Malware Analysis Report

2025-01-02 12:02

Sample ID 221231-t5162adb7v
Target LauncherFenix-Minecraft-v7.exe
SHA256 122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
Tags
bazarbackdoor backdoor
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Threat Level: Known bad

The file LauncherFenix-Minecraft-v7.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor

BazarBackdoor

Bazar/Team9 Backdoor payload

Executes dropped EXE

Downloads MZ/PE file

Drops desktop.ini file(s)

Drops file in Program Files directory

Suspicious use of FindShellTrayWindow

NTFS ADS

Modifies registry class

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-12-31 16:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-12-31 16:39

Reported

2022-12-31 16:45

Platform

win10-20220812-es

Max time kernel

269s

Max time network

301s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\System32\bcastdvr.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\GamePanel.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\GamePanel.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240764859.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240764859.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240764859.tmp\jre-8u351-windows-x64.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240800062.tmp\jre-8u351-windows-x64(1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds240806343.tmp\jre-8u351-windows-x64(1).exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4472 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
PID 4472 wrote to memory of 888 N/A C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4624 wrote to memory of 1832 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 3336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 3336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4568 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1832 wrote to memory of 4840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe

"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\System32\GamePanel.exe

"C:\Windows\System32\GamePanel.exe" 0000000000030118 /startuptips

C:\Windows\System32\bcastdvr.exe

"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1832.0.437461767\1430396563" -parentBuildID 20200403170909 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1832 "\\.\pipe\gecko-crash-server-pipe.1832" 1608 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1832.3.472598578\407143414" -childID 1 -isForBrowser -prefsHandle 2288 -prefMapHandle 2280 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1832 "\\.\pipe\gecko-crash-server-pipe.1832" 2324 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1832.13.1744796381\949381584" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1832 "\\.\pipe\gecko-crash-server-pipe.1832" 3452 tab

C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

"C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\System32\GamePanel.exe

"C:\Windows\System32\GamePanel.exe" 0000000000040054 /startuptips

C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

"C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\System32\GamePanel.exe

"C:\Windows\System32\GamePanel.exe" 000000000006005C /startuptips

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds240764859.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds240764859.tmp\jre-8u351-windows-x64.exe"

C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe"

C:\Users\Admin\AppData\Local\Temp\jds240800062.tmp\jre-8u351-windows-x64(1).exe

"C:\Users\Admin\AppData\Local\Temp\jds240800062.tmp\jre-8u351-windows-x64(1).exe"

C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe"

C:\Users\Admin\AppData\Local\Temp\jds240806343.tmp\jre-8u351-windows-x64(1).exe

"C:\Users\Admin\AppData\Local\Temp\jds240806343.tmp\jre-8u351-windows-x64(1).exe"

