hxxps://minecrafttitanlauncher[.]com

Resubmissions

04/06/2023, 18:46

230604-xel6zadb42 4

04/06/2023, 18:33

230604-w7gxaada99 7

Analysis

max time kernel
368s
max time network
524s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2023, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://minecrafttitanlauncher.com

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 11 IoCs

pid	Process
4396	javaw.exe
4296	Minecraft Titan Launcher 3.8.4.exe
4132	javaw.exe
3236	javaw.exe
4664	Minecraft Titan Launcher 3.8.4.exe
396	javaw.exe
5680	javaw.exe
1200	Minecraft Titan Launcher 3.8.4.exe
1140	javaw.exe
5988	javaw.exe
5476	Minecraft Titan Launcher 3.8.4.exe

Loads dropped DLL 64 IoCs

pid	Process
3160	MsiExec.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4132	javaw.exe
4132	javaw.exe
4132	javaw.exe
4132	javaw.exe
4132	javaw.exe
4132	javaw.exe
4132	javaw.exe
4132	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
396	javaw.exe
396	javaw.exe
396	javaw.exe
396	javaw.exe
3236	javaw.exe
396	javaw.exe
396	javaw.exe
396	javaw.exe
396	javaw.exe
3236	javaw.exe
3236	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
1140	javaw.exe
1140	javaw.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\lib\ct.sym	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\dt_socket.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.scripting\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\jdk.jshell.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\lib\fontconfig.bfc	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\api-ms-win-core-timezone-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.base\unicode.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\jdk.javadoc.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.base\c-libutl.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.scripting.nashorn.shell\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\j2gss.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.compiler\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.internal.ed\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\jdk.net.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.internal.opt\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\jdk.internal.vm.compiler.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\include\jvmti.h	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.internal.opt\jopt-simple.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.base\icu.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\api-ms-win-core-heap-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.jlink\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\api-ms-win-core-file-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\include\win32\bridge\AccessBridgeCalls.h	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\jhsdb.exe	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\api-ms-win-core-interlocked-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.internal.opt\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\jdk.zipfs.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\lcms.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.jstatd\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.internal.jvmstat\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.desktop\colorimaging.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.javadoc\jqueryUI.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\nio.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.desktop\giflib.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.jdwp.agent\ASSEMBLY_EXCEPTION	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\jcmd.exe	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.smartcardio\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\include\classfile_constants.h	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.charsets\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\conf\management\jmxremote.password.template	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.naming.ldap\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.crypto.ec\ASSEMBLY_EXCEPTION	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.base\zlib.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\conf\security\policy\unlimited\default_US_export.policy	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\java.compiler.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.jconsole\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.jdi\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\jdk.editpad.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.httpserver\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\harfbuzz.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\jmods\jdk.localedata.jmod	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.compiler\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\api-ms-win-core-handle-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.base\cldr.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.crypto.mscapi\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\le.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\lib\server\Xusage.txt	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.localedata\thaidict.md	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.unsupported.desktop\LICENSE	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.jlink\ADDITIONAL_LICENSE_INFO	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\api-ms-win-core-localization-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\api-ms-win-crt-locale-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.naming.dns\ASSEMBLY_EXCEPTION	msiexec.exe
File created	C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.pack\ASSEMBLY_EXCEPTION	msiexec.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e5933e9.msi	msiexec.exe
File created	C:\Windows\Installer\e5933e7.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{ECB70B02-AFF1-4F37-B2DD-F22C3EF186ED}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI45CA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5933e7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI37DF.tmp	msiexec.exe
File created	C:\Windows\Installer\{ECB70B02-AFF1-4F37-B2DD-F22C3EF186ED}\logo.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{ECB70B02-AFF1-4F37-B2DD-F22C3EF186ED}\logo.ico	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000036d9561f42561000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000036d95610000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900036d9561000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000036d956100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000036d956100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe

