4e187aa04e5e6bc6c16c492d318b5cf916320d8a3e549c8a7f7dfae1f12f751c

Analysis

max time kernel
414s
max time network
408s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-09-2024 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mmc-cracked-win32.zip
Size

13.8MB
MD5

c0ff728c671e8d9816c6787a4e4f174e
SHA1

e622a89fb553fae8261191a5e531d2f0550cf4e8
SHA256

4e187aa04e5e6bc6c16c492d318b5cf916320d8a3e549c8a7f7dfae1f12f751c
SHA512

66bc702b685bf645ed86a5a75aadf4a489258d43df841e6331935e7882209c7cef5260f5c51732c5dfb563a68199c01e10be7f2fbee3df9af0b1a61183fa9dc6
SSDEEP

393216:LMZ4H6D1S86aamvvbwm8XtUmimAgj6jrxszxvteoWAaKeYF:Lm7g86yb5ItUm96jr6tvQoWjKeYF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

javaw.exejavaw.exejavaw.exe

pid process

1440 javaw.exe
4296 javaw.exe
1356 javaw.exe

pid	process
1440	javaw.exe
4296	javaw.exe
1356	javaw.exe

Loads dropped DLL 64 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exejavaw.exejavaw.exejavaw.exe

pid	process
2460	MsiExec.exe
2460	MsiExec.exe
2460	MsiExec.exe
2460	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3324	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
3628	MsiExec.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
1440	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
4296	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Drops file in System32 directory 2 IoCs

Processes:

MsiExec.exe

description	ioc	process
File created	C:\Windows\system32\WindowsAccessBridge-64.dll	MsiExec.exe
File opened for modification	C:\Windows\system32\WindowsAccessBridge-64.dll	MsiExec.exe

Drops file in Program Files directory 64 IoCs

Processes:

MsiExec.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-22\conf\management\jmxremote.access	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.internal.opt.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\javap.exe	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\jli.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.desktop\giflib.md	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.security.jgss\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\jaas.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.unsupported.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\verify.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\java.naming.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.accessibility.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\windowsaccessbridge-64.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.base\icu.md	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.transaction.xa\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.xml.crypto\santuario.md	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.jdwp.agent\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\lib\fontconfig.bfc	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.se\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.management\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.compiler\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.charsets.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.xml\xerces.md	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.attach\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.jpackage\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\jaccesswalker.exe	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\conf\security\policy\unlimited\default_US_export.policy	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\include\win32\bridge\AccessBridgeCallbacks.h	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\include\win32\jawt_md.h	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\lib\security\default.policy	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\lib\ct.sym	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.jstatd.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.base\asm.md	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.desktop\freetype.md	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.jdi\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\conf\management\jmxremote.password.template	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.jconsole\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\lib\security\public_suffix_list.dat	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.jartool\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.jcmd\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\api-ms-win-crt-private-l1-1-0.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\jshell.exe	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\include\classfile_constants.h	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.security.jgss\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\java.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.charsets\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.internal.vm.ci\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.localedata\thaidict.md	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\include\jvmticmlr.h	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.instrument\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.javadoc\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\dt_shmem.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\freetype.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\java.sql.rowset.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.localedata.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.jlink.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.hotspot.agent\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\jdk.incubator.vector\COPYRIGHT	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.net.http\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\legal\java.scripting\LICENSE	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\bin\zip.dll	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\conf\jaxp.properties	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.jcmd.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\jmods\jdk.management.jmod	MsiExec.exe
File created	C:\Program Files\Java\jdk-22\include\win32\bridge\AccessBridgePackages.h	MsiExec.exe

Drops file in Windows directory 38 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\e5c847a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8D18.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8F24.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9698.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A33.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFCBFC3FC8271E3C11.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF030BB5C2C716A962.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8CC9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8E84.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8EF3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8D39.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8EC4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A66.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A79.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A8A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A9B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5c847a.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8E45.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A67.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A78.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC7929ACACC2843CA.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI88DF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A56.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9E07.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF055185456A9EC2CC.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A8B.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{AA2685C5-73D8-54BD-A9B7-2701251A8921}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8C79.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8D28.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8DA7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8F04.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A44.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\e5c847c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A55.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9A23.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