Network

Country Destination Domain Proto
N/A 127.0.0.1:49764 tcp
N/A 127.0.0.1:49767 tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 8.8.8.8:53 search.services.mozilla.com udp
N/A 34.160.46.54:443 search.services.mozilla.com tcp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 push.services.mozilla.com udp
N/A 8.8.8.8:53 search.r53-2.services.mozilla.com udp
N/A 8.8.8.8:53 shavar.services.mozilla.com udp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 8.8.8.8:53 a1887.dscq.akamai.net udp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 34.221.175.134:443 shavar.prod.mozaws.net tcp
N/A 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
N/A 52.41.91.37:443 push.services.mozilla.com tcp
N/A 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 8.8.8.8:53 snippets.cdn.mozilla.net udp
N/A 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 65.9.86.64:443 snippets.cdn.mozilla.net tcp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 d228z91au11ukj.cloudfront.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 cs9.wac.phicdn.net udp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 www.wikipedia.org udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 youtube-ui.l.google.com udp
N/A 8.8.8.8:53 star-mini.c10r.facebook.com udp
N/A 8.8.8.8:53 dyna.wikimedia.org udp
N/A 8.8.8.8:53 www.reddit.com udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 8.8.8.8:53 twitter.com udp
N/A 8.8.8.8:53 reddit.map.fastly.net udp
N/A 127.0.0.1:49775 tcp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 8.8.8.8:53 pki-goog.l.google.com udp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 172.217.168.214:443 i.ytimg.com tcp
N/A 172.217.168.214:443 i.ytimg.com tcp
N/A 172.217.168.214:443 i.ytimg.com tcp
N/A 172.217.168.214:443 i.ytimg.com tcp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 8.8.8.8:53 i.ytimg.com udp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 apis.google.com udp
N/A 142.251.39.110:443 play.google.com tcp
N/A 142.251.39.110:443 play.google.com tcp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 play.google.com udp
N/A 8.8.8.8:53 plus.l.google.com udp
N/A 8.8.8.8:53 launcherfenix.com.ar udp
N/A 104.21.72.175:443 launcherfenix.com.ar tcp
N/A 8.8.8.8:53 launcherfenix.com.ar udp
N/A 8.8.8.8:53 launcherfenix.com.ar udp
N/A 8.8.8.8:53 textures.launcherfenix.com.ar udp
N/A 8.8.8.8:53 www.paypalobjects.com udp
N/A 8.8.8.8:53 textures.launcherfenix.com.ar udp
N/A 172.67.153.84:443 textures.launcherfenix.com.ar tcp
N/A 172.67.153.84:443 textures.launcherfenix.com.ar tcp
N/A 172.67.153.84:443 textures.launcherfenix.com.ar tcp
N/A 172.67.153.84:443 textures.launcherfenix.com.ar tcp
N/A 172.67.153.84:443 textures.launcherfenix.com.ar tcp
N/A 8.8.8.8:53 cs1150.wpc.betacdn.net udp
N/A 8.8.8.8:53 cs1150.wpc.betacdn.net udp
N/A 8.8.8.8:53 textures.launcherfenix.com.ar udp
N/A 192.229.210.155:443 cs1150.wpc.betacdn.net tcp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 142.251.39.98:443 googleads.g.doubleclick.net tcp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 142.251.39.102:443 static.doubleclick.net tcp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 8.8.8.8:53 googleads.g.doubleclick.net udp
N/A 8.8.8.8:53 static.doubleclick.net udp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 216.58.208.106:443 jnn-pa.googleapis.com tcp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 216.58.208.106:443 jnn-pa.googleapis.com tcp
N/A 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 142.251.39.98:443 googleads.g.doubleclick.net tcp
N/A 8.8.8.8:53 partner.googleadservices.com udp
N/A 142.251.39.98:443 partner.googleadservices.com tcp
N/A 8.8.8.8:53 partner46.googleadservices.com udp
N/A 13.89.179.10:443 tcp
N/A 8.8.8.8:53 s.w.org udp
N/A 192.0.77.48:443 s.w.org tcp
N/A 8.8.8.8:53 s.w.org udp
N/A 8.8.8.8:53 s.w.org udp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 142.251.39.98:443 www.googletagservices.com tcp
N/A 8.8.8.8:53 tpc.googlesyndication.com udp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 8.8.8.8:53 www.googletagservices.com udp
N/A 142.251.39.97:443 tpc.googlesyndication.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 142.250.179.163:80 pki-goog.l.google.com tcp
N/A 8.8.8.8:53 lh6.googleusercontent.com udp
N/A 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
N/A 142.251.39.97:443 googlehosted.l.googleusercontent.com tcp
N/A 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
N/A 13.107.4.50:80 tcp
N/A 8.8.8.8:53 s.w.org udp