Modifies registry class 39 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\PackageCode = "531FCE8C51D09714F997E9C793B6A2CD"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{66EC0F28-6D92-41AC-A5E5-68D9240DABF5}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Eclipse Foundation.jarfile\shell\open\command	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Eclipse Foundation.jarfile\shell\open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20B07BCE1FFA73F42BDD2FC2E31F68DE\FeatureMain	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Eclipse Foundation.jarfile\shell\open\command\ = "\"C:\\Program Files\\Eclipse Foundation\\jdk-11.0.12.7-hotspot\\bin\\javaw.exe\" -jar \"%1\" %*"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20B07BCE1FFA73F42BDD2FC2E31F68DE\FeatureJavaHome = "\x06FeatureMain"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.jar	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Eclipse Foundation.jarfile	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Eclipse Foundation.jarfile\shell	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\Version = "184549388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	powershell.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20B07BCE1FFA73F42BDD2FC2E31F68DE\FeatureOracleJavaSoft = "\x06FeatureMain"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\SourceList\PackageName = "OpenJDK11U-jdk_x64_windows_hotspot_11.0.12_7.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20B07BCE1FFA73F42BDD2FC2E31F68DE\FeatureEnvironment = "FeatureMain"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20B07BCE1FFA73F42BDD2FC2E31F68DE\FeatureJarFileRunWith = "FeatureMain"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8BA220227D6C02FE4344F3FD59340EA0\20B07BCE1FFA73F42BDD2FC2E31F68DE	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8BA220227D6C02FE4344F3FD59340EA0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\ProductIcon = "C:\\Windows\\Installer\\{ECB70B02-AFF1-4F37-B2DD-F22C3EF186ED}\\logo.ico"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.jar\ = "Eclipse Foundation.jarfile"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\ProductName = "Eclipse Temurin JDK with Hotspot 11.0.12+7 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\20B07BCE1FFA73F42BDD2FC2E31F68DE\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.jar\Content Type = "application/java-archive"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\20B07BCE1FFA73F42BDD2FC2E31F68DE	msiexec.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 630824.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1596	powershell.exe
1596	powershell.exe
3984	msedge.exe
3984	msedge.exe
4516	msedge.exe
4516	msedge.exe
4712	identity_helper.exe
4712	identity_helper.exe
336	msedge.exe
336	msedge.exe
5436	msedge.exe
5436	msedge.exe
5436	msedge.exe
5436	msedge.exe
4560	msedge.exe
4560	msedge.exe
6012	msiexec.exe
6012	msiexec.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1596	powershell.exe
Token: SeShutdownPrivilege	1392	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1392	msiexec.exe
Token: SeSecurityPrivilege	6012	msiexec.exe
Token: SeCreateTokenPrivilege	1392	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1392	msiexec.exe
Token: SeLockMemoryPrivilege	1392	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1392	msiexec.exe
Token: SeMachineAccountPrivilege	1392	msiexec.exe
Token: SeTcbPrivilege	1392	msiexec.exe
Token: SeSecurityPrivilege	1392	msiexec.exe
Token: SeTakeOwnershipPrivilege	1392	msiexec.exe
Token: SeLoadDriverPrivilege	1392	msiexec.exe
Token: SeSystemProfilePrivilege	1392	msiexec.exe
Token: SeSystemtimePrivilege	1392	msiexec.exe
Token: SeProfSingleProcessPrivilege	1392	msiexec.exe
Token: SeIncBasePriorityPrivilege	1392	msiexec.exe
Token: SeCreatePagefilePrivilege	1392	msiexec.exe
Token: SeCreatePermanentPrivilege	1392	msiexec.exe
Token: SeBackupPrivilege	1392	msiexec.exe
Token: SeRestorePrivilege	1392	msiexec.exe
Token: SeShutdownPrivilege	1392	msiexec.exe
Token: SeDebugPrivilege	1392	msiexec.exe
Token: SeAuditPrivilege	1392	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1392	msiexec.exe
Token: SeChangeNotifyPrivilege	1392	msiexec.exe
Token: SeRemoteShutdownPrivilege	1392	msiexec.exe
Token: SeUndockPrivilege	1392	msiexec.exe
Token: SeSyncAgentPrivilege	1392	msiexec.exe
Token: SeEnableDelegationPrivilege	1392	msiexec.exe
Token: SeManageVolumePrivilege	1392	msiexec.exe
Token: SeImpersonatePrivilege	1392	msiexec.exe
Token: SeCreateGlobalPrivilege	1392	msiexec.exe
Token: SeBackupPrivilege	3788	vssvc.exe
Token: SeRestorePrivilege	3788	vssvc.exe
Token: SeAuditPrivilege	3788	vssvc.exe
Token: SeBackupPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeBackupPrivilege	2408	srtasks.exe
Token: SeRestorePrivilege	2408	srtasks.exe
Token: SeSecurityPrivilege	2408	srtasks.exe
Token: SeTakeOwnershipPrivilege	2408	srtasks.exe
Token: SeBackupPrivilege	2408	srtasks.exe
Token: SeRestorePrivilege	2408	srtasks.exe
Token: SeSecurityPrivilege	2408	srtasks.exe
Token: SeTakeOwnershipPrivilege	2408	srtasks.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe
Token: SeRestorePrivilege	6012	msiexec.exe
Token: SeTakeOwnershipPrivilege	6012	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
1392	msiexec.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe
5452	taskmgr.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4396	javaw.exe
4816	OpenWith.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
3236	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe
5680	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 3988	4516	msedge.exe	85
PID 4516 wrote to memory of 3988	4516	msedge.exe	85
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 4216	4516	msedge.exe	86
PID 4516 wrote to memory of 3984	4516	msedge.exe	87
PID 4516 wrote to memory of 3984	4516	msedge.exe	87
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88
PID 4516 wrote to memory of 5060	4516	msedge.exe	88

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://minecrafttitanlauncher.com
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://minecrafttitanlauncher.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffcaf5846f8,0x7ffcaf584708,0x7ffcaf584718
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7b9165460,0x7ff7b9165470,0x7ff7b9165480
    3⤵
    PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17340166342090152982,11326179698397379067,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:1704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3576

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\OpenJDK11U-jdk_x64_windows_hotspot_11.0.12_7.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1392

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6012
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2408
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5C864344FC85CBE7DFBD4D1378F29FEB
  2⤵
  - Loads dropped DLL
  PID:3160

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3788

C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe
"C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
1⤵
PID:3308
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4396
- - C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe
    "C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe" --force
    3⤵
    - Executes dropped EXE
    PID:4296
  - - C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
      "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:4132
  - - C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
      "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe" --force
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:3236

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:3056

C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe
"C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
1⤵
- Executes dropped EXE
PID:4664
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:396
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:5680

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5452

C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe
"C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
1⤵
- Executes dropped EXE
PID:1200
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:1140
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
  2⤵
  - Executes dropped EXE
  PID:5988

C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe
"C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
1⤵
- Executes dropped EXE
PID:5476
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -version
  2⤵
  PID:3992
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -Xms256m -Xmx512m -jar "C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
  2⤵
  PID:4764

C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe
"C:\Users\Admin\Downloads\Minecraft Titan Launcher 3.8.4\Minecraft Titan Launcher 3.8.4.exe"
1⤵
PID:5232
- C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe
  "C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe" -version
  2⤵
  PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:5528

