e8c56271dc41d2921504

SHA256
1569d14c8219887dac1160a6ed2497bcfaea0a135dd14b7049463eeca9c18961

SHA512
0edd3def4a73fbc10c462a3010ff492fdb220bad81aa5b2ee727b791f95ab2a25c32bf36ab5643a1349d9fa358990aa726e10c2d684a27265a144cbef9551994

Download Submit
C:\Users\Admin\Desktop\RepairPublish.jpg

Filesize
590KB

MD5
6831a3032baa816778b9e06cd3b4b9c0

SHA1
0e71786b25d299675a527620cd2e5548c1a17da9

SHA256
bcca47251c45ff0a67b660841dab425804a314520fe4c04365dc26b413e2c451

SHA512
c54140228775917e1c1514a069eac01a0e1fd24f29f36b6f1b82444c749ae40342d97d81b3b21b46235e5e98f418aed6ec381bef2f74322b47ec8aac7aa12a76

Download Submit
C:\Users\Admin\Desktop\SelectSend.inf

Filesize
512KB

MD5
8cd9a509c8e343118d7bb0a0f4c29ae1

SHA1
08b0e55ef5f0578f8f0cba4f012ba324acfd8e00

SHA256
c4068ff2e8ffb10b2760c55e12f128ccf6537ea34cb7d641602072aa39ca516c

SHA512
3345028cc7b6fbaf692f0e9b1b493fa82bc6904fde22a8c17510b950ac7098e5752830031ca2db629acc627082b3d20e2626c05bf05efb0ca7cca3ca1bead944

Download Submit
C:\Users\Admin\Desktop\SplitUse.mpeg3

Filesize
319KB

MD5
e5a7bcbc6e97ddba4b86ac243a5c66f8

SHA1
a66fcd8ecd598b6b4ee022b64f172a76d9c6aa57

SHA256
9c4d2b1fe260e223ba2e101eb4d5ae031493a4af2f9760dda9d5446ba06da2de

SHA512
22797a571a9fa39780ef5f4d700a3e2d5f1ab9cb631fe7ea29d2f2fdb53a0c46cc91ebf6aca72506f558c3456e1a9e6c83fa26e9cf16247f641d81cd5844f16d

Download Submit
C:\Users\Admin\Desktop\TestImport.ocx

Filesize
222KB

MD5
af96e71a162e8bd0b541de7a48d95fa5

SHA1
78704168091bb2839b549efe79a8e4dac6cd84c3

SHA256
a2d42e4aa97d9e74c86a28dac729c66d263cbe2077dd71ae608281c962fc7caa

SHA512
5b0d84be1564b3331a888c929523af4633da498e642d4c5470fa0d2ae28c3057671f6ab99b3aeaff78ba33fa5b2718441ba1fe780028ccc3c44bc381042d5852

Download Submit
C:\Users\Admin\Desktop\UnprotectReceive.dwfx

Filesize
609KB

MD5
3095990defdaed9fbc7545c6fb803b40

SHA1
7e86e295835934a8b7a0856c02e6c5aa924c1ea5

SHA256
f8ff2fc7d0bbd9748c8217990f744271538fa5331af108a2c115be7d2e4935e5

SHA512
e62f0cc018c64684a51d12b7564b02a1c622139e5e1d497151e50ca198ee34328a1df2a4f2515a150f16e2d36a261a22e6893115044144b332d0b01c22847db3

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
22260c6c949270d1b0d3a1187eeaf06e

SHA1
08d26f319cb75b6c97a35dd058361cc376d6facc

SHA256
63b70d30c3a5457a32b3c175b08fa88322627f498c216ac94f5121245c0504b1

SHA512
a42317cb555ba7d3b013b597cdc051c32a7e53a07103bd3b6afa9b04c5eb71a01ff0adf782c9ca6c2600571cf09291bda669360c702b38a1edd6b919c140f9a7

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
970d8953f5bc8d759741b5263c73f888

SHA1
f1a6408c02e83a977467ad84a6566629a98a58a8

SHA256
2b1ac23d14aad8d6f9fcb55ddd4405c68d4ad8d83214e7ef36ed1c9ccdab2eef

SHA512
3c5bcad10882ade665af9225370ecbf966df5f6eae593d909e4f0a76025522dca00de3ffef692f977b7c0a76582200128112aff0e80b02946aa92db74e581404

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
5d4290a862712105b5769badae840584

SHA1
80ea05b2c2cf5d272a598c08a7e70b1e8652d9bf

SHA256
6cc2c98598069cdc28652e9634cbf6460f9d9dd8635251fb72ea1162ae88f5af

SHA512
b96013a30ede31a80f18044cafc79b9ab56cfbc1232f78583f02f9a43919bf27f8a279873c31f53aa8fd6036b66688a25ec241a680e2351d0ceae9ee8a6e568a

Download Submit
memory/600-54-0x0000000075E01000-0x0000000075E03000-memory.dmp

Filesize
8KB

Download
memory/928-81-0x000007FEF71F0000-0x000007FEF723C000-memory.dmp

Filesize
304KB

Download
memory/928-80-0x000007FEF71F0000-0x000007FEF723C000-memory.dmp

Filesize
304KB

Download
memory/2020-78-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2020-77-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2020-76-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2020-75-0x0000000002240000-0x0000000005240000-memory.dmp

Filesize
48.0MB

Download
memory/2020-73-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2020-72-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2020-71-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2020-70-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2020-69-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/2020-68-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/2020-67-0x0000000002240000-0x0000000005240000-memory.dmp

Filesize
48.0MB

Download
memory/2020-56-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

Filesize
8KB

Download
memory/2156-129-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/2156-133-0x0000000000280000-0x000000000028A000-memory.dmp

Filesize
40KB

Download
memory/2156-124-0x00000000021E0000-0x00000000051E0000-memory.dmp

Filesize
48.0MB

Download
memory/2156-125-0x0000000000280000-0x000000000028A000-memory.dmp

Filesize
40KB

Download
memory/2156-126-0x0000000000280000-0x000000000028A000-memory.dmp

Filesize
40KB

Download
memory/2156-127-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/2156-128-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/2156-137-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/2156-131-0x00000000021E0000-0x00000000051E0000-memory.dmp

Filesize
48.0MB

Download
memory/2156-132-0x0000000000280000-0x000000000028A000-memory.dmp

Filesize
40KB

Download
memory/2156-134-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/2156-135-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/2156-136-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download