UltimMC.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language UltimMC.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UltimMC.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000010ed058f6a88e7de0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000010ed058f0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090010ed058f000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d10ed058f000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000010ed058f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exejavaw.exejavaw.exejavaw.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	javaw.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	javaw.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 14 IoCs

Processes:

MsiExec.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Printers	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Console	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Environment	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\EUDC	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\System	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe

Modifies registry class 38 IoCs

Processes:

msiexec.exeMsiExec.exeMiniSearchHost.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5C5862AA8D37DB459A7B721052A19812	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\ProductName = "Java(TM) SE Development Kit 22.0.2 (64-bit)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\Version = "369098754"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\java.exe\IsHostApp	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.jar\ = "jarfile"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\PackageCode = "C21BE8B2BFEB4A045BED9F6848AC03E0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\ = "Executable Jar File"	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{C9C31891-8D00-4753-B764-207476B303D2}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\ProductIcon = "C:\\Program Files\\Java\\jdk-22\\\\bin\\java.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4F4A3A46297B6D117AA8000B0D022002	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\javaw.exe\IsHostApp	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5C5862AA8D37DB459A7B721052A19812\ToolsFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\Media\2 = "DISK1;1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4F4A3A46297B6D117AA8000B0D022002\5C5862AA8D37DB459A7B721052A19812	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\java.exe	MsiExec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\javaw.exe	MsiExec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\jarfile\shell\open\command	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\Media\1 = "DISK1;1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.jar	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\SourceList\PackageName = "jdk-22_windows-x64_bin.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\shell\open\command\ = "\"C:\\Program Files\\Java\\jdk-22\\bin\\javaw.exe\" -jar \"%1\" %*"	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5C5862AA8D37DB459A7B721052A19812\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\jarfile	MsiExec.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 374381.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\jdk-22_windows-x64_bin.msi:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

UltimMC.exe

pid process

2516 UltimMC.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

UltimMC.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsiexec.exejavaw.exemsedge.exe

pid	process
2516	UltimMC.exe
2516	UltimMC.exe
5936	msedge.exe
5936	msedge.exe
4476	msedge.exe
4476	msedge.exe
5056	msedge.exe
5056	msedge.exe
1076	identity_helper.exe
1076	identity_helper.exe
1260	msedge.exe
1260	msedge.exe
5412	msedge.exe
5412	msedge.exe
748	msiexec.exe
748	msiexec.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1356	javaw.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