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5933e8.rbs

Filesize
144KB

MD5
6da1b18a2fe500bdb1bea559e3f5185f

SHA1
b9be0de49204d1a96a348ce64f4540866a88fcd4

SHA256
3dfa9b4f3830e113b7ab956cf34181a1d1bd12db5837faaeef45460a44eae906

SHA512
76a29c761e49ee481c931989643f2afb2ff8d013bd88e398f2534876e7c74c99029d5036712dea53a341199a616835fce1446cfec9ffc0e15294ae82352c32d5

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\VCRUNTIME140.dll

Filesize
76KB

MD5
8a422ed5f8e3a1c9fe4ac9c7a5517438

SHA1
453a09f72d98e7b9015c95e46b2318b2df2e9ff3

SHA256
a59a8bd2d92e148d30809b8c280a33e2a5e183d2332f2a4d2ea56a34c6fb96f5

SHA512
c8dd03da66acb4add99ba63ba8fd80725de3368898caffd4fb0e65a27c76643f40ccf2301bd236ed4a9ea86bee514e5ac76837e2c8215d04f57bf0a84890d2f9

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\java.dll

Filesize
151KB

MD5
297bac81411ca9ac8c722350e2400d5c

SHA1
4124c45c8eb14032aaead4ea005e036b48c833d4

SHA256
43dabe6cf8fd4e9c187def41a5ca24ade0d2f863c82de8675e719fc6120c4594

SHA512
eb18157a57eb605cb09e3674ecbeabeb8edc5a1e959a72c3e56ab2bf5d574608e24091e1718a706a71053ac6db1f0cebfea270ed957300def8dc3b069b0254f2

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\java.dll

Filesize
151KB

MD5
297bac81411ca9ac8c722350e2400d5c

SHA1
4124c45c8eb14032aaead4ea005e036b48c833d4

SHA256
43dabe6cf8fd4e9c187def41a5ca24ade0d2f863c82de8675e719fc6120c4594

SHA512
eb18157a57eb605cb09e3674ecbeabeb8edc5a1e959a72c3e56ab2bf5d574608e24091e1718a706a71053ac6db1f0cebfea270ed957300def8dc3b069b0254f2

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe

Filesize
46KB

MD5
ec71bd9e32685d742748df14aa79a50d

SHA1
7c15b4b077b4f81b4fe6074cfeb3d03308bcd54a

SHA256
fd1640953e1b46a3a0bd7a7495107bd0aa638a39fa54dea42bbf59ee738468e6

SHA512
9c1722b184c6bf101ff7ea6e3f8184f68c9a6e22a0a113096ec7daa19443f4e35c2d7c54833053942e86f787087b7c18907d85167595323c2968b9506cb2a9e5

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\javaw.exe

Filesize
46KB

MD5
ec71bd9e32685d742748df14aa79a50d

SHA1
7c15b4b077b4f81b4fe6074cfeb3d03308bcd54a

SHA256
fd1640953e1b46a3a0bd7a7495107bd0aa638a39fa54dea42bbf59ee738468e6

SHA512
9c1722b184c6bf101ff7ea6e3f8184f68c9a6e22a0a113096ec7daa19443f4e35c2d7c54833053942e86f787087b7c18907d85167595323c2968b9506cb2a9e5

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\jimage.dll

Filesize
31KB

MD5
b62cfef50e9976fad756ccee6b1da947

SHA1
af3007044a9296ee951bec8a3effe6c76e8c203d

SHA256
866a8fb4815dfd4dfb7688446d274c7f8c0cbb4a5fd8055fd83c31531008d8f3

SHA512
06e9473e706792f466e0876478c340007f2ef9d413ab65aa7cdacc3971a11eac72b724a41f45d7f05e3def3472664e2d72cee4bdf413b39699fd11579d9ac487

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\jimage.dll

Filesize
31KB

MD5
b62cfef50e9976fad756ccee6b1da947

SHA1
af3007044a9296ee951bec8a3effe6c76e8c203d

SHA256
866a8fb4815dfd4dfb7688446d274c7f8c0cbb4a5fd8055fd83c31531008d8f3

SHA512
06e9473e706792f466e0876478c340007f2ef9d413ab65aa7cdacc3971a11eac72b724a41f45d7f05e3def3472664e2d72cee4bdf413b39699fd11579d9ac487

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\jli.dll

Filesize
83KB

MD5
9e6c2ae20dbe1e07be3d21443490e099

SHA1
98c67dd6238734b2d8b94ecc8e91584b6b14d261

SHA256
849078bdd72b2f184478eac0a78fedd386fac4cb230b3ef360d492839346617c

SHA512
e0f60ea823caa2220353caac057124f87c3f8582ffadd04ae673e3367641d862a8d24c1ac7532bd90a7af41eeada3fa1aa028b3812f45e57a9ce8c370d336161

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\jli.dll

Filesize
83KB

MD5
9e6c2ae20dbe1e07be3d21443490e099

SHA1
98c67dd6238734b2d8b94ecc8e91584b6b14d261

SHA256
849078bdd72b2f184478eac0a78fedd386fac4cb230b3ef360d492839346617c

SHA512
e0f60ea823caa2220353caac057124f87c3f8582ffadd04ae673e3367641d862a8d24c1ac7532bd90a7af41eeada3fa1aa028b3812f45e57a9ce8c370d336161

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\msvcp140.dll

Filesize
605KB

MD5
0d75c8464d4b192390a1ca0c6be07825

SHA1
05e4188a128d0f03bc02adf32fbe52734ab16ef5

SHA256
cdd4d413afd1ee1790693df82d9bcb473fc66d626384a652d014e68009a22dfd

SHA512
f44e547444113e02998b76b3c8d595b703331a490a6459b661cf709b52231237bd689dc768d5f5bf7fe2ba2ebf0be30e85a1aa80b22d86b5f712f65cb4ee9932

