Analysis

  • max time kernel
    1200s
  • max time network
    1202s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-es
  • resource tags

    arch:x64arch:x86image:win10-20220901-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    16-02-2023 19:33

General

  • Target

    TechnicLauncher.exe

  • Size

    6.7MB

  • MD5

    1c862976cb403f75c4d0a254f7d436f8

  • SHA1

    6aca30f3f524eb8028b65c64cc95d4dcf8bb200e

  • SHA256

    f897ccfbeba62f5e1abb3f0d7a72ab83b4b9ae3e9b2d5c4eac0b79cabd4036fd

  • SHA512

    e109f829a3a8287ddcceb640543fbecfb22fead9ed237f8af0e753b54d6bfdfcbf37ca51cbc9a6544feabdb20dddf88a61e4c954dd8509b347fe4bb75ee8c96e

  • SSDEEP

    98304:dNY+dGXz4c3fQy7kOd7BM0eSNbm89Wdn5ZCdqrZM75n+hb:d5e8cB7kOd7BVq89u5Z8Y4q

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Drops file in Program Files directory 48 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TechnicLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\TechnicLauncher.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=lcd -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Local\Temp\TechnicLauncher.exe;anything" net.technicpack.launcher.LauncherMain
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:2460
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc8c774f50,0x7ffc8c774f60,0x7ffc8c774f70
      2⤵
        PID:2928
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2
        2⤵
          PID:4012
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1668 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4848
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:8
          2⤵
            PID:4028
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
            2⤵
              PID:4976
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
              2⤵
                PID:5048
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                2⤵
                  PID:4680
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4484 /prefetch:8
                  2⤵
                    PID:3176
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4820 /prefetch:8
                    2⤵
                      PID:3980
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4680 /prefetch:8
                      2⤵
                        PID:3768
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4484 /prefetch:8
                        2⤵
                          PID:872
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4148
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5044 /prefetch:8
                          2⤵
                            PID:4756
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:8
                            2⤵
                              PID:1120
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8
                              2⤵
                                PID:1328
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:388
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
                                2⤵
                                  PID:188
                                • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
                                  "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --reenable-autoupdates --system-level
                                  2⤵
                                    PID:3688
                                    • C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe
                                      "C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff78da8a890,0x7ff78da8a8a0,0x7ff78da8a8b0
                                      3⤵
                                        PID:2148
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
                                      2⤵
                                        PID:1936
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                                        2⤵
                                          PID:668
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5460 /prefetch:8
                                          2⤵
                                            PID:2648
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5476 /prefetch:8
                                            2⤵
                                              PID:4500
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5416 /prefetch:8
                                              2⤵
                                                PID:2632
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3324 /prefetch:8
                                                2⤵
                                                  PID:380
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8
                                                  2⤵
                                                    PID:2504
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3364 /prefetch:8
                                                    2⤵
                                                      PID:2596
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
                                                      2⤵
                                                        PID:4816
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5020 /prefetch:8
                                                        2⤵
                                                          PID:4800
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5680 /prefetch:8
                                                          2⤵
                                                            PID:4808
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:8
                                                            2⤵
                                                              PID:5108
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4760 /prefetch:8
                                                              2⤵
                                                                PID:2300
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                                                                2⤵
                                                                  PID:3572
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:4304
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1084
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:3792
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
                                                                  2⤵
                                                                    PID:2056
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                                                                    2⤵
                                                                      PID:1888
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
                                                                      2⤵
                                                                        PID:3768
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=940 /prefetch:8
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:4760
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:1404
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                                                                        2⤵
                                                                          PID:992
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
                                                                          2⤵
                                                                            PID:2212
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
                                                                            2⤵
                                                                              PID:2152
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
                                                                              2⤵
                                                                                PID:4676
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
                                                                                2⤵
                                                                                  PID:1252
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2640
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                                                                    2⤵
                                                                                      PID:4976
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                                                                                      2⤵
                                                                                        PID:4004
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4508
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                                                                                          2⤵
                                                                                            PID:4720
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1480 /prefetch:1
                                                                                            2⤵
                                                                                              PID:2472
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                                                                                              2⤵
                                                                                                PID:3236
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:3940
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:1104
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:4768
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:4488
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:5100
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:2040
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:3856
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:4472
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:4596
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:5020
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:2956
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:3636
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:668
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:1668
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:4216
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=772 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:2952
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                PID:4836
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:2632
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8568 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                  PID:4816
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7764 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:4744
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                      PID:4564
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:4968
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5756 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                          PID:4756
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
                                                                                                                                          2⤵
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          PID:328
                                                                                                                                        • C:\Users\Admin\Downloads\TechnicLauncher.exe
                                                                                                                                          "C:\Users\Admin\Downloads\TechnicLauncher.exe"
                                                                                                                                          2⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          PID:980
                                                                                                                                          • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
                                                                                                                                            "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=lcd -Dswing.aatext=true -classpath "C:\Users\Admin\Downloads\TechnicLauncher.exe;anything" net.technicpack.launcher.LauncherMain
                                                                                                                                            3⤵
                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                            PID:200
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9060 /prefetch:8
                                                                                                                                          2⤵
                                                                                                                                            PID:3196
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8664 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:3148
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,9632141353300696079,1928814005887423961,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:1260
                                                                                                                                            • C:\Windows\System32\rundll32.exe
                                                                                                                                              C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
                                                                                                                                              1⤵
                                                                                                                                                PID:96
                                                                                                                                              • C:\Users\Admin\Downloads\TechnicLauncher.exe
                                                                                                                                                "C:\Users\Admin\Downloads\TechnicLauncher.exe"
                                                                                                                                                1⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:5040
                                                                                                                                                • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
                                                                                                                                                  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=lcd -Dswing.aatext=true -classpath "C:\Users\Admin\Downloads\TechnicLauncher.exe;anything" net.technicpack.launcher.LauncherMain
                                                                                                                                                  2⤵
                                                                                                                                                  • Drops file in Program Files directory
                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                  PID:1120
                                                                                                                                              • C:\Users\Admin\Downloads\TechnicLauncher.exe
                                                                                                                                                "C:\Users\Admin\Downloads\TechnicLauncher.exe"
                                                                                                                                                1⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:4612
                                                                                                                                                • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
                                                                                                                                                  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=lcd -Dswing.aatext=true -classpath "C:\Users\Admin\Downloads\TechnicLauncher.exe;anything" net.technicpack.launcher.LauncherMain
                                                                                                                                                  2⤵
                                                                                                                                                  • Drops file in Program Files directory
                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                  PID:4604
                                                                                                                                              • C:\Users\Admin\Downloads\TechnicLauncher.exe
                                                                                                                                                "C:\Users\Admin\Downloads\TechnicLauncher.exe"
                                                                                                                                                1⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                PID:2876
                                                                                                                                                • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
                                                                                                                                                  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=lcd -Dswing.aatext=true -classpath "C:\Users\Admin\Downloads\TechnicLauncher.exe;anything" net.technicpack.launcher.LauncherMain
                                                                                                                                                  2⤵
                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                  PID:3064

