Analysis
-
max time kernel
385s -
max time network
388s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
20-03-2023 20:19
General
-
Target
MultiMC/MultiMC.exe
-
Size
8.8MB
-
MD5
38c782c12952ecaeb3af973a7338790d
-
SHA1
3167c8152fde81d9b3aebbb41d38a607ba5b48b7
-
SHA256
4fc7abd9769e631fe1831b8b0da7b924322b77fee774dba6c5d0ccf6f69242f4
-
SHA512
e72b69bee5cf6ca2c45d8b84f128126dd1c81f03e7dfae4d03e3d906f79bb7e1f9ecad6030e4447783657e59c75017df72f590ca786edcfd2996c88345542a1a
-
SSDEEP
196608:LjeHzMAqhnF5SdEy/vgiBkxqSdXh9NWompJIwFsBEeVgVvV3rABVLVVkNWV+O8VU:OHOer/vAUpyRVgVvV3rABVLVVkNWV+On
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 64 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object 2 TTPs 4 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 3 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 23 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 20 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar2⤵
-
C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar2⤵
-
C:\ProgramData\Oracle\Java\javapath\javaw.exejavaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar2⤵
-
C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -Xms512m -Xmx1024m -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar2⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b4 0x2441⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9af49758,0x7ffe9af49768,0x7ffe9af497782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ff730cd7688,0x7ff730cd7698,0x7ff730cd76a83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2444 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3340 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5204 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1620 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4824 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2440 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5820 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5980 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\JavaSetup8u361.exe"C:\Users\Admin\Downloads\JavaSetup8u361.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\jds240706531.tmp\JavaSetup8u361.exe"C:\Users\Admin\AppData\Local\Temp\jds240706531.tmp\JavaSetup8u361.exe"3⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmp"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\jre1.8.0_361.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmp"4⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 --field-trial-handle=1788,i,14702422515783245927,13167246483335349672,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C5FBAFBAD6EEA90F94BDCBA6BD02DD242⤵
- Loads dropped DLL
-
C:\Program Files (x86)\Java\jre1.8.0_361\installer.exe"C:\Program Files (x86)\Java\jre1.8.0_361\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_361\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F32180361F0}2⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe"C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\ssvagent.exe"C:\Program Files (x86)\Java\jre1.8.0_361\bin\ssvagent.exe" -doHKCUSSVSetup3⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe"C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -permissions -silent3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe"C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe"C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaws.exe" -wait -fix -shortcut -silent3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe"C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre1.8.0_361" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUxLjguMF8zNjFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZTEuOC4wXzM2MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlMS44LjBfMzYxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A80DE56A4E8CF0825DE4C8B332E2FB01 E Global\MSI00002⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 34E6523FCB1505232FAEDF3FE9DBC9672⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B484D159D93D5BFB41FEE78B69680C79 E Global\MSI00002⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E91ECBD3FA9CC5C278344EDE52F7089F2⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E1509E28C68744FDB44578ABE9D1B19E E Global\MSI00002⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e598092.rbsFilesize