UltimMC.exe

pid process

2516 UltimMC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	4172	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4172	msiexec.exe
Token: SeSecurityPrivilege	748	msiexec.exe
Token: SeCreateTokenPrivilege	4172	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4172	msiexec.exe
Token: SeLockMemoryPrivilege	4172	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4172	msiexec.exe
Token: SeMachineAccountPrivilege	4172	msiexec.exe
Token: SeTcbPrivilege	4172	msiexec.exe
Token: SeSecurityPrivilege	4172	msiexec.exe
Token: SeTakeOwnershipPrivilege	4172	msiexec.exe
Token: SeLoadDriverPrivilege	4172	msiexec.exe
Token: SeSystemProfilePrivilege	4172	msiexec.exe
Token: SeSystemtimePrivilege	4172	msiexec.exe
Token: SeProfSingleProcessPrivilege	4172	msiexec.exe
Token: SeIncBasePriorityPrivilege	4172	msiexec.exe
Token: SeCreatePagefilePrivilege	4172	msiexec.exe
Token: SeCreatePermanentPrivilege	4172	msiexec.exe
Token: SeBackupPrivilege	4172	msiexec.exe
Token: SeRestorePrivilege	4172	msiexec.exe
Token: SeShutdownPrivilege	4172	msiexec.exe
Token: SeDebugPrivilege	4172	msiexec.exe
Token: SeAuditPrivilege	4172	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4172	msiexec.exe
Token: SeChangeNotifyPrivilege	4172	msiexec.exe
Token: SeRemoteShutdownPrivilege	4172	msiexec.exe
Token: SeUndockPrivilege	4172	msiexec.exe
Token: SeSyncAgentPrivilege	4172	msiexec.exe
Token: SeEnableDelegationPrivilege	4172	msiexec.exe
Token: SeManageVolumePrivilege	4172	msiexec.exe
Token: SeImpersonatePrivilege	4172	msiexec.exe
Token: SeCreateGlobalPrivilege	4172	msiexec.exe
Token: SeCreateTokenPrivilege	4172	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4172	msiexec.exe
Token: SeLockMemoryPrivilege	4172	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4172	msiexec.exe
Token: SeMachineAccountPrivilege	4172	msiexec.exe
Token: SeTcbPrivilege	4172	msiexec.exe
Token: SeSecurityPrivilege	4172	msiexec.exe
Token: SeTakeOwnershipPrivilege	4172	msiexec.exe
Token: SeLoadDriverPrivilege	4172	msiexec.exe
Token: SeSystemProfilePrivilege	4172	msiexec.exe
Token: SeSystemtimePrivilege	4172	msiexec.exe
Token: SeProfSingleProcessPrivilege	4172	msiexec.exe
Token: SeIncBasePriorityPrivilege	4172	msiexec.exe
Token: SeCreatePagefilePrivilege	4172	msiexec.exe
Token: SeCreatePermanentPrivilege	4172	msiexec.exe
Token: SeBackupPrivilege	4172	msiexec.exe
Token: SeRestorePrivilege	4172	msiexec.exe
Token: SeShutdownPrivilege	4172	msiexec.exe
Token: SeDebugPrivilege	4172	msiexec.exe
Token: SeAuditPrivilege	4172	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4172	msiexec.exe
Token: SeChangeNotifyPrivilege	4172	msiexec.exe
Token: SeRemoteShutdownPrivilege	4172	msiexec.exe
Token: SeUndockPrivilege	4172	msiexec.exe
Token: SeSyncAgentPrivilege	4172	msiexec.exe
Token: SeEnableDelegationPrivilege	4172	msiexec.exe
Token: SeManageVolumePrivilege	4172	msiexec.exe
Token: SeImpersonatePrivilege	4172	msiexec.exe
Token: SeCreateGlobalPrivilege	4172	msiexec.exe
Token: SeCreateTokenPrivilege	4172	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4172	msiexec.exe
Token: SeLockMemoryPrivilege	4172	msiexec.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

msedge.exemsiexec.exe

pid	process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4172	msiexec.exe
4172	msiexec.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

UltimMC.exejavaw.exeMiniSearchHost.exe

pid process

2516 UltimMC.exe
2516 UltimMC.exe
2516 UltimMC.exe
1356 javaw.exe
5040 MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

UltimMC.exemsedge.exe

description	pid	process	target process
PID 2516 wrote to memory of 1036	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 1036	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 4416	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 4416	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 3172	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 3172	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 4436	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 4436	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 4820	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 4820	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 5576	2516	UltimMC.exe	javaw.exe
PID 2516 wrote to memory of 5576	2516	UltimMC.exe	javaw.exe
PID 4476 wrote to memory of 836	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 836	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 4656	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 5936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 5936	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe
PID 4476 wrote to memory of 944	4476	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mmc-cracked-win32.zip
1⤵
PID:5348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4964

C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\UltimMC.exe
"C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\UltimMC.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:1036

C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:4416

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:3172

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -Xms512m -Xmx1024m -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:4436

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:4820

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:5576

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:6088

C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:2772

C:\Program Files\Java\jdk-22\bin\javaw.exe
"C:\Program Files\Java\jdk-22\bin\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:1440