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\msvcp140.dll

Filesize
605KB

MD5
0d75c8464d4b192390a1ca0c6be07825

SHA1
05e4188a128d0f03bc02adf32fbe52734ab16ef5

SHA256
cdd4d413afd1ee1790693df82d9bcb473fc66d626384a652d014e68009a22dfd

SHA512
f44e547444113e02998b76b3c8d595b703331a490a6459b661cf709b52231237bd689dc768d5f5bf7fe2ba2ebf0be30e85a1aa80b22d86b5f712f65cb4ee9932

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\net.dll

Filesize
91KB

MD5
453e87a44ab7bb2da4b0da08647eb694

SHA1
c3fb005cd9480a791b75fbd4ad48db5f27922d4c

SHA256
75c4dd0d070f94e89e5e13dfadc99ed830a6fb0c46800d5becc5bf8b18241c79

SHA512
cdf3345fc0c45010e0ed1699d6ad8062dcba4479e7f4928106e6f409b062d0156c2df2b0da2fd1908e7d2a8f025ff3d4f8fbdd726f45ed2a6af092a6f43377ee

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\net.dll

Filesize
91KB

MD5
453e87a44ab7bb2da4b0da08647eb694

SHA1
c3fb005cd9480a791b75fbd4ad48db5f27922d4c

SHA256
75c4dd0d070f94e89e5e13dfadc99ed830a6fb0c46800d5becc5bf8b18241c79

SHA512
cdf3345fc0c45010e0ed1699d6ad8062dcba4479e7f4928106e6f409b062d0156c2df2b0da2fd1908e7d2a8f025ff3d4f8fbdd726f45ed2a6af092a6f43377ee

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\nio.dll

Filesize
63KB

MD5
3d111f32926824c2da74b332d43aa738

SHA1
f368e5539349fb0921ec8f017252faf2a81a345c

SHA256
93862ded2e56396d4a735bad3ed2675cc788d02fd5fcbf94d972e052b763a53b

SHA512
0a872bb97367f4b8123ab6bef888a61f117831487566a10abf67400fc59aef03b1ef2eb2d5b45a083b39f40177d1fdead00b96cf4cc40e0482f9d93f361093a8

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\nio.dll

Filesize
63KB

MD5
3d111f32926824c2da74b332d43aa738

SHA1
f368e5539349fb0921ec8f017252faf2a81a345c

SHA256
93862ded2e56396d4a735bad3ed2675cc788d02fd5fcbf94d972e052b763a53b

SHA512
0a872bb97367f4b8123ab6bef888a61f117831487566a10abf67400fc59aef03b1ef2eb2d5b45a083b39f40177d1fdead00b96cf4cc40e0482f9d93f361093a8

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\server\jvm.dll

Filesize
11.1MB

MD5
23556de87327d5bac1179eab2443d66c

SHA1
93ad5715990f83f7c931232bc57e6b9716ecc3ad

SHA256
564a01c0bf49868fa9cea86c161922d101f47ef9f3b9946948b6ab7cd0fa70b9

SHA512
179c079c29a85b99ee105655aa98e9b2b679f688c9a6888adad17ecec76fe5fa9601f5ca93b2ece239aa100fb724434e3bffd0e8271ea334551fb129d4000fcd

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\server\jvm.dll

Filesize
11.1MB

MD5
23556de87327d5bac1179eab2443d66c

SHA1
93ad5715990f83f7c931232bc57e6b9716ecc3ad

SHA256
564a01c0bf49868fa9cea86c161922d101f47ef9f3b9946948b6ab7cd0fa70b9

SHA512
179c079c29a85b99ee105655aa98e9b2b679f688c9a6888adad17ecec76fe5fa9601f5ca93b2ece239aa100fb724434e3bffd0e8271ea334551fb129d4000fcd

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\vcruntime140.dll

Filesize
76KB

MD5
8a422ed5f8e3a1c9fe4ac9c7a5517438

SHA1
453a09f72d98e7b9015c95e46b2318b2df2e9ff3

SHA256
a59a8bd2d92e148d30809b8c280a33e2a5e183d2332f2a4d2ea56a34c6fb96f5

SHA512
c8dd03da66acb4add99ba63ba8fd80725de3368898caffd4fb0e65a27c76643f40ccf2301bd236ed4a9ea86bee514e5ac76837e2c8215d04f57bf0a84890d2f9

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\verify.dll

Filesize
52KB

MD5
6db8639dbe9c5f529c77ff78d480939d

SHA1
787052c45a9b3164c5226905ca853f699c4469cf

SHA256
b39092499d61c5e41fc013282282d15515e57933c7a2e5f0b4930595c2404cf4

SHA512
5f440b577e7ef13c7cf60ab2a5982dcb9cdd6fd6b257a38d034e0d75aba66a84c20d8777602ec79e88c979c641f44492975f7d9fda938c149bb8a51a056e804a

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\verify.dll

Filesize
52KB

MD5
6db8639dbe9c5f529c77ff78d480939d

SHA1
787052c45a9b3164c5226905ca853f699c4469cf

SHA256
b39092499d61c5e41fc013282282d15515e57933c7a2e5f0b4930595c2404cf4

SHA512
5f440b577e7ef13c7cf60ab2a5982dcb9cdd6fd6b257a38d034e0d75aba66a84c20d8777602ec79e88c979c641f44492975f7d9fda938c149bb8a51a056e804a