710KB
MD5f18de28146e2b0bfa58ee582102f536b
SHA1c7a17d354494befd158c91383aee231e8d4e211a
SHA256365be3085c56c3a44615f8730853a6ad676d23edf3609273728eec1580ba331c
SHA512f598c98e407c6d7eaece3b8fd282cc577b5ad6a9836dc909b6c9ed11801735505c393485f5479a471c1500c3815cef1eafa96e10395f0f72e7522a98493659a0
-
C:\Config.Msi\e598095.rbsFilesize
7KB
MD5ab3962ee2c91bb078522cfacb8ce6555
SHA1ff85df9e241187b3a93d6a845990260b8b31e743
SHA25624f394e7c3c26f9abe082c7cdbc0b3f78862ef75fbd0ead776fab669601dff13
SHA512c67dbcc359bab16c7430a8e56d0956ba262c06a65f8a802b67080451d61f749cbbe6e06cf0fbb8eb0b7f69d0771aebfc232fcc98b6ac9ec5f2242adb76ddc82a
-
C:\Config.Msi\e59809b.rbsFilesize
8KB
MD58da013f3f1db5699292dadc0d05ac059
SHA1687e9661286a2c52ff189b8eb01e8c286e86f416
SHA25628e5202319cf52724f7e4afc547e5d8d4d158c132e0c38521a6871c1b5dbc59b
SHA512a9d713ca6c0884fc8773d7f641955dd8b58924479781a5e1df4e1e9fdd3dd0f5a5defdcabbaf36839e0692bc09ba678ed40e9b2106cb9e4d5554e8d59b7ee3ed
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\client\jvm.dllFilesize
3.8MB
MD59544b9113212187322433e63957facfb
SHA1aa6a5404a745a6c683b055b26eccec151234ee68
SHA2568249bcff9a8d9aa7e580076e2c84147571270eb27c74a7dc8df52a447b123d86
SHA512c65ba9dd79ed41f92515280c9f87b94b5495daafc614b708d62fee2307fe51293c829651db070ca2cfe8eb0122dff013be815c0cf58770bc75eddbc5d2360fc6
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\client\jvm.dllFilesize
3.8MB
MD59544b9113212187322433e63957facfb
SHA1aa6a5404a745a6c683b055b26eccec151234ee68
SHA2568249bcff9a8d9aa7e580076e2c84147571270eb27c74a7dc8df52a447b123d86
SHA512c65ba9dd79ed41f92515280c9f87b94b5495daafc614b708d62fee2307fe51293c829651db070ca2cfe8eb0122dff013be815c0cf58770bc75eddbc5d2360fc6
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\java.dllFilesize
139KB
MD5286bba6f961e7d873d5c84f57cd1118a
SHA1c659530ae34fabc24dc6fb55f37485a8d0bca2d0
SHA2564f068301312fab1d1fd3e3ea0bcd87c4f730f69031337decb343b9ecb5028984
SHA512c03ad585fd3f486448c86831f93118575b3586fac79f55448daa794ba6be95fc2a1595186d6c8b7881303b3cd1226b2eb10b7bdbc59a457384ba1340daabf058
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\javaw.exeFilesize
243KB
MD571ac3db0e1d4363ff8695ca610af1ae4
SHA135ee53d9c6b541f4e9422875fb5a246d975afc85
SHA256fbc762cd79977cee061bc9d2bf19c9687856759afec067121cce58e1cc124d2c
SHA51253a75165d3a4683573f7d16015bda25cbfdabb8981ca8ffd0789105a6cdbf9a02f4e7a71b47efc581c14a90fd54760e4e7dc6e9786abc325a190c945b67cffb8
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\msvcp140.dllFilesize
439KB
MD55ff1fca37c466d6723ec67be93b51442
SHA134cc4e158092083b13d67d6d2bc9e57b798a303b
SHA2565136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062
SHA5124802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\msvcp140.dllFilesize
439KB
MD55ff1fca37c466d6723ec67be93b51442
SHA134cc4e158092083b13d67d6d2bc9e57b798a303b
SHA2565136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062
SHA5124802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\vcruntime140.dllFilesize
78KB
MD5a37ee36b536409056a86f50e67777dd7
SHA11cafa159292aa736fc595fc04e16325b27cd6750
SHA2568934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
SHA5123a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356
-
C:\Program Files (x86)\Java\jre1.8.0_361\bin\vcruntime140.dllFilesize
78KB