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
javaw -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
PID:1548

C:\Program Files\Java\jdk-22\bin\javaw.exe
"C:\Program Files\Java\jdk-22\bin\javaw.exe" -jar C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/JavaCheck.jar
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:4296

C:\Program Files\Java\jdk-22\bin\javaw.exe
"C:\Program Files\Java\jdk-22\bin\javaw.exe" -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Xms512m -Xmx1024m -Duser.language=en -javaagent:C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/injectors/authlib-injector-1.2.5.jar=http://127.0.0.1:49819 -Dauthlibinjector.noShowServerName -Djava.library.path=C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/instances/1.21.1/natives -cp C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/jars/NewLaunch.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/github/oshi/oshi-core/6.4.10/oshi-core-6.4.10.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/google/guava/guava/32.1.2-jre/guava-32.1.2-jre.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/ibm/icu/icu4j/73.2/icu4j-73.2.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/authlib/6.0.54/authlib-6.0.54.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/blocklist/1.0.10/blocklist-1.0.10.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/brigadier/1.3.10/brigadier-1.3.10.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/datafixerupper/8.0.16/datafixerupper-8.0.16.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/logging/1.2.7/logging-1.2.7.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/patchy/2.2.10/patchy-2.2.10.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/text2speech/1.17.9/text2speech-1.17.9.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/commons-codec/commons-codec/1.16.0/commons-codec-1.16.0.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/commons-io/commons-io/2.15.1/commons-io-2.15.1.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/commons-logging/commons-logging/1.2/commons-logging-1.2.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-buffer/4.1.97.Final/netty-buffer-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-codec/4.1.97.Final/netty-codec-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-common/4.1.97.Final/netty-common-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-handler/4.1.97.Final/netty-handler-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-resolver/4.1.97.Final/netty-resolver-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-transport-classes-epoll/4.1.97.Final/netty-transport-classes-epoll-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-transport-native-unix-common/4.1.97.Final/netty-transport-native-unix-common-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/io/netty/netty-transport/4.1.97.Final/netty-transport-4.1.97.Final.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/it/unimi/dsi/fastutil/8.5.12/fastutil-8.5.12.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/net/java/dev/jna/jna-platform/5.14.0/jna-platform-5.14.0.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/net/java/dev/jna/jna/5.14.0/jna-5.14.0.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/net/sf/jopt-simple/jopt-simple/5.0.4/jopt-simple-5.0.4.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/apache/commons/commons-compress/1.26.0/commons-compress-1.26.0.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/apache/httpcomponents/httpcore/4.4.16/httpcore-4.4.16.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/apache/logging/log4j/log4j-api/2.22.1/log4j-api-2.22.1.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/apache/logging/log4j/log4j-core/2.22.1/log4j-core-2.22.1.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/apache/logging/log4j/log4j-slf4j2-impl/2.22.1/log4j-slf4j2-impl-2.22.1.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/jcraft/jorbis/0.0.17/jorbis-0.0.17.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/joml/joml/1.10.5/joml-1.10.5.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-freetype/3.3.3/lwjgl-freetype-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-freetype/3.3.3/lwjgl-freetype-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-freetype/3.3.3/lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-freetype/3.3.3/lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-glfw/3.3.3/lwjgl-glfw-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-glfw/3.3.3/lwjgl-glfw-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-glfw/3.3.3/lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-glfw/3.3.3/lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-jemalloc/3.3.3/lwjgl-jemalloc-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-jemalloc/3.3.3/lwjgl-jemalloc-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-jemalloc/3.3.3/lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-jemalloc/3.3.3/lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-openal/3.3.3/lwjgl-openal-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-openal/3.3.3/lwjgl-openal-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-openal/3.3.3/lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-openal/3.3.3/lwjgl-openal-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-opengl/3.3.3/lwjgl-opengl-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-opengl/3.3.3/lwjgl-opengl-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-opengl/3.3.3/lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-opengl/3.3.3/lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-stb/3.3.3/lwjgl-stb-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-stb/3.3.3/lwjgl-stb-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-stb/3.3.3/lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-stb/3.3.3/lwjgl-stb-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-tinyfd/3.3.3/lwjgl-tinyfd-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-tinyfd/3.3.3/lwjgl-tinyfd-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-tinyfd/3.3.3/lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl-tinyfd/3.3.3/lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl/3.3.3/lwjgl-3.3.3.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl/3.3.3/lwjgl-3.3.3-natives-windows.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl/3.3.3/lwjgl-3.3.3-natives-windows-arm64.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lwjgl/lwjgl/3.3.3/lwjgl-3.3.3-natives-windows-x86.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/org/slf4j/slf4j-api/2.0.9/slf4j-api-2.0.9.jar;C:/Users/Admin/Documents/mmc-cracked-win32/UltimMC/libraries/com/mojang/minecraft/1.21.1/minecraft-1.21.1-client.jar org.multimc.EntryPoint
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffd450b3cb8,0x7ffd450b3cc8,0x7ffd450b3cd8
2⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
2⤵
PID:944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
2⤵
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
2⤵
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
2⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:2600