N/A 8.8.8.8:53 s.w.org udp
N/A 8.8.8.8:53 csi.gstatic.com udp
N/A 216.239.32.3:443 csi.gstatic.com tcp
N/A 8.8.8.8:53 csi.gstatic.com udp
N/A 8.8.8.8:53 csi.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-if-v6exp3-v4.metric.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-if-v6exp3-v4.metric.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-if-v6exp3-v4.metric.gstatic.com udp
N/A 8.8.8.8:53 securepubads.g.doubleclick.net udp
N/A 142.250.179.130:443 securepubads.g.doubleclick.net tcp
N/A 8.8.8.8:53 securepubads46.g.doubleclick.net udp
N/A 8.8.8.8:53 securepubads46.g.doubleclick.net udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i1-v6exp3.v4.metric.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i2-v6exp3.ds.metric.gstatic.com udp
N/A 216.58.208.114:443 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i1-v6exp3.v4.metric.gstatic.com tcp
N/A 142.251.39.114:443 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i2-v6exp3.ds.metric.gstatic.com tcp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i1-v6exp3.v4.metric.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i2-v6exp3.ds.metric.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i1-v6exp3.v4.metric.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-i2-v6exp3.ds.metric.gstatic.com udp
N/A 8.8.8.8:53 api.launcherfenix.com.ar udp
N/A 8.8.8.8:53 api.launcherfenix.com.ar udp
N/A 104.21.72.175:443 api.launcherfenix.com.ar tcp
N/A 8.8.8.8:53 api.launcherfenix.com.ar udp
N/A 8.8.8.8:53 files.launcherfenix.com.ar udp
N/A 8.8.8.8:53 files.launcherfenix.com.ar udp
N/A 104.21.72.175:443 files.launcherfenix.com.ar tcp
N/A 8.8.8.8:53 files.launcherfenix.com.ar udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-s1-v6exp3-v4.metric.gstatic.com udp
N/A 142.250.179.163:443 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-s1-v6exp3-v4.metric.gstatic.com tcp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-s1-v6exp3-v4.metric.gstatic.com udp
N/A 8.8.8.8:53 p4-agf3pttrohhmo-bi574oxglayz6yhc-534569-s1-v6exp3-v4.metric.gstatic.com udp
N/A 8.8.8.8:53 id.google.com udp
N/A 142.250.199.35:443 id.google.com tcp
N/A 8.8.8.8:53 id.google.com udp
N/A 8.8.8.8:53 id.google.com udp
N/A 142.250.199.35:443 id.google.com tcp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 www.java.com udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 84.53.185.179:443 www.java.com tcp
N/A 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
N/A 69.192.66.17:443 static.ocecdn.oraclecloud.com tcp
N/A 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 s.go-mpulse.net udp
N/A 23.222.18.199:443 s.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 www.oracle.com udp
N/A 95.101.125.213:443 www.oracle.com tcp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 95.101.125.213:443 e2581.dscx.akamaiedge.net tcp
N/A 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 c.oracleinfinity.io udp
N/A 69.192.64.212:443 c.oracleinfinity.io tcp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 8.8.8.8:53 e11123.x.akamaiedge.net udp
N/A 69.192.64.212:443 e11123.x.akamaiedge.net tcp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 108.156.60.112:443 consent.trustarc.com tcp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 consent.trustarc.com udp
N/A 8.8.8.8:53 dc.oracleinfinity.io udp
N/A 138.1.45.89:443 dc.oracleinfinity.io tcp
N/A 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
N/A 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
N/A 138.1.45.89:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 13.36.218.177:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 8.8.8.8:53 oracle.112.2o7.net udp
N/A 8.8.8.8:53 c.go-mpulse.net udp
N/A 95.101.58.226:443 c.go-mpulse.net tcp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
N/A 138.1.45.89:443 dc.oracleinfinity.io.akadns.net tcp
N/A 138.1.45.89:443 dc.oracleinfinity.io.akadns.net tcp
N/A 138.1.45.89:443 dc.oracleinfinity.io.akadns.net tcp
N/A 8.8.8.8:53 javadl.oracle.com udp
N/A 69.192.71.29:443 javadl.oracle.com tcp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 104.85.4.85:443 sdlc-esd.oracle.com tcp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 138.1.45.89:443 dc.oracleinfinity.io.akadns.net tcp
N/A 13.36.218.177:443 oracle.112.2o7.net tcp
N/A 8.8.8.8:53 javadl.oracle.com udp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 23.222.50.60:443 javadl-esd-secure.oracle.com tcp
N/A 69.192.71.29:443 e13073.dscx.akamaiedge.net tcp
N/A 104.85.4.85:443 e2875.dscd.akamaiedge.net tcp