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\zip.dll

Filesize
81KB

MD5
2e909242346be7c33a7119712b77bbe6

SHA1
979cf050730de3d626eb5ef0a4015b68ebf24fe7

SHA256
1af1857a43c230cbc60e3e286c70a014bbb39639c84ff2c1c6983d0e5dd099cf

SHA512
1c1b07f2b2abcdf0372e45820291f445bafebc5f95c3f6ea4b826aaf395cc2c2388a11c3a30107384951857fa6455983fdc1a1b6ba5dd81c28c64f9a883bacf3

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\bin\zip.dll

Filesize
81KB

MD5
2e909242346be7c33a7119712b77bbe6

SHA1
979cf050730de3d626eb5ef0a4015b68ebf24fe7

SHA256
1af1857a43c230cbc60e3e286c70a014bbb39639c84ff2c1c6983d0e5dd099cf

SHA512
1c1b07f2b2abcdf0372e45820291f445bafebc5f95c3f6ea4b826aaf395cc2c2388a11c3a30107384951857fa6455983fdc1a1b6ba5dd81c28c64f9a883bacf3

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.datatransfer\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\java.logging\ADDITIONAL_LICENSE_INFO

Filesize
49B

MD5
19c9d1d2aad61ce9cb8fb7f20ef1ca98

SHA1
2db86ab706d9b73feeb51a904be03b63bee92baf

SHA256
ebf9777bd307ed789ceabf282a9aca168c391c7f48e15a60939352efb3ea33f9

SHA512
7ec63b59d8f87a42689f544c2e8e7700da5d8720b37b41216cbd1372c47b1bc3b892020f0dd3a44a05f2a7c07471ff484e4165427f1a9cad0d2393840cd94e5b

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\legal\jdk.javadoc\ASSEMBLY_EXCEPTION

Filesize
44B

MD5
7caf4cdbb99569deb047c20f1aad47c4

SHA1
24e7497426d27fe3c17774242883ccbed8f54b4d

SHA256
b998cda101e5a1ebcfb5ff9cddd76ed43a2f2169676592d428b7c0d780665f2a

SHA512
a1435e6f1e4e9285476a0e7bc3b4f645bbafb01b41798a2450390e16b18b242531f346373e01d568f6cc052932a3256e491a65e8b94b118069853f2b0c8cd619

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\lib\jvm.cfg

Filesize
28B

MD5
4006564666795c838eed8b7fd958b0af

SHA1
cd6d4f2868725ef7541485719c6ea88d05e43724

SHA256
54ac5bb838f64585085f6c04b73431a96b9246cc0090943c48b067ab05086180

SHA512
87643b6f1da35a9a60869ef1f68141b3e4225fc65b256f31f7289c854d0e929e587ab572d4f67f2802aea89958b3a45a23c83bcc60c6b30613c87021ef537b03

Download Submit
C:\Program Files\Eclipse Foundation\jdk-11.0.12.7-hotspot\lib\modules

Filesize
134.2MB

MD5
383987ef28db4047bce4ae64f77aa424

SHA1
e7fadad89819fcb092aecb43ece8bcd9ee21a3bb

SHA256
557aab2946fc0830a619fa3079219f7a53927e965cc9b4c80289298ce4e6345f

SHA512
17bf41b4b9be5127492bad4ed309350c8e6a854a6a87dda40d69e11799d8e0a5f486fee8ec6dcaafdae38a67e1cc7d58557131e6aa6f9abc80bd9c093d6883ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
471B

MD5
214570205dcdb483c6fa5b76162c9746

SHA1
e523ef52da2bf243e0af1be8a929064af3c0b0b1

SHA256
85705876b505b8be856cb0d5af4e1d15b3c3c28d488602f9cd3dee6c9763c9b1

SHA512
b03406b577c95112098c8955ddfccdd8057ce6488913ee3f7c0ef4489048859be990ba403fb4d286572c1a1fd330583d5851147b3a31e2ffcccb458fe618db5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_A4F5FF24F824367F5B09C1F0997606D9

Filesize
471B

MD5
e479855f5e04fc68f508d418c3632e46

SHA1
f80cb006aadc0708978518bc23b918594ea5ebe2

SHA256
808ff0341d73c2319a6f0ff5730c22cc7d01f6f7d307a6a32fe74ae513cb3cd2

SHA512
323c2909985252bba564014ed92fb99a73fe2048db3e0e8e34b3c2ed9efb3437577f5daceca63a9bb81e655610cf9c02ca87b130bdac4bff0a1f45438428999e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

Filesize
404B

MD5
bccc58d81ef5ddff589c5b573563df5e

SHA1
6d2610b310b16a98671a7f68003b7829579cf194

SHA256
7be71a80acfffe3b509a5fed45d22f421672dbc0db0dd6c63d92976b77747ad9

SHA512
848a533d5ae62cf8b5f0a09c8f4266b231a17a485c3fcb0f40af045408b04dc4c578f75064f3105f3e8d88a1fe649752844497bef606099c268f8af783faf349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_A4F5FF24F824367F5B09C1F0997606D9

Filesize
400B

MD5
b4dd1ac455d213fb052407ac49eb4301

SHA1
71ed1bae0878cfb1a0e983ad9edb0c91686cacdd

SHA256
4fd69f7efed93850ca547c60b9215f5497e629b073e21fb54277b2b284b089a6

SHA512
31834f89972f016add85dcf7f6de7dfe711f448d0bfb805b94247e8376742ab299603b2a855bf958ead75d48e77f305fa888df1de246e9f124cb1c3982cccdc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
2b88b7491b5db0cd44d802b4a766f4ec

SHA1
3e401a32dc1f176b1bae791d74722c127118468d

SHA256
e9e673a083878fb4c9f2303c73fe97b71e4d8daa77c2ef4d041fc0fc63a28532

SHA512
181ff627fcfcf486845d3c38df6c784877bedbd3cfaa60282507c05becbfb6a5e871055fdaf38b6c86c5e9a799509363f0bbe41984f505cd7e1dc74744aa85c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56f87e.TMP

