d706a6436424da221bb5d580378262a4e6545e1fb6fa13bd980a3a315a05d0fa

Analysis

max time kernel
155s
max time network
368s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MultiMC/MultiMC.exe
Size

8.8MB
MD5

e226d337a37d26b6d70f9403eb1953bf
SHA1

5269ef680250ba4ec31e75eef2f8f308c54ce6b0
SHA256

fd25ebe06d490f8dffc1ac3aeb92bead259f5523ad3d3e1cca94f118f8bb1c43
SHA512

c0d9e2afb051d3c6976e59c1dc0a748444717b846786475466851a53c08fcc4d02d596ea71e8a7db6e47a471311ce8b28916c5ffee123236afe212229f14a147
SSDEEP

196608:Uu4p0VAk5KpmitpgNEgnC2UjLGfPCDylSRAZCbvdVsVhV81r3VTVVq9VxI8VCMVj:+p0mbpg8aIbVsVhV81r3VTVVq9VxI8Vz

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

48 discord.com
49 discord.com

flow	ioc
48	discord.com
49	discord.com

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

2492 chrome.exe
2492 chrome.exe
2492 chrome.exe
2492 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe
Token: SeShutdownPrivilege	2492	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process	target process
PID 2492 wrote to memory of 2600	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2600	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 2600	2492	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2232	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2232	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 2232	2532	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2492 wrote to memory of 1772	2492	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe
PID 2532 wrote to memory of 1896	2532	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
1⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a09758,0x7fef6a09768,0x7fef6a09778
2⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:2
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:8
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:8
2⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1248 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:2
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3296 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3928 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3084 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3464 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1816 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:8
2⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2536 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4188 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:1
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1220,i,14798381580748178717,16504354019097544302,131072 /prefetch:8
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a09758,0x7fef6a09768,0x7fef6a09778
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1312,i,5429331576046612977,16676837250944114879,131072 /prefetch:2
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1312,i,5429331576046612977,16676837250944114879,131072 /prefetch:8
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x58c
1⤵
PID:2976

C:\Users\Admin\Desktop\mmc-develop-win32\MultiMC\MultiMC.exe
"C:\Users\Admin\Desktop\mmc-develop-win32\MultiMC\MultiMC.exe"
1⤵
PID:2076

C:\Users\Admin\Desktop\mmc-develop-win32\MultiMC\MultiMC.exe
"C:\Users\Admin\Desktop\mmc-develop-win32\MultiMC\MultiMC.exe"
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea7dce37351ddbded9cb9fc806ebe932

SHA1
0fd6988b17cbf903673e4fb0ce78fe3ae8d0a1d1

SHA256
c997979b61ecf30607f5e86edf6581061538b5e29f72c59967d7ba4b5484964b

SHA512
349a1fb2978cbe2c284ffe2a5823b05b217d27e964e53e733d1a3a2cd481def2dcdc4edc6069afda50d2860845c15e6b14fc02b21e101b016acaaf02233862b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f152ab7e7584cdc1acf9ceb07abcbd6d

SHA1
5d16a3e7a629e433d471f08efd02e855e5e8c08f

SHA256
27497bac371ee7d4157dd81f2ce6e5432e00814b663dc28876bffa155264e074

SHA512
7b2c29dd0441b22da41e95ecab0a1b1acb956a2391f871030e92d36f689cedf9b9c8f32887b0a1299924be0a3634af0b4c348024632905ab9a3be5980747c297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8ca333c6-572c-4617-8d84-516441584866.tmp

Filesize
238KB

MD5
5c0b0c6985850e89200e231b379faed5

SHA1
c1a80993e0a8cf516174d41ef5a5db1139a706bc

SHA256
4d611f08e061df370f136bc57d07ad320492778caa94a0c8b2f69af0dd521ade

SHA512
8f044cf76ea17ab555ffae6b4a34210fc3c1eb10888d5254f2a8ab9a4bf5449b55e046a15bd86c04c4f6185a0c89060dcc26314ecc18a39b69a8379161bcf1b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6ceed0c88ffab51ae4b831f53ba82b6a

SHA1
3f6500fa70a8f4fa4506551868ba008b23e3d6e4

SHA256
6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9

SHA512
0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dc6e754de0fbedbee5471367f8c99964

SHA1
a37f31036e782945c2f83b9aa3a4f8622ba3a62a

SHA256
33f6c075abce59410d0dd47f0877bf932f4af012466b49d7fc3a8767c78e943e

SHA512
0f1b117e56ef9d07826219b7bd39a3f294e6903cfe155e5ca475f334b18b5483407ff51d06eb67dd7406a164867962781693e14c7b3be21657cd56bcd7cbe792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
113f74ccdd97c9683ea731ddea6619ba