Files

memory/4472-115-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-116-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-117-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-118-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-119-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-120-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-121-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-122-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-123-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-124-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-125-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-126-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-127-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-128-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-130-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-129-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-131-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-132-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-133-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-134-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-135-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-136-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-137-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-138-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-140-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-139-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-141-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-142-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-143-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-144-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-145-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-146-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-147-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-148-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-149-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-151-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-150-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-153-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-152-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-155-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-154-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-156-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-157-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-158-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-159-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-160-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-161-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4472-162-0x0000000077110000-0x000000007729E000-memory.dmp

memory/888-163-0x0000000000000000-mapping.dmp

memory/888-173-0x0000000002370000-0x0000000003370000-memory.dmp

C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

MD5 d99bb55b57712065bc88be297c1da38c
SHA1 fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256 122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512 3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

memory/1188-178-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-179-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-180-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-182-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-181-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-183-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-184-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-186-0x0000000077110000-0x000000007729E000-memory.dmp

C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

MD5 d99bb55b57712065bc88be297c1da38c
SHA1 fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256 122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512 3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

memory/1188-187-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-188-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-189-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-190-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-191-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-192-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-193-0x0000000077110000-0x000000007729E000-memory.dmp

memory/1188-194-0x0000000077110000-0x000000007729E000-memory.dmp

memory/4868-227-0x0000000000000000-mapping.dmp

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

MD5 d62c8236bfd6d8524269afdd26460a54
SHA1 93be24772e4426e73dc3d67821765205d87d6158
SHA256 b9582f4b32e4454e32fd57805d0518d9306542cb2734b773ea22671ac0594b99
SHA512 c9cbd69051d27f46885b694ec8d77efdcb6fe0ccea647a7d7fc8f92b05d7ea3eab601640df0b38481e5e4304c31ef051c0ac876895956579890a60d99ac87c8f

memory/4868-237-0x0000000002CF0000-0x0000000003CF0000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

memory/4868-254-0x0000000002CF0000-0x0000000003CF0000-memory.dmp

memory/4868-259-0x0000000002CF0000-0x0000000003CF0000-memory.dmp

C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

MD5 d99bb55b57712065bc88be297c1da38c
SHA1 fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256 122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512 3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

memory/1432-309-0x0000000000000000-mapping.dmp

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

MD5 82c698789470bba13561c9888947faff
SHA1 cd8ff8b45901300dc51d5dd3e3a033e7b93347c0
SHA256 b9c20de5d38b8bcd5282da947021223d256c4334a2dde3af0333f358da84456e
SHA512 97699df1a1686051d75b31667723ff089b5f757d4130e90fee8d35eb4e6c5ea2180dd7184214c6de85b6e7a0a8d10ae96dbb0e704958b6e37bd8e72b8e5663b8

memory/1432-320-0x0000000002C50000-0x0000000003C50000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3844063266-715245855-4050956231-1000\83aa4cc77f591dfc2374580bbd95f6ba_fb683904-d935-4145-88dd-4a05f296c648

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

memory/4672-327-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jds240764859.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds240764859.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 b511c01bf04502f71073c9ccbd55e19d
SHA1 125984f4c888116539320a1d621d53ee8ce00c23
SHA256 1b181eab4089410aa26e5c8382cb61a6c235370275d12e05cf3d233de93bfa34
SHA512 574f8405f1b626dd39dd37e47f370895cacb62c9bf91e7d8ff970784b2526c158babd0b75d6be8f806f3789d2e32f5a400742b4d5e17763fda52ba5658bbc893