MD5a37ee36b536409056a86f50e67777dd7
SHA11cafa159292aa736fc595fc04e16325b27cd6750
SHA2568934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
SHA5123a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356
-
C:\Program Files (x86)\Java\jre1.8.0_361\installer.exeFilesize
853KB
MD587706ed4a1182eba06403297a4e82b54
SHA11dc5a582f3c636ff4b1d584691b79a2efb1bf971
SHA256409b73823b06416f140d1c77214788eb33873ba7ce9be2e012826c52cd3339e3
SHA512796d7df635532a1db788f591ad9226d0e63ce84d306662265d30327536dd1318f91e51663bc0ee7df49569d681c36e802c461cedeccc3826b9f68260a243ac4e
-
C:\Program Files (x86)\Java\jre1.8.0_361\installer.exeFilesize
853KB
MD587706ed4a1182eba06403297a4e82b54
SHA11dc5a582f3c636ff4b1d584691b79a2efb1bf971
SHA256409b73823b06416f140d1c77214788eb33873ba7ce9be2e012826c52cd3339e3
SHA512796d7df635532a1db788f591ad9226d0e63ce84d306662265d30327536dd1318f91e51663bc0ee7df49569d681c36e802c461cedeccc3826b9f68260a243ac4e
-
C:\Program Files (x86)\Java\jre1.8.0_361\lib\i386\jvm.cfgFilesize
623B
MD59aef14a90600cd453c4e472ba83c441f
SHA110c53c9fe9970d41a84cb45c883ea6c386482199
SHA2569e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1
SHA512481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14
-
C:\Program Files (x86)\Java\jre1.8.0_361\lib\rt.jarFilesize
53.2MB
MD532a3259b2753bf46dd1d6db41bfde524
SHA1c4deb978992124134cf71d6b48af8fd3dfab8072
SHA256e37b804af67aee09c8852ee666268970a17b71c3da475b3ffd098236d455367b
SHA5127fd21fe13ce64009a1440f2992ff955f6934cdc5c43914781f0f994c32be9c8da5cae1b73d07355826905eec6a0a0b604163849ff6d3173120a561059b1451c5
-
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.urlFilesize
197B
MD5faded0d5bdcbad42d8f4826cc3c620fd
SHA1c49c34f2d2160297b1c0c71c327180ed52ff673e
SHA256d869d1b0c391cd9ce8f0c633cb8e5731c5073c33f875b32a2a61006a3c1bb24a
SHA512bc60186037724353460a0f7af8b207ccabe64d80aaff796d9ee082c6cb6573ff214dedc22080fdf23664ce79f7604276e1bab746dcf2407a46e40ff38b7119cb
-
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.urlFilesize
188B
MD5684333e26e94b3db4d1971c01f83d030
SHA121d61ea4ab5954241d4fe0c3353f4673be3dfff7
SHA25689321d2dadfbb526104998111361d2207536b7967ea130775389b486cd9b6fce
SHA5120322d1b37a82b155ce9cf432254d47dde2dd74807f759e39c48b321bb68e73ba50dbe3dbef7b2280f5f6858b44a8d177de027b35ff59493e18cc97743b67765f
-
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.urlFilesize
184B
MD5d5f6b5ef01ca2efb13aa9c459803f1ac
SHA1d19c236c2f6706ceb9e062a2b8a79cf6b4c77882
SHA256fdaa401ded2f4633adbec4a95e0eafe083abb5b7f44142c395194f48d461be9d
SHA512f4b115fb9f305df470c8ff01223f1e55b8d72d7f6a03243f8ff99fe4f8ad6426753765758257c71151957ba6800b02ad94f69d93b80449eda2149acef3d99f6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBFilesize
471B
MD5e7b5c306d8e8b17a9119604ca9ba1082
SHA150d3745f357874c9e2ab77067794a60123386111
SHA256bfcfc73e560bfb7a660bbc4b3318692beffb0846bb11e2043ef1a9f7cfb8a374
SHA5128a4cb276d7937ab36b201dca3ecc0c76a16d3389b748038477ca6c22b6c9970e2ba270012e55d406d3afaa9f63901e8ed3a206b8a0b76499f34557a8be4e10bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63Filesize
727B
MD55f84bb4394f7d615747624b5d0aa6077
SHA14ab128bda469ddf18d72016c836c3260a7f22396
SHA256a6c05a082f764ce40b8a0418c9aae66ec81871f6cbf51bad99a12ad3ef7db2fb
SHA512c1b059caddaf1c16cc030015d6af6bdeb13b6c50d8f1214c59d16a1b97b4411a5f67a34b76a40588b34991370b1c76fa216764fd3715ab153b5eca8d33170d4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Filesize
727B
MD56b96fc528c1949cb3da64bc4d11c414e
SHA178c524be8fa97523af6d2b7230ad11305de55170
SHA2569e1228fc879f3b37b26036a3353ce971510c54b002fbf59fc73f07e312300eb9
SHA51266d3dc565f9d9679fdbb2328c5f5685a76b1db1c84f32e6132f3031220f44dc6c31119bb883a8bf106e0030e238aabbd94a325079cf727a9ae9b5925a5b55b38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBFilesize
430B
MD55c5888732e42494a0bb72ea6f281bcbd