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5804 /prefetch:8
2⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5840 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
2⤵
PID:904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
2⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
2⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
2⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5412

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\jdk-22_windows-x64_bin.msi"
2⤵
- Enumerates connected drives
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,276244713704443850,3970993934323204745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4816 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:748

C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 3D94232F885DF82F7CDC1E3CC4707C02 C
2⤵
- Loads dropped DLL
PID:2460

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:4400

C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 0A24799B62032D1D49C5AA18B6A8CEDB
2⤵
- Loads dropped DLL
PID:3324

C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding C52FB5DB690029C6723EB6515442B702 E Global\MSI0000
2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:3628

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5920

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5040

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5c847b.rbs
Filesize
10KB

MD5
432d3245ef7758d66888772bf327fe73

SHA1
0feb4b992edad0d4330c619f1c738fb7664e0ba6

SHA256
41eac1dc0210904b4a2f7105a31634292c2df7c19fa6d6c0737510f13a9eadb7

SHA512
3586ec7e6cb5ec03f66cff9b6975e68e6a7309a4596a50b1448ded360f3bdda59483f018f1fcccc2acf22209f292152fc0b23ed310aad42c728b133aa035f54a

Download Submit
C:\Program Files\Java\jdk-22\bin\windowsaccessbridge-64.dll
Filesize
70KB

MD5
753dbe7bb0436064df159acb1f566a8e

SHA1
44b926e69aff2ac192912ac44eb71fe1bd3d4fdf

SHA256
2ae2e250ca71a66c4fe9cc60038d079cd2da2bd2370f68e717abf411b5b9ce51

SHA512
018bd6f5e518e8dc1463a5a395e945796cee20969d5c1e71386afe39986c7e87ca794d6a26a048ee7f0c796429dc577b812c12573610507d0bbd48ea137ed31d

Download Submit
C:\Program Files\Java\jdk-22\legal\java.logging\COPYRIGHT
Filesize
35B

MD5
4586c3797f538d41b7b2e30e8afebbc9

SHA1
3419ebac878fa53a9f0ff1617045ddaafb43dce0

SHA256
7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018

SHA512
f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

Download Submit
C:\Program Files\Java\jdk-22\legal\java.logging\LICENSE
Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url
Filesize
197B

MD5
42bd69cadcf583341dfb2f3d0934cca3

SHA1
cc607f090f32c0c8e09b587b1c042f576b74b46b

SHA256
77ed09de913aa87c8aaa70eaf8b85a2840e803c0585726ef1b19badb63c48baa

SHA512
308dabf7222aaa4a80a7d4d9a868fc059d9bf6093f8f9019e6ba9c0bc1f9f70020ded419048468e3ac5e670c75353786d92f0d593a59b4ea11023a107d943fdf