SHA1
9c7945d6276f0de173a3de53b3bf8f8e37762981

SHA256
f4b0a9c6b2077ea559f07dc49d2b3f49bc3a0b7f6858667dd1645c30fb38f02d

SHA512
9233387c0c005267f665a9658fdded3b53a77784aa7241c93b4b34cb6535e3cdb1dc05911f96e5073e49d02a7fc15900a61b74e66033f8c63dd4226540dfe744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
9e4f0fe5a309dacce062c04a9e53a8a0

SHA1
22edf7318d04ef2c8e7581b2b392cd54edc21ad4

SHA256
ec1bb1c11e017c47b3a2f288417baa71c26276d5f3d8125cad7801bb7e49ce47

SHA512
5baf651f7ee0d2319276e991e7147bdcbe8b8b0d6dc27b8f400c88c0c03d8e857ef8aa4e1959721be55c87a2c67ccdd7590eb1dfd8e8f174e4aa2ac5d94803bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
ffd42b7f477242e3b8eeb84936083c06

SHA1
ffb0ac0d032c50b0c95ad28c91f822bdf8e7da1a

SHA256
42e24e7e3cc56535fb493ca144dceb36cd32962bf91b60e2a5093bb7523e9939

SHA512
3f8e2ca85fcf20b88db4023c7502f67883086c1cae91438588ef5587e4ff1e0b10c0653d94530af2f3641501e03f71dd969fe0c2afc1f0e661f32102e261412c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
7d13f0463c078c28a128f5c9ba513d9e

SHA1
8d619db1bca0347d92b4ad102b7f1edcec8d9bf4

SHA256
a0a5c549a85133a08fb8e775c24a7d148600e26d58cf2e8ac25e2383e6631c5c

SHA512
9385e453c0b39ea5f98c415e18db7b65986386c90b5d053155d453eaa2c110f68ae3a34a8668e1b6cad60e84ed9b5f306506ffb6fa23243bcfd63d58214e4bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3e445c8413095939a6003ce7b685daf3

SHA1
94a2d95e7dc39600ee2fa1e7e7fad12f49a5e24a

SHA256
303ffad8433293bfa421f9a897b03c5e445ce522f845a37f357d5cf78f310eb4

SHA512
0e024f9f883e889058c3257f56e9f54cb59564fb48893cf4b630f0040dc529828326f5b6e6f9000f8436ca9d803b21421ec7eeab9ff8255f45aa61fa09753666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4bf2d0a4f57b8fe27fb53f3b97f79f36

SHA1
0737e40b3a8683a7b6060e4403d3efd9ec39b7bd

SHA256
7099ca1cf5cd27a21499d338d22919c01346f67b34463d1bb359f5e120518e4f

SHA512
8ea85ac6f5d4fbd8c87eea094dc84e0dd30c50fd594d23cfe628a17922cdeb94c7f827c11e1f501ca28ac7f328457ddbbcfecbc018bcaf7dc07c5e68d5ac8dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f38f941d74720f94ab5c5f74c33c6cc1

SHA1
32bb353f10c118a6e94efc2e763c50ec1b3a81f4

SHA256
31e7de5ef90899fee48361f60b619f86f0e1dadc6dcf245232b00ea84cc59d38

SHA512
1bd102ae93f6112f60aa3c96b09e3ad79cfdc7fcb7d49a80904e81b1adaf788d4bc9405f9f9f202cd538d960ad30624229f4ab81b1c09cebf1e964fd2f73ecd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ed0a7af0a5e757422d24441c60f7f8d4

SHA1
58c7d37aefdd22c9278a84200c891d91ffa6434f

SHA256
bcbbd85050fc3bfa27a3276bac749d23b9c66f27de16233140573766946cda50

SHA512
aeed4e781d1c5f0b068aad1845797272a2e895f6467527784a17eea30f018bb2bdcafa36d497667e37352fb48a730bf8bd445d9a0189608dfa37b221600b5ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
51c7fd4448a19711902287d572832295

SHA1
9ba78daeeeace9fa12e561bc68cc042e897c3367

SHA256
059eb4d68a1ccfb5fbd815a764f5891c932921ec692360114301894e0b8aa28a

SHA512
9aba5ca2391917b68e6e85328db916efab43a7c6c9441cc993d48e2e4baa35380ee635ecb2301190a8922680ed22f7bb0fd36c1f314816078e4db01f8635ef9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
600daaf81739f1c774de700c3b757bab