SHA1efee60844ce90992c66a72606c9dbf69d3cd5440
SHA256bbac6a16ef2b4e78c2f09a82db228c70c2b1c2d2ec259cdc64d043e4f7b0456c
SHA51251f78519ba4b56e09c44413babd56acf13c7025c4451af87e73e40493eb22d52aeceaa87db5c10530edcea625d186ff6c1bfb0272ee7fe54e4a06b1dcd237726
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_4E75C8005B53AA371E24DB28B7200E63Filesize
434B
MD546a2b7093c41bdb34a4becc710e2772f
SHA140ff4fb9f54b99f9e8764acb3d1e0a689fc90d15
SHA2563cefdde1463376739a30d01fdb500f030634304dc3632c8e2bf6f38c1eb6e421
SHA512e3a60fadfc01ce17a11cde294b7922ca3e3baaad7cb8bb4acc3d28df1769cacb3363f260e4dae79c539ea7bbd2d1bbe10651b8d3cd8098f7496f01bb0d243479
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Filesize
442B
MD5240932731b4f062ec612a073b3f66289
SHA10b574bfd2643f79f0e55c993697557b3017c69bb
SHA2563cc6a9109bc00cd9221aaf2e0ccd6b9ddc136f0d6aa1a86728e021129a394ced
SHA512ddf75a7d53790db5679b8a8ed8d11226bf2e9498f656b6d1313cba5e9804de62ae1a9a9cec90f9d45ea01a76eed51d4f01534c63b66d81be87f037340481cc72
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXEFilesize
142KB
MD53842c46f2fbc7522ef625f1833530804
SHA13615c072ad5bdadba5e5e22e75eefaf7def92312
SHA25617cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA5129adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXEFilesize
142KB
MD53842c46f2fbc7522ef625f1833530804
SHA13615c072ad5bdadba5e5e22e75eefaf7def92312
SHA25617cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA5129adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\LZMA_EXEFilesize
142KB
MD53842c46f2fbc7522ef625f1833530804
SHA13615c072ad5bdadba5e5e22e75eefaf7def92312
SHA25617cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA5129adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\au.msiFilesize
843KB
MD5c95a831719a0a8659911c2d961a9e425
SHA184e5db605edecd9976f2a7d45b00c2c5deabe11d
SHA256bb5d1befb8970ee28066d13727056d54e0ee624564556757c26c75d6faafcc9d
SHA512073f2e9ce88f18ddf6d5e9d1d47a142b68a4935d73854580ca6d5b619473632965051e398bf5485ff0664d2caf2ed13d4260ab64428c7ea2cce78983feed3069
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\au.msiFilesize
843KB
MD5c95a831719a0a8659911c2d961a9e425
SHA184e5db605edecd9976f2a7d45b00c2c5deabe11d
SHA256bb5d1befb8970ee28066d13727056d54e0ee624564556757c26c75d6faafcc9d
SHA512073f2e9ce88f18ddf6d5e9d1d47a142b68a4935d73854580ca6d5b619473632965051e398bf5485ff0664d2caf2ed13d4260ab64428c7ea2cce78983feed3069
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\jre1.8.0_361.msiFilesize
52.6MB
MD51aa57a5a04ec43b25937efa2a3f0f0ad
SHA16121bef34c9c603e8b03140c05e0418096ac7bb6
SHA25666a697fe354addb90ae4e3c6b617f9ca0e5a65a439435f674e3f6d8c7db85b6b
SHA5121461ff7fc5d3a1e3fff20bd42324f0dc6f82bbdb9d35cc425535449a0f8e346599c4012802f0a801cce243eea4d878e6430a02db5b24fe6cc99b24cdad31c4e8
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\jre1.8.0_361.msiFilesize
52.6MB
MD51aa57a5a04ec43b25937efa2a3f0f0ad
SHA16121bef34c9c603e8b03140c05e0418096ac7bb6
SHA25666a697fe354addb90ae4e3c6b617f9ca0e5a65a439435f674e3f6d8c7db85b6b
SHA5121461ff7fc5d3a1e3fff20bd42324f0dc6f82bbdb9d35cc425535449a0f8e346599c4012802f0a801cce243eea4d878e6430a02db5b24fe6cc99b24cdad31c4e8
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmpFilesize
1016KB
MD5459a51b2e65d53e4e568215e77317cc5
SHA1f2308f14d1033f79a1d10b392520cb2459b0e737
SHA2569da5f7bb7d99c3b8d5c9100a0573e928f48452319989ab026af5fcff1119a5d9
SHA5127e3b8cb97c4c61eb147473d62dc163205ecd85235e6c711b39c4a76b06e8cee7d70f2594e0710df90e1b949c4bdb442a759912afeb72c6b4f0a34750daf17886
-
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_361\msi.tmpFilesize
53.5MB
MD5c760bc95af603fec0c41cafd82498a5d
SHA16bed421c5268fcd02f3d9439a314fffd84b29235
SHA256c93f2de2ed4d5420671f5d5ba858b841683183aba9248f9890c4b277c39d2995