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
Filesize
175B

MD5
0b7f7b921d15c8f4651075739aa1c64c

SHA1
a2faad6346abc164c037e168f247ade8b3a50c82

SHA256
7f75a65299b7abfad831523c53a38ca4454d63972b7b33390f0e73a070ae73b9

SHA512
01c96b880b77581c9e149e29e8826a3f04a15c0ab5f5bc004988acaa267eef12e584ff7ac3c9294382093d029cc0cfa185596d8467906d80e9d1d4dda290c9ff

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize
471B

MD5
082b8b3edf3d011642b7962bc214a5ac

SHA1
5f6986de80040ecd61466c4eda3a38ec3c0acf07

SHA256
3275d5a4ea2a4faca01711ca6c2e9c07656f64b8bac2e97173aa4ff08d3aef43

SHA512
5b96a06fa03aadbacc718e8c38ef12703606602a165ff4d06be6179188e9d86c8208dca15dd2d361f81446ad5858737c89a0c79a0f5b24f80d2959ff3a167375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD
Filesize
727B

MD5
353b71f70b49c6f7711d76f07b947298

SHA1
43a2c08e8f642b8924b2d5c3d52846e503433db5

SHA256
89c65592a26ee7097f8d11b5e6c29d85d68d2bc49c62e7ee7dd5700f04eb775c

SHA512
571400154ddebcf2c239310ed5dd39a1bbda91cd12a2c7270502ca5342fb2b66b228124c35bd96efbf3d4773a1e16f6267515aacd0f16e3a309984e10978aeec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
727B

MD5
4b6db32e31836998fae054aff41e9985

SHA1
0aa00bd7dc0830fd745229945fb812e0888cc02b

SHA256
b512a1c486317232d145385c52910dcd3fe98a26543c463a054de9864710c6b6

SHA512
59e48c5911fadd6f6fa43f75099dd13d7f8f21e7ad417000a07c50180d701693c6d2cd3dcdfa141d60cdf567ceb14ecc0ea99f8887ab877c037d8611a5407b92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize
400B

MD5
f5ad82758d69b258c16ae2dfdd222423

SHA1
cacdee2e0f5793f5cf7bbcbdbbead03550c39a44

SHA256
c6b9921510ef23b34c6353d52905bd55da634616b8116524090652c94406d372

SHA512
1f65ab9cb1f1b2771a39ddc765dd7fff3c6d7b5d5eee4ba1586537cc9f8f4510e8d1b118f1ea440c15ebc7decdd7ec0249a2082af7cbf2aa279023f65145ab53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D2F6556190F7B1A25A117FFB5467EEBD
Filesize
412B

MD5
332900b899c0be29acabcab8d3711c2f

SHA1
3ee3646f682052383f84e7f624b17b4da4d84dbe

SHA256
8bd60d27e971d53acc7087b5f7c1f8f3b929e746148f84958e920e43e12a8884

SHA512
0923636e523a03e4b9f87645fb721f36e6cb2e0f20128ed0fa75577028a7d2c291dbe0a9a4d4cc76359a8b81f9ec735dc744cfd9461281b74b9dbe5824055a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize
412B

MD5
ef59112d6d0f0700ef1b13021b64a188

SHA1
27bc7f879b8dc53e9d1bd8e5519ff0bd3cbbfae7

SHA256
199709268e32674e8f182fdf854395a1e34fbe08540e1212f2a9c69f188bf12c

SHA512
d6159eb90f1fe6c9e30464d04e8c8b7488c021f6469f287a109c8737c25955bd273ae38eebe89c99e0184bcf5848c4ce8d6fe0d5b172ea47f28cf72bc8ae3655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
df8d0b2deebf4fad91508f622a2048a2

SHA1
af20ac0ece99042e2d85be069c0f18aa662172ee

SHA256
88f3670dbb63520b35aa8d6bba6dc4d006715763f3f56703b4731f0df9193562

SHA512
5746750661da2919a15d8fccbaedb6367ec89ddf1252c8be30ec95887dcda7c91564f6a74cd7a0a94a1c6393a3264aac141daf8624a39d8cb53aa02fb50ac17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
792d55416ebdc2c08c0480b70a97335e