SHA1
3409f772f9b001a3c1e04c5dcfe252fc14b99147

SHA256
4526f1c36affd072166c8cf927d44a3d1c6fc92d686c674ad85cefcde53454cc

SHA512
1afc75a5a536e55981c2e2672d0b0910d58869315e63f86249ce5936169bd7fff7238f0eea199e1aab45169e5ad45fc52b198400c65915188f10bccb523aa82c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
1cdca4640bd7c373b7a8f79723dd9215

SHA1
6c2839d7bf5397b4754bf53b571099931f919a10

SHA256
f6c5cd3561af6362ebea1dc76c2f7e0722395befa39cdf4db3108e1d752566aa

SHA512
76012a736d3fcf4abe67ec097a0162b9229451bcb4049da04a70434a40bf22dcbdcd812774aed692e00e71fcf926a774d552a352f0c209d2ced4bce6e0124738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
f284d6181ff0fad8208448ef326e546d

SHA1
b4dc5e457e395a0cf33a9a248b11030efaea0820

SHA256
36a1fd3b14ce40acaaf90963a778d90f0d9cad11feea8cb6ea74d62072913035

SHA512
aa0fd7a2720a41f2ad107c1443ba237948eb07ff9c61535c747d2036fe372feca92f6d83a8f758e2489f6f8891950f012493b1e3a514d77aaf25eea45759f6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
c83177f939bd494e1dbe36ecb5100692

SHA1
b0339d5b19886351a4a26ed7f88d9f54e91943d9

SHA256
2254c70924f4fb4c89a423596605c66421de968ad2461064e3597c0393443ed3

SHA512
cf990c3f4376a04dec60da11084d2cef571b12f5ab4070f50306540bcc7dd31a4b8054dcb5332d949173999a31c4a8732fe4f49046e2783cf77d9c3e3dc66d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e4bf2473-c24b-47ff-afa2-efcd631cd162.tmp

Filesize
114KB

MD5
c332f143f1e4f15b3764c4346a4c5a57

SHA1
b71aa712ecba7e4161b78f84ce8aaa200d50311f

SHA256
09db756012b2412a42a9809bf05eca8a437735b48efdd85cf8298704a4044b5e

SHA512
8bf84d07ca05afe0009dadba304e05766c5f619ea44ddbafa54c5dd19d135eeeb0708d7ef4c00efbbf1f2ea0c9a9722d3833655528443cd5b1ce2c7abc1ec4d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F63.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3FF2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\Downloads\mmc-develop-win32.zip.crdownload

Filesize
7.2MB

MD5
cba322cc5a9443550308fc7be3e83535

SHA1
f60ced0900007bc936810c62e00b531ae813c3d9

SHA256
e65cbff398d50efb431b1505377dc4846d8c3549b1dc3b732e9cbf5b1612fc75

SHA512
028a8066dc996ff9cbdcb4b39d52f7c6afb19bd7adb8b39d120f5cf24257a12e0f9ec75ae8325c39448dda85972474d8936b6fd43b8ff3c88127e6f0c1cd4011

Download Submit
\??\pipe\crashpad_2532_XLMZHOKQUSGDZBKF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1688-724-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/1688-714-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1688-721-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/1688-720-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/1688-717-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/1688-712-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/1688-706-0x0000000000F30000-0x0000000001574000-memory.dmp

Filesize
6.3MB

Download
memory/1688-727-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/1688-713-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1688-722-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/1688-715-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1688-716-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/1688-708-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1688-729-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/1688-730-0x0000000000F30000-0x0000000001574000-memory.dmp

Filesize
6.3MB

Download
memory/1688-711-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1688-709-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1688-710-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1696-10-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1696-13-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/1696-1-0x0000000000E30000-0x0000000001474000-memory.dmp

Filesize
6.3MB

Download
memory/1696-0-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/1696-25-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/1696-23-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/1696-21-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/1696-18-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/1696-16-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/1696-15-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/1696-4-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1696-5-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1696-12-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1696-14-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/1696-11-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1696-24-0x0000000000E30000-0x0000000001474000-memory.dmp

Filesize
6.3MB

Download
memory/1696-9-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1696-8-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/1696-6-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/1696-7-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1696-3-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2076-688-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/2076-697-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/2076-703-0x0000000000DD0000-0x0000000001414000-memory.dmp

Filesize
6.3MB

Download
memory/2076-700-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/2076-702-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/2076-695-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/2076-694-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/2076-693-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/2076-692-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2076-690-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/2076-685-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/2076-689-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2076-687-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2076-686-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2076-684-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2076-681-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2076-683-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2076-682-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2076-679-0x0000000000DD0000-0x0000000001414000-memory.dmp

Filesize
6.3MB

Download