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 bc65b94b8942d62991b051d82718c635
SHA1 edeeafc09d37232f5494e8bb2cfcfbb643d53bcc
SHA256 44795c3f5097b0016ba68ccfc8ec850d6bbbb59251ebfda5e9b999b2b26fed62
SHA512 f54eb70488a98f78ce044b364e7d1f36f07e6b5a937b942185a5cb40645592660da6a5812ee74ad6752d7fa929a774db2239a15f011e8bd009bfba7b2dcb9a20

C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe

MD5 562178803306580a156359563d9ab1ae
SHA1 47881b007d86a7794d83133523988997be675f3f
SHA256 53e4a48d164a0c8061b9c57398414d07cc7738bb9978a3ddbbb251323f311f67
SHA512 c63c950b4dfde214eddf6dba7583c9b8839307029d87807559a60cfe2346434546c764108720468939475f72ec065a70d80ba41a846f99429b1acfd50ab7943e

C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\AppData\Local\Temp\jds240800062.tmp\jre-8u351-windows-x64(1).exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

memory/3272-335-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jds240800062.tmp\jre-8u351-windows-x64(1).exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 2fbaa72b116599e049be48251b04fb9d
SHA1 fc0e1de094c4581eafb43ca52b35ced6ba058d05
SHA256 cd25f42d2bb649bdd619a79b126d81e95b2d8dc375e56854dae77383383c4db4
SHA512 ee96b71868e3838640b988e46c423dc4ac46c52d584cbd4e95680a19b8d86336c8f857d31f0e3e370c5bc708966e2b18e8954d122a76c888170b801c1dfc5fd1

C:\Users\Admin\Downloads\jre-8u351-windows-x64(1).exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 6efe3e0e9d2775d977a0e891b51a356e
SHA1 8af119b0aa0f67049315da6abea3f48b97f2c63e
SHA256 2f56def8b075647ef114a95190ae64ab0bd44e7c1fc9ae68ae4c15344b349a39
SHA512 d786df0720820415e8d2945f57fe720cd88fe76424057cb3988966292d5324717a776694a5ad59e007a8e01966bad2a928da14a15a0918edfa529511db4bb1b0

memory/3924-341-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\jds240806343.tmp\jre-8u351-windows-x64(1).exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jds240806343.tmp\jre-8u351-windows-x64(1).exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4dcd4c6e357d23f22ef1eada67370850
SHA1 f94adcd3632a9f3ae8f4ffe3d17176955b1afccb
SHA256 cdf1b1e3eb6e284cf27296b5c7d87df8182ec42cf12903ad30ccd4ad8b3ae45c
SHA512 b6918561444f7fca4f650d2aa9c4eedbf0cdccff60cb39350d3f42bfdd4a87518cfa1ed571d0e058b1e91a85ebfe3512a181c2a06dd565346a4fac197b4ee68f

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 457cba3fd6b9829d773c8d02f7b551ca
SHA1 62a75d9d0ade32b82337998c7c6f60d8a091a756
SHA256 a7f124fec41cab82b8d283d5a73507b52c26bee21db140223f0dd5d984e10f67
SHA512 0f4a257362815bfcb57039595422356794097494cda621b1c41d1e1f60f11b25ec85183e2f0a643ba150395d1fc9c546518113e507c637366af115ab7ee4f77e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 457cba3fd6b9829d773c8d02f7b551ca
SHA1 62a75d9d0ade32b82337998c7c6f60d8a091a756
SHA256 a7f124fec41cab82b8d283d5a73507b52c26bee21db140223f0dd5d984e10f67
SHA512 0f4a257362815bfcb57039595422356794097494cda621b1c41d1e1f60f11b25ec85183e2f0a643ba150395d1fc9c546518113e507c637366af115ab7ee4f77e