                                                                                                                                              Network

                                                                                                                                              MITRE ATT&CK Enterprise v6

                                                                                                                                              Replay Monitor

                                                                                                                                              Loading Replay Monitor...

                                                                                                                                              Downloads

                                                                                                                                              • memory/200-242-0x0000000002560000-0x0000000003560000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/980-206-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-203-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-215-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-213-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-212-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-211-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-210-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-209-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-208-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-207-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-214-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-205-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-204-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-216-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-202-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-201-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-200-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-199-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-198-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-197-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-196-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-195-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-194-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-193-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/980-217-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/1120-297-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-312-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-320-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-319-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-318-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-317-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-316-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-315-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-314-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-310-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-311-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/1120-313-0x0000000002750000-0x0000000003750000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/2460-183-0x0000000003020000-0x0000000004020000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/2460-169-0x0000000003020000-0x0000000004020000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/2792-146-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-147-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-145-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-144-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-143-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-142-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-141-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-140-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-139-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-138-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-134-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-137-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-136-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-135-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-133-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-132-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-131-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-130-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-129-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-128-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-127-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-126-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-125-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-124-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-123-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-122-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-121-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-151-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-120-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-148-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-149-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-152-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-150-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-158-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-157-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-156-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-155-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-154-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/2792-153-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                1.6MB

                                                                                                                                              • memory/3064-479-0x0000000002600000-0x0000000003600000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/3064-474-0x0000000002600000-0x0000000003600000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/3064-457-0x0000000002600000-0x0000000003600000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-437-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-422-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-412-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-449-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-454-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-455-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-386-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB

                                                                                                                                              • memory/4604-372-0x0000000002D30000-0x0000000003D30000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                16.0MB