SHA1
127d59267159f7074d0efb01ad63e8420d9fabd3

SHA256
7d66e2db7f8f04913069c2681da756405ce4e2aa43a8678d43dc1103c7b9230e

SHA512
26d047181f4a27af277b7ebd7b858840e6be2fd9d0789489af0af5468d7b1672c7839a9685551998ad5bc63969b3069ac1bf1154c9e4bcbc9a72cc8187cc444f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e136df978535aae0caa078eb016defec

SHA1
52b2bad537b8a1a0b3cc62f5ef009ef3501766c8

SHA256
389efd63c212b47ee346693f4b752ea4961ed6a894f1781a1be3359ba8dae999

SHA512
de5d18a0514f35c0c1fea993348a705d3d22e0e9efb0ddca49e47b5a459aa97d8e0a762b8d217fd0bdd11ce1b1875d48125e03e8a17547b8268fdbaa61e75e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f3c5115d95230a11907254515122207f

SHA1
f4c054f66919e82975c48dd28c0045408d5e01ce

SHA256
25bb46ba09aced6a3261af6f44d307870d6185c82250ef73fb0ef46c4f304831

SHA512
5608061a07abd2885e3c8af001fb1a459fdaec8ec36a82e04e8e2af904308ce8fb7bc77fb4ef6fa23450a26448810387f3169ca0d21d2e529a64176ee51eafc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fb7061c6432b310606964847f7963418

SHA1
23e91dca4716f49d6032f2e847a41e2ebafa5a77

SHA256
2ef6678f66f693c7e4edcdcc75549653c49b1df84775d13b9a9306847b1e7816

SHA512
034995936f79c254c39afa536f647e7b891af1deac6ca1bb50484ee3b47e41c38d812df29ea9be71a4c9da69fbaaa89aad36dfde33d847749710233e192632ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
6391efb81ee281e456fbc495fe8d1eab

SHA1
689803b64b3e204a53966ac280cb170334a30e68

SHA256
573a538570a2ebf1b11a7e082788ad46876942aa140e440e3a36b1fbed9acba4

SHA512
166618a5e9078f28bea3b85254a3de3c7ae4905f18602529cd0e444fd216d568a5ac8173df1c801a9fd6a544c39ecd33eaf07206bb10d15cea9b62da9ced0712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d608b518-f8d1-4395-b132-d96e96df117a.tmp
Filesize
10KB

MD5
24ae49b693fa0f2b80dc6160f23e62ca

SHA1
9e970f7b1a79ff7ebb8375d53f408f6afbd1ea32

SHA256
726a4a41731442fc716a793c067b4ebefc188206ec72b097a31b059e9f27fbfe

SHA512
74c29c5b9dd0c4b253e52e8fbcb7518e8c6cda96feacfa07dd4e07c2b11b0dcdd7c086322b3e9049b837e29e24d307269e264d6573d0e50c482eb243d6e4b43a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
3c25ee47481cb7e84ce3ce42081d51d3

SHA1
eec0e660d605f51ef71ae7155f25aaf0099ca96a

SHA256
d6c36c2effb0a840226e7f42f294632f6dbad2dfeb7255ffeeafd69ea980d978

SHA512
4deac1f21d5113ed55c59e7350f3176af30109db5f4a30b7711e5045371530b5dda92e48fd26226ecf0049bff4021dfd57bcf18da6c4e814f354683da9bb4acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5FFA.tmp
Filesize
947KB

MD5
a5f00b94876c9a227eef8999066da036

SHA1
6ef74b6a240472ea6ea6e90f5746b7fda43c9e27

SHA256
85826dd6020d59ba225786162a18239b4d67c4909a0f3ec49a50430484afad2e

SHA512
7d35528df363cdce14b596187a746286306ab4776170cf8b0ad36e5d5db265b70ad8dd2aa88b0d65841fc21d49e5054028e6b023ce19fd008e6aa80b65bb0a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna9876608289229429466.dll
Filesize
248KB