Filesize
48B

MD5
f0afe3758d5ae26671b19f6dc5a7b85e

SHA1
892128cc4569386af16811fb9e4d7013dd352e49

SHA256
9a16e0b0fbb383714d33721853bd906b6f4c18a5ddc1798e0c66d8d73d07c7ba

SHA512
b66b8c1253a3b5170ebfe09de41da7b6e8c533603b5b19d8d7e1806f7dff0227f4c71b1dfcc89ceb8fb007804ad250b010dd7468d0cc627172f873aa34f055f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c6959a4f84408cacf057d7a8a42164e9

SHA1
237e5fc0f4ccff568e672ef84cb7d3b7672e249e

SHA256
11eda537c3675549f669ecd3a99a24478c2cf1cfad7ae3fbb2fbc8723ad521b8

SHA512
959ade3b3e2b835f395527902e989ae0558c77572db255ab25a0600fec13eb0312cbe39340ffa82fe47c067aa349cacc581dccd86f3b741ad044193d92a07210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
f2b6917d4f0f3b59ebb4bdb052a0910f

SHA1
1192b490d63d39879e4682cad5442d5baec6ade6

SHA256
12fec0a817a865e39e75f0244263ae73ee42cb4272ba8b560d513aa426d33a84

SHA512
b91e83189ff6bbbef3f97d2a54d81c7291c3eeb4cbb32fcc74ba8cdce261496c94f55972ff7f788ab70c17998f57a1c3e38d31d928a646a90f4035617da99e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dde9d994532b676a9265e6a945df1b9a

SHA1
1a3dc6181bb77c600b5ec13f921de26eccd5a19a

SHA256
a3d2dfb11793dfdf7715195a6c6588e9969da27ea870d1d0192bf3cdb0d0d581

SHA512
456cfb8f429a1888168f67f8db82f0e3901aa49d58ca74ee57129758bbf9205902ebbf1842e4d9920219fe1c0b680dd1a2048ba4ba3a533ae76ba21e026ba979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9476b62eef11ae6f31614948085762dd

SHA1
813a2fe9d9562824adc2813163fd666b33568f5d

SHA256
c83ddc421c4775936571c79b1c01d12065748fce4748d4ba146ae7ab6af30927

SHA512
095fb2435c1c98987800b062f8fc97a4248d44ce7c6c7044fcabe9da750ac43386bc7e5f76e1e7230f872554dcca546bd22e777d0497b2f9fc7d49cc9d080063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c6cb88360d623e6cd5a678fd83703f2e

SHA1
6ac8690f15ebfc77c1941ded55d242fcb23e2024

SHA256
902b94916e756cece3362061f45e86f7bed000ec110722c837e55dc09b0557c9

SHA512
cd051feeb6d87e216f567c3475d3e02df436a6efd705393b46a6296fe3bb6f0cb994b30f4b946e4099baf2d0f6c7a2b8c5ca5437225196ff427483112b66aaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1895e399457085f0b1b08a25695907ad

SHA1
1a738207e485bf6eb1208256fd95821dde193796

SHA256
60291de379384a0840bbd33c82bc8fe007f4474c5c49ba6076d2a797397ed38d

SHA512
8de0c28566ef43fc9cc314cc6aa41279f5ef7e2386b85d5944c5324c47fe9f9a434cea923ebc86b7fb1d3f6f10c8831a7df0ffd4b4999f2fd0f215362eb31c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3330de04254c7f15e84921f78add31d1

SHA1
6d0c799c8f8848b5cc440934e5af4bae6aca3827

SHA256
5235bb0677999fe47ba6b845aabd74517bea27bcc89dd2565ba7f55ff15ade20

SHA512
95eff86d8ec2fc63757fb6e2711a6683f9a57782615b1c207068b45682318527dc458588ad7f393ee41d79027944af20e7c6d95e3b83564fe8c6ea60d0b6b039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ddcd4797fae8419781a8b56cf5eb7f04

SHA1
78f72d62ec2746decc5c52cafc8be87abac5d0d7

SHA256
18651172139bdca9745d9c56bb07d8914bdac290b464bbd57776135a9c67694d

SHA512
e05e84300e15d8db7126c4471f00c86eda6cc99ea0acd0a5fbd26af0848c50de7a9f7823bcf55f411e9be8a172f8ed1abbe02c434740b3b2aa867f32a6e69fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9bf3121a790e58d72543e2046f6f810

SHA1
f9183d5d94ee12c2aa61ca8266b49e6b01aafa49

SHA256
0ed651c8b8e5e20ac2cfb699a4cb1fc6cd284c72e3ab3a7d899e3d21de09f163

SHA512
56f94344df3c670cf6d5cf0ccf4561ab254498e32311b06a522936085c1b15c6be8e8b09eb85cf644ceabc09286939c32f1182e44ae28024476868b6775cd06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
674d07121f580045dd286e0e0d922da1

SHA1
d239917a5cf8ad163bb118bb265ef163ea8dcac2

SHA256
2e54bcd79bea7012407fc1d514a18ddc4fa0806b0a335f10cceff76bb8f17a91

SHA512
f90ba7816f466755e0dac3d4c9e42a996aeb9f1fb3bcd49618627ef38a469d59bf6751c0d00ec04504d0500720b554f68aefaf22209447f576d5847e99269764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
871bdc7956b733401ed40795711c533d