SHA512cc9324416d98cd4ca1ec6e607e684336964d74da5f29f3d56d82b56ac0fe225c1420fbe08f9a559bf80307ea740e9140154f136aa9d3bc473baf60d736b7fd52
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06500427-e888-469f-a315-f001309d4b81.tmpFilesize
7KB
MD58ed92155b478e2b812a98b6170444bd7
SHA1e97692edf8f95561741d5b3be2ad57820bdcdc83
SHA2569854f70dda2c223caa5b389a9f467d5bcbe2c1cef83621c674bd7041780b7f99
SHA5122a4c401bf2240ec4ad8fe99777b738746f5424934a6aabea8abde5372c81042fb0a38c0d80697369205ee176b874d7c4065e17b144453f6bca6f71332f330409
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
864B
MD56337c45ef0d7d52d0ba50e5877e31666
SHA1cea3410511612d41d39ab5693b8e65d6848fcc04
SHA2560edc287c2852a8316e5647aaba714951002ce29fbdf671a23e79564225cc4f28
SHA512410afdcf390afa50605401453b9df0edffa299ad04d373bad8e160e70a69e3e943394c5cefa067fad2b3745fdd41d703f8a14e6f61b072c78925bb0d25b39caf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5cb4105659154f10cdf64f6ca74f5319f
SHA129db12f70cf55a91bee0a41fdf1f33a83e88794e
SHA25677ad0d359112e603be67ebdba9f8b3e3a67e6067eae1099ee1b24203034e0bbf
SHA5122482c97a6ad9da549aab37eecd9502815cebf77507f88a7c076eb076d987e9eb58220fd982a4e6a91304920db9993e9fabb1917528d97e0910d328ab0bfb8068
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD55a7d6fe96e890cb3adfc1246aab92f3f
SHA12583e7939b15dbaacbf0c7520c65d94a54b24246
SHA2561bf9ee9238120664abd6386353d28b2587e034e95e5a30430c03bb32dcc42dc7
SHA51290dbe3413b0e4af4033e3af172d9ef6be8abb1c355869deb283594d0bddaab3314186c039471fff9ac7260801bee88ff31f3717a9a08644c0912d972cd3d1797
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD529a261058e340d92b18fb5833d3a9556
SHA1a4232aeada049693ce9f3db53e547f8639d05182
SHA2562bd5a4eb26cba367da89a373e56b3766c06d2d68ab2cec0c4f8d235e4dff7e95
SHA512d6b6acd9e8fea56c3cd152a8a062edb42fa23e60f1be61d7bc719e31a7cdd409b8fe0fa8909a23cfba7ebca6d3481e13e23593acf80c98921a0e37159ff82d2f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD58651929657bb58cc06fcf26f3a57d761
SHA1d7c7f9ce2b0cbda7408107218f82def69e82f72f
SHA256aaec03a5f5e0c2471f1058c43f6d4f7b2b4f14782ea0c82809bdbd5ff92eecbc
SHA5129bb9baa1640116121311e8fb4a2138fcd5452c318fb50235a1b967ff96b8df78b33016faa1b10f660d11d150d82ad5c8a15a48598fd3f31644c1c339f65042e0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a64e74a0f100b63e69cc111dff682523
SHA1cd8930e93c18f2d7b34cd5454b0569fec32d1c4f
SHA25685c12b25872f6ba13273b5e2dccc347249eed16e1967a192f4be152797d20b41
SHA512cecf2c342881526efd136155c12a855582175474b14c47254630eb8919e1fd098125edc45cbe5da2740e560ecf59e8e943578ebf6e8444ba7dbcd9a65315bbe3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5e61ab5ae1e58ec4d107227061adbb4e5
SHA18eb626edd06e743e1e17a0a678f2a9cf20a968be
SHA256c6fc167146208d8bd7789b450d266dc60e65c086abbe628a4a2fbd60090caf9e
SHA5129cb9e53dd5758de00371eb01ae62fa0ac84d63948eddad98b5c389c217daeff6afd1bdddffd544c23066a9b75bf1e4edfeda8846bc37109f31944b23097c85e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5117ebc2283f086b16a94e6ff02cd1f73
SHA1b3dbdb59a7c6b00c10e49ff49ffa9ffb142931b9
SHA2562c4fb726cfd52ce4b08c9a247f3630d1e2faead603b9d1e2d4835b5b480a2e8c
SHA512db8e53fb89b2e132bf861bc21f114b5ed5e428dfe7c8d95852066dd18b8ff628563902c465200f3d300023876c902e27613bac21ecc6f842d72a2c0de23b8bc5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5dab1ca42e215837659849b084f605a63
SHA19a4d155bc0b93feedf0815f4d2a4e879f52f193e
SHA2565158af8252008f03fd9cc40df0464da1b32df315489d77a5286a8a701c30dcc1
SHA5129133697b0058f72b03a0082f18234ac247d645a1fe9ea3496f9abb9ce65353d00f3f194a40d81d8519fb014390789d8dafc1f0f9572aa48a2d58ee56cd76c581
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD52abad261dc8f1641af57ac3079a6cec7
SHA1d2fc59a8c8a3313bdb8ba170d4eac8d48d67b07e
SHA256e24b4a0cdad6f730778ce6396a78ec52dfb194053bec0a05342f84a9a29dd65a
SHA512bf237e7c9279c25c4b798fa287d7a3d082ed82b8c0ef4d01ca59f009415bdaf512e2f838c4433873d81a6dcb9b1f3e2a20159e863e96de491107544c90dc0bbb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5ce32ac82f186d1f93c8af6e32a927711
SHA129e3443b6a97960769ab7d902eb6b62fad0d09bd
SHA2566330bafd6e7a664ac7043c976b6f3277dbad3f6be0c60c1251c3bf4ca778fbed
SHA5123e9c038355a2663c14d2ecb4f1ca02c833c5091aaaccadc05b03ed122dbac290949c94335a6aea11cd4562aa471b9f2e64dd50b761a13ebae42bbe730e87645a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
144KB
MD5be5c665ae3c8d383f9933de1962bf440
SHA14d4b341950e273628e87d7ef2e3bedec6c9b6dbe
SHA2566162738c0d653f349d7cd94a26dfdb9f3180fd94a9ec19938d85b2f8914f2f04
SHA512dfaa98466271023e156ce8abc414bb50d89e5ba3f319bb2857eda74bb1eec4a0f697becd33598eeff77dfbfccd324c490e3214e6fe0de5486cbee590689c922c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
144KB
MD59d1d6490c68f3272bfa47fc41479dde9
SHA1d0746943f46ba6eced3c92469d0c06b1cb486531
SHA25612665c6fa92061fb7bdd6f110a72953108cfe5c90892131fd66d03d8787a56ce
SHA5129ed18e163f9197afc9d1808df48056f381b8d029da78246fb511072567291092c282da46ada9ab0a95aa443e02a12512ed9eab8216409e26721534ad7675ef35
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
101KB
MD51b31e73b56a1754cf64b07e4986a294c
SHA15027185954a22090c497e356a13a65f8513ea25a
SHA25685f245bda0f9c916d565fda2bfb545e883ff7acc4bb08208aa91de808bc0aba4
SHA51201e41a8016201d9cafe6e8a7892bde2353b0ca8a71dba39ed5911397949ad4de99680047d501b63e03c3baafb82c41736b9950833caad3d37cf95e99d97a7b0f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
113KB
MD5dd3dc313ef0d11619e8342af91a20327
SHA142ce6d300480d31a2873eab63bf9c010aca3435c
SHA256a583f57877d31f86554bbb4cab1582a425f1d1f381a33e07737b881ec3008d57
SHA512b04387ba6c19bd5fe8a14a3e63d71fc8fbdf8623b72144d30945be793081bfadebfc212147c79c26eaaa0dafea2e87403c9509ab595006841a3d03ea14ce8079
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589eeb.TMPFilesize
97KB
MD557c65d3b0b3850c40bf0ce25dba4d48e
SHA1c3a23da913db043ba41825951642d79af4307bb4
SHA25617152eab7b35412cc523e62809f23735dd4d51d276212a0f3257bb139790705e
SHA512b9c458726e2fd4078c5369290fd3dfae68bde6c1597c9ee33f0284305006a909ef87f4b82f4e15ab79ddc02a39519393f9edd6efe4025edb91e0b989312b5df6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\MultiMC\translations\index_v2.jsonFilesize
15KB
MD54d18ce01732ff1fe8305af3d74e6cb41
SHA143437da4cbc9e0e6adbc88a76e75721963c07d3b
SHA256284159c2183faff37ff5659330ea42e31acc1ab105f68f9efb5faffc83ca98fe
SHA512d2e9466bfeb76eb46d9d1cd144ef04c3f51512bf92b2f15d3d62344e90beeabc5b117a5afbcac860cfd4910e66f8716f59a68837bcd125851a15d548bff122af
-
C:\Users\Admin\AppData\Local\Temp\jds240706531.tmp\JavaSetup8u361.exeFilesize
1.9MB
MD5442dcacd62016db76c61af770301626f
SHA11ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a
SHA2568aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7
SHA5123c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9
-
C:\Users\Admin\AppData\Local\Temp\jds240706531.tmp\JavaSetup8u361.exeFilesize
1.9MB
MD5442dcacd62016db76c61af770301626f
SHA11ef7a54bb0fb6395b271d88e4d87e7ac3b76e58a
SHA2568aa49738b3efd4a2e2b3d71991c209db46e082e1739de43147041f9af2a7fff7
SHA5123c21efe1f3422107bddc48d0edd842924dfdf6682b1e81ace83aa992ba49e224d45fd0fc6a73be9de6806effe71d8a1908f550c8b1cf520df4972c252b721bf9
-
C:\Users\Admin\AppData\Local\Temp\jusched.logFilesize
299KB
MD5b3a6cf175477e70b4417ed6b68a85e14
SHA1ffe7616732a8a627c0c429f2fbb24a0d82d0486f
SHA2561063cf8833b3cf2a8435e4d232231df0006243977a39412c01f7195f43b521ad
SHA512ae2f1de742a0e0a777ac6cd590d9a67c8c55e1affea625d437ac9396a9bbfe612e1cdfd789339009bea4bd8dbe7124b4d05751371c28e13bdd0cd8352a6da545
-
C:\Users\Admin\AppData\Local\Temp\jusched.logFilesize
318KB
MD5b7e1a4ef0c0dec3f912f0e40a0defe06
SHA168dd79a6333edf124ad4152a44d842453e58bfa3
SHA2567928d8a1ad59237790845e89412d83fdd133e289616e220b9884c766f4355f83