SHA1
458faa3e28b4fc4f4866f0f413e2892ca7999e8c

SHA256
05cfba257b3980db83766736b581147a2188c42edbd50f84ca5b62015dee6ffe

SHA512
d47b7ad02a478f90e1b36af1655c34c1099a9f3e39db4fe836ff03860e55eb862d47a4e0749b7b41ad9ba1975ed920047acb862940554a2a33e62416056ff7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cfd585ce0db9a1484f8223dc2cfce2f8

SHA1
4e5e287160c05ecdff8acdfa0899faa5bad4de82

SHA256
0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

SHA512
b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
925233fb50799a062bada289d3d0893a

SHA1
14b42d3875e55668343545e0147b8e298b5694fb

SHA256
7bf592ef6c48ba807e5d842d4122cf56d634b849e5e0100a2f6506ee5b435702

SHA512
ed93903157a105bc5fe0a85078bd99b7acd09bedd2d0c8e843764ca03b1f7c2a26ab32ffc1d270c820e492ad57ff1d603c700528c1f532e3776cf4b367f9b41a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
52ee844d8035e97d2ba2f2a3a4e49b9e

SHA1
69be8d935395f0fee45ec4bc3b84018bad6f795f

SHA256
b84376f41b58790f5a8c5833cf8a04a9844f54178da6a58d3034ef30331fa8f3

SHA512
309ed41fd0376c5508a9b394b11709c79322b5d68ef1a9c29761a213d128aed35cff4b96e0e29314d805019020026ce206d252d1b67cdd2e00526a6dd7c7a285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e56e.TMP

Filesize
538B

MD5
dffceee1b6c240e7fb3eda11b39beb3d

SHA1
c17cab9e6ae93baa2b2cc7dc539f9836f0d9d392

SHA256
bcd41f9993188685c4e48389ff9298f32751489de7d5bcbfb6b556688cd98762

SHA512
601b59e4cb8093f22f9fa4b2d375173ea17cea6339e77735619ed210a2e21944fccbc6274e0c6e3c90f1ed4073037fbaf73c4ca4f41b77f53aab01f71d14d0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
e5f256766d7de2e23a639322a2f4488d

SHA1
33efe4e365873a2c352b7296309e908326622368

SHA256
caef6d2decfa4973de08df39f313af661ae929e229de7bdfed2cc469128563bc

SHA512
2095a902a71b0a5fe174f67f6278cc93720d6452026d46d3adeeb0a57f84d949610d4add3689a4c67fd5aaa473aa04c3444cce592cb0a059634f36f833393e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2262760b4c8ca1205736ed801d2340aa

SHA1
ba8da8a3b304c84b04ea198bbc332c1b6ad77c7c

SHA256
9d64fef62a97386c5113ee1a23cc70af54dbb930880443b14b8efb0c143642b4

SHA512
513af6907a587aef4d65248337b207cb5759020e4a9e3cb4c3aa8e47cd4e1d8ffbe061f8ffe47d5f617958b2d0d20e475092e1f1868cfd54bcfb1f3671346a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
a2b4815f7700b56360a301b0c9e8bb2c

SHA1
e830c7d569202451109b2562cea677f6c42c2e4f

SHA256
10126a4d78c0192f91eb7f96df31fd6d88bb5e19363061035e76afab4951402f

SHA512
d0848caee811694209dc89821fdf2b1f6bbb95bd82c8c05e0c758cc21c5c1eb1c25933cca367c8c91c78eb6ed7f0131d097a033f4952b9bde117f0ca2dd434e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
9ebb51a290da48b1ba5874ab84539745

SHA1
316284cc93c9924664b25e362715c6e5659b4116

SHA256
152989adb75ae8748d8a07354a0b0e97f4ee16f709fb5c391a8538b239c8e6cb

SHA512
2fcd7a042deedc97e01e27578d864b0fff77e8b861eb580d5a1e4df4b2c0bc2eb5a9187b7aa435978409b40d7b0a4ebffdf8021ff1f7e36f39802e85331f4d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
303fa2bd92ee7c014779e19e8fd32a8f

SHA1
f5ad948c060570116bde2d08c4a200aa222a787f

SHA256
80110d82286fd959687274050b1bc47c3225485493d5ddd0d8cd4e8dc4c60eb5

SHA512
ccfb1aa933e721c9ed0b7ae1f333dfd41074a133760be9c7f26406a1082b8131647b895d7b92eb011c28304d9cc62f81c55eda8392cfb308edee8d221bff9f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
0cfa7032a2c677f427c4c3ca45c36215

SHA1
f4a0cc211a0c626c578c81795e191ba30e086550

SHA256
61af56b02f4943b78b7444f62a0328440e3fda37a36a5763752ea8c1480fccd6

SHA512
373de64f74f276454626ac6a2eb6f671781befa259f188410c9d7c37b1d2692f27568f2720a56c214cc19b0406ddcd0e73395a7bcbd35ac60c0074747f36d00f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xmtcz31a.ind.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2352180762654081562.tmp

Filesize
1KB

MD5
91d3708a258e5f789e2ae888cf68f66f

SHA1
218368b53fe6f3f23b74b11bbb7b6f4b8c68b359

SHA256
0ad2672561c2ba4e86c38702682bd84d720351f3e5c4ca232f0043aab7fa8b28

SHA512
9b99b07a7a33d7dab53e1a8b64787770bbaba9da96bd1c5daba65d9b7868c879c907edc1c8c43972fab735a288d1f6c9f3b2385bc4a8c5555064360bf25a0591

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio908298746378072435.tmp

Filesize
344B

MD5
d141cc8e71a3351f1aacb88a74b45fa4

SHA1
323cb27d8b7772b4b928a00706d4efe3b1104f52

SHA256
2788675e062e1111ead50a9a05971a7c11fe6246a89f571cf9f59ed68c72bb17

SHA512
315dfcf01f450b907f2cdfc9661db728789ec2440dd6985d914d024bd3c0798e602f7e230e60a8ffee8f39c95de68477d3b4def580a292e263d48bc23babae09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
668dc24ae1656490686207c2054a6eac