SHA512c00c27bdc72cbdc672d66600100ec675839c8fc15433113758f7a921fcc50b66e8901e097b3086270234f91a2a70059004f3b8112789c31e9a9eefa26d3b1eab
-
C:\Users\Admin\AppData\Local\Temp\jusched.logFilesize
267KB
MD5882810db10cc3636f3ed3715a690e4c9
SHA1bdf8c084b84c7427582e77bdfa009fab930efd86
SHA256feacb8a243344781c300093dafdb46a1bc138bf9b11822379d1c7c3fb9a1d4f1
SHA512bdf918dff60b15d7c99fb8e1d2c7ddb4369f5b8b82c541bddc7426268b3db816ac752f7e90983c5a830befe31ae0b491d39d4ef86932121d4ee912219b106a27
-
C:\Users\Admin\AppData\Local\Temp\jusched.logFilesize
268KB
MD5b81a314799d7e1fa28b601201c010fef
SHA1791e4a68c3981928bfc2a6327b565478ae674acb
SHA2566b507f4cb13ccc10c67616f068d87d9253076abb99936a144c7c9f9e27af03ed
SHA5129dd160c556e77a6e92103aa24107521adfc02db61a454654f509c5fc8f4fcfc6b2672355e414f00120148506921a9bd5a39c5ddc232d6f0742d86b0efd9dcdd6
-
C:\Users\Admin\Downloads\JavaSetup8u361.exeFilesize
2.2MB
MD5d3809baddaf7b1e7d94484160043328b
SHA1e1979f5248d3b20858b11386ce22b1ccb0a9bfb5
SHA256e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079
SHA51296350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6
-
C:\Users\Admin\Downloads\JavaSetup8u361.exeFilesize
2.2MB
MD5d3809baddaf7b1e7d94484160043328b
SHA1e1979f5248d3b20858b11386ce22b1ccb0a9bfb5
SHA256e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079
SHA51296350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6
-
C:\Users\Admin\Downloads\Unconfirmed 83114.crdownloadFilesize
2.2MB
MD5d3809baddaf7b1e7d94484160043328b
SHA1e1979f5248d3b20858b11386ce22b1ccb0a9bfb5
SHA256e28f198ca200445ab45dd4e94d49993ad1a9a21548908ca9c09ade6419c2e079
SHA51296350ef6c81a1bc7d3c6b29c2a66ffaa1cf4f86172d3f52d39bcbf3886da41208b75cfe16bbf4ea23e04b2e0616637083eeacdefb8c0edc3ce6d0f2f89f881c6
-
C:\Windows\Installer\MSI8524.tmpFilesize
602KB
MD5dbaf31f37c583df88814c6edbfe7f884
SHA1dc3b941933ebe79301b8a2949316c8bb47e27ccd
SHA25632ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca
SHA5126303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb
-
C:\Windows\Installer\MSI8524.tmpFilesize
602KB
MD5dbaf31f37c583df88814c6edbfe7f884
SHA1dc3b941933ebe79301b8a2949316c8bb47e27ccd
SHA25632ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca
SHA5126303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb
-
C:\Windows\Installer\MSI85B4.tmpFilesize
198KB
MD5c7018628101e1bb69437b4ab2f6b7465
SHA1e185b2a7685490f74e11e794bf8e54bd9b21e295
SHA2568c33499755edda822c1ed58354f0353134707f143ea0290758510781e515c8d8
SHA512374f90ca6ae78e784967f314715cd282ea49332de1c1a59b3ed27389799f84eaae8ed9950a0b67ccc383c1ff872984114c2d43538cc39b50e9646e958dbf95f4
-
C:\Windows\Installer\MSI8842.tmpFilesize
602KB
MD5dbaf31f37c583df88814c6edbfe7f884
SHA1dc3b941933ebe79301b8a2949316c8bb47e27ccd
SHA25632ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca
SHA5126303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb
-
C:\Windows\Installer\MSI8842.tmpFilesize
602KB
MD5dbaf31f37c583df88814c6edbfe7f884
SHA1dc3b941933ebe79301b8a2949316c8bb47e27ccd
SHA25632ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca
SHA5126303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb
-
C:\Windows\Installer\MSI8B22.tmpFilesize
602KB
MD5dbaf31f37c583df88814c6edbfe7f884
SHA1dc3b941933ebe79301b8a2949316c8bb47e27ccd
SHA25632ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca
SHA5126303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb
-
C:\Windows\Installer\MSI8B22.tmpFilesize
602KB
MD5dbaf31f37c583df88814c6edbfe7f884
SHA1dc3b941933ebe79301b8a2949316c8bb47e27ccd
SHA25632ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca
SHA5126303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb
-
C:\Windows\Installer\MSI8B22.tmpFilesize
602KB
MD5dbaf31f37c583df88814c6edbfe7f884
SHA1dc3b941933ebe79301b8a2949316c8bb47e27ccd
SHA25632ce5f4ea52b3c172a91df18d15bc75b57fc229ede28f408d13d74f50786eeca
SHA5126303a7bcb88819898cb170a872e10986889382053a91f369c2a77efd0c5970310ef0512ac3ed46d38004e4381c7e191943ff266d7d9a45694923462e869773cb
-
C:\Windows\Installer\e598093.msiFilesize
53.5MB
MD5c760bc95af603fec0c41cafd82498a5d
SHA16bed421c5268fcd02f3d9439a314fffd84b29235
SHA256c93f2de2ed4d5420671f5d5ba858b841683183aba9248f9890c4b277c39d2995
SHA512cc9324416d98cd4ca1ec6e607e684336964d74da5f29f3d56d82b56ac0fe225c1420fbe08f9a559bf80307ea740e9140154f136aa9d3bc473baf60d736b7fd52
-
C:\Windows\Installer\e598093.msiFilesize
53.5MB
MD5c760bc95af603fec0c41cafd82498a5d
SHA16bed421c5268fcd02f3d9439a314fffd84b29235
SHA256c93f2de2ed4d5420671f5d5ba858b841683183aba9248f9890c4b277c39d2995
SHA512cc9324416d98cd4ca1ec6e607e684336964d74da5f29f3d56d82b56ac0fe225c1420fbe08f9a559bf80307ea740e9140154f136aa9d3bc473baf60d736b7fd52
-
C:\Windows\Installer\e59809c.msiFilesize
1016KB
MD5459a51b2e65d53e4e568215e77317cc5
SHA1f2308f14d1033f79a1d10b392520cb2459b0e737
SHA2569da5f7bb7d99c3b8d5c9100a0573e928f48452319989ab026af5fcff1119a5d9
SHA5127e3b8cb97c4c61eb147473d62dc163205ecd85235e6c711b39c4a76b06e8cee7d70f2594e0710df90e1b949c4bdb442a759912afeb72c6b4f0a34750daf17886
-
\??\PIPE\wkssvcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_3420_UWMBVODKIUBFMIGNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3888-163-0x000000006E940000-0x000000006E964000-memory.dmpFilesize
144KB
-
memory/3888-160-0x0000000069700000-0x0000000069894000-memory.dmpFilesize
1.6MB
-
memory/3888-170-0x000000006E600000-0x000000006E674000-memory.dmpFilesize
464KB
-
memory/3888-171-0x0000000005420000-0x0000000005632000-memory.dmpFilesize
2.1MB
-
memory/3888-133-0x0000000001490000-0x0000000001A05000-memory.dmpFilesize
5.5MB
-
memory/3888-198-0x0000000068880000-0x0000000068DAF000-memory.dmpFilesize
5.2MB
-
memory/3888-169-0x000000006A880000-0x000000006A9F6000-memory.dmpFilesize
1.5MB
-
memory/3888-168-0x0000000000CC0000-0x0000000000CCC000-memory.dmpFilesize
48KB
-
memory/3888-167-0x0000000001490000-0x0000000001A05000-memory.dmpFilesize
5.5MB
-
memory/3888-166-0x0000000064940000-0x0000000064954000-memory.dmpFilesize
80KB
-
memory/3888-165-0x0000000061DC0000-0x0000000062404000-memory.dmpFilesize
6.3MB
-
memory/3888-164-0x000000006FC40000-0x000000006FD41000-memory.dmpFilesize
1.0MB
-
memory/3888-201-0x0000000061DC0000-0x0000000062404000-memory.dmpFilesize
6.3MB
-
memory/3888-162-0x0000000068880000-0x0000000068DAF000-memory.dmpFilesize
5.2MB
-
memory/3888-161-0x0000000066C00000-0x0000000066C3E000-memory.dmpFilesize
248KB
-
memory/3888-180-0x0000000068880000-0x0000000068DAF000-memory.dmpFilesize
5.2MB
-
memory/3888-158-0x0000000063400000-0x0000000063415000-memory.dmpFilesize
84KB
-
memory/3888-159-0x0000000061B80000-0x0000000061B98000-memory.dmpFilesize
96KB
-
memory/3888-157-0x000000006C8C0000-0x000000006C8FF000-memory.dmpFilesize
252KB
-
memory/3888-156-0x0000000061740000-0x0000000061771000-memory.dmpFilesize
196KB
-
memory/3888-155-0x0000000070940000-0x000000007095C000-memory.dmpFilesize
112KB
-
memory/3888-154-0x0000000000400000-0x0000000000A1E000-memory.dmpFilesize
6.1MB
-
memory/3888-149-0x0000000005420000-0x0000000005632000-memory.dmpFilesize
2.1MB
-
memory/3888-139-0x0000000000400000-0x0000000000A1E000-memory.dmpFilesize
6.1MB
-
memory/3888-138-0x000000006C8C0000-0x000000006C8FF000-memory.dmpFilesize
252KB
-
memory/3888-137-0x0000000061740000-0x0000000061771000-memory.dmpFilesize
196KB
-
memory/3888-203-0x0000000001490000-0x0000000001A05000-memory.dmpFilesize
5.5MB
-
memory/3888-136-0x0000000070940000-0x000000007095C000-memory.dmpFilesize
112KB
-
memory/3888-135-0x0000000001490000-0x0000000001A05000-memory.dmpFilesize
5.5MB
-
memory/3888-2391-0x00000000048F0000-0x0000000004900000-memory.dmpFilesize
64KB