SHA1
7c9a44fc08e3f44bc3ad8f1ec21f4b9739bc63bf

SHA256
05d35529634b03310bd30be0e40a639d18b01797f0f64b9c4f19fe6a7ecb5da5

SHA512
3a831ea37cdfb5a61c362245f4b97883261fbff6e0de5d05d8872f64b110e1c39621b403e1edddf719732f39a0926734686f510c037040034b303072589ce810

Download Submit
C:\Users\Admin\Downloads\OpenJDK11U-jdk_x64_windows_hotspot_11.0.12_7.msi

Filesize
166.9MB

MD5
ee9cdd48298040743237c0c35a960ab8

SHA1
8b8be8805adb111208a33c37777356423e9ff4c5

SHA256
80546d8a36ad0cdf69305f72f42465093b9d0388f45819b05cc640ecd1310b32

SHA512
ca1d795bbba2384346674480c89d6d265e01216696c4d5a84a2e8460c61907edb56adfe1d383adc640286e2fddf58f3be2ebfec4dcadc88818f08be4dd1ec667

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 630824.crdownload

Filesize
166.9MB

MD5
ee9cdd48298040743237c0c35a960ab8

SHA1
8b8be8805adb111208a33c37777356423e9ff4c5

SHA256
80546d8a36ad0cdf69305f72f42465093b9d0388f45819b05cc640ecd1310b32

SHA512
ca1d795bbba2384346674480c89d6d265e01216696c4d5a84a2e8460c61907edb56adfe1d383adc640286e2fddf58f3be2ebfec4dcadc88818f08be4dd1ec667

Download Submit
C:\Users\Admin\Downloads\acb536a6-a08a-4f42-b485-4a8f7b1250e5.tmp

Filesize
3.8MB

MD5
07aa7461ea3abfe48ac5eb698e7acd14

SHA1
d93bc1c98fe0adbbbdb5b493070a7c3ae792262a

SHA256
d8ac02467508302227e7e7904f17a78c60a72ef5ae7bd3b8e89ee60b1dd8dcfd

SHA512
b7859082bf118fdde99aac145e03da20b4c7fd299453e5d7416d45474868d5d56ddd100772e75c7300a56002ae01b30732d271cc7b95251901a90025ec85a7f5

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\Installer\MSI37DF.tmp

Filesize
215KB

MD5
5a36af31695af76ce3aa1507611fe5bd

SHA1
255787a75d37258a02e6f0d19a83d96b46654d80

SHA256
17a7553b6fdef993bb221fd870f2b30e3783ae9d6e9b9b01af718b61e680a118

SHA512
b3611dba29d3f32d3fdbc5ec0a6fdacdee7e41406f0089f65c64e68219114d364e7f44616f06ce9c5f0ba3280edd35115d9e93924a46ae91e1dce5ab6efd567d

Download Submit
C:\Windows\Installer\MSI37DF.tmp

Filesize
215KB

MD5
5a36af31695af76ce3aa1507611fe5bd

SHA1
255787a75d37258a02e6f0d19a83d96b46654d80

SHA256
17a7553b6fdef993bb221fd870f2b30e3783ae9d6e9b9b01af718b61e680a118

SHA512
b3611dba29d3f32d3fdbc5ec0a6fdacdee7e41406f0089f65c64e68219114d364e7f44616f06ce9c5f0ba3280edd35115d9e93924a46ae91e1dce5ab6efd567d

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
d8d98fe417a7aa9f92ffb40bb13d3d3f

SHA1
b7cab81164752b98dfb228a5903ca8303cd53555

SHA256
22f51ed044e65d846a2904d3f0589fe4949bc4dd75c4b7e94d122fdb8655a9c6

SHA512
14e5f620a1394e9907e18552118c8d78d9f6e62995e982d6875e1d1612d43c7a3895d8db77d8c94a3b6968b3b8c86c80d22093c90519f3b5a64b8e8211c91852

Download Submit
\??\Volume{61956d03-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{c65118be-0f42-4301-8064-2af01a467033}_OnDiskSnapshotProp

Filesize
5KB

MD5
e05f2113e437cf034e29c0b5490e414f

SHA1
9ce634d4b977c01ff601dc15414a057447c95fcf

SHA256
e2c3dc414f2d656d7764df8f260b409b2ee53a39820b0ef817a2feb282ba354f

SHA512
94c2c4c524a647b1c987886f087d6199379588ba0c39c0a8135d66d9b93215b9213db4b7122b9bbd2b9d5c0a91390aed31518b1eac2088b29eca9f730a5dd3a5

Download Submit
memory/1200-1528-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1200-1547-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1596-145-0x000001CE2FAD0000-0x000001CE2FAE0000-memory.dmp

Filesize
64KB

Download
memory/1596-143-0x000001CE2FAD0000-0x000001CE2FAE0000-memory.dmp

Filesize
64KB

Download
memory/1596-144-0x000001CE2FAD0000-0x000001CE2FAE0000-memory.dmp

Filesize
64KB

Download
memory/1596-142-0x000001CE2FA90000-0x000001CE2FAB2000-memory.dmp

Filesize
136KB

Download
memory/3308-1297-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4296-1409-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4296-1412-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4664-1446-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4664-1440-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5232-1656-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5452-1467-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1487-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1488-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1490-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1481-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1480-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1478-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1475-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1466-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5452-1465-0x00000245D9B40000-0x00000245D9B41000-memory.dmp

Filesize
4KB

Download
memory/5476-1563-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/5476-1642-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download