MD5
719d6ba1946c25aa61ce82f90d77ffd5

SHA1
94d2191378cac5719daecc826fc116816284c406

SHA256
69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44

SHA512
119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
164KB

MD5
c5eea8f0f6a69282bb7697f9c7316ca1

SHA1
4728a8c0b74cbd1eee75704fc94c7acffffb211e

SHA256
e705f1b08da8aa367bd88477e61a6fd27f6de0d61f6311e96bdb361fd9524550

SHA512
e0a78f5845d289f1296f68fad37eca61326a346a8ef5fc4cf09982f73ef30897efa37a295b9ec83d712145520b7d89398fce0580df4ecdb45d95f28c383a2ffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
174KB

MD5
79fba647ec90055e637f5dfb1da2f6a7

SHA1
6f4af69ca929c93038ebf1054d9e00a96ba4d4ec

SHA256
1e433233b75ea0e0affbd593875198fb5c4cbab13a33648729bff6f8f1eb6b9e

SHA512
7a935c7810732f744b9b50da06f3c1003484f4a5f40b37e2d2b479aa3f0f786e9cb9f7f270e600d420e5fab7fd9be242133dab020b88da297e778109950ac5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjgl_Admin\3.3.3+5\x64\glfw.dll
Filesize
484KB

MD5
8cabdbe3d67546771b02af5d42073cfe

SHA1
2e19147110b9872a52814956bab151a7aa80ce58

SHA256
affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a

SHA512
b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjgl_Admin\3.3.3+5\x64\jemalloc.dll
Filesize
389KB

MD5
e58d41175587d4355fe06bf8b8a1ab32

SHA1
6403f8243ea983a225b3bcda6c821a0029ad9ee2

SHA256
9abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248

SHA512
fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjgl_Admin\3.3.3+5\x64\lwjgl.dll
Filesize
468KB

MD5
d8ea3886d9f59b514bfa5b24ab69c0ab

SHA1
2bf57942dff5360889f0e89c58d5acdc54e5f1ea

SHA256
a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d

SHA512
ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjgl_Admin\3.3.3+5\x64\lwjgl_tinyfd.dll
Filesize
246KB

MD5
e7349669dee3093d266849685efecc60

SHA1
e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0

SHA256
ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c

SHA512
41d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\accounts.json.tv2516
Filesize
685B

MD5
96616e7e211795c9a725c8e50e81fe02

SHA1
065f9987f3a55bda0a9fb53ab26db3b74ae50692

SHA256
e48734ca0cc4c910ca7bcf0e2bb731a844b8b33191692c26544a1f3fc3a6d6a8

SHA512
290face3a32fceae73f4c12734d500b8e352bede3b2deda4e2a55621e6da860217a5fb6f25834096d9d161a192d59ee81ace7a2f9fb1172640096a18b3a7f1f3

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\assets\indexes\17.json
Filesize
437KB

MD5
4be4b2031e11b0e4850b95cde6c81530

SHA1
a4fe1e7e5c19730b0014771d2cc2bf7ca3f8033e

SHA256
76ad92068fe16a79658fbb24b455b0cb603807981e1d2d912050216bfddd73cf

SHA512
1df80d3e891e52cb661a470e06d368a2afeaa3625ca1de6b28ecf0b367157cdcb5da18453efd2dac75f3d52c164dc2924f57bbd5728c6cc7641f4c437816fccc

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\assets\objects\ec\ec92a55cb324afd2b78cb6f7b1426fd80bf4d754.Qf2516
Filesize
438KB

MD5
078b15d73729b693dc31fb5dbd2e8686

SHA1
ec92a55cb324afd2b78cb6f7b1426fd80bf4d754

SHA256
cc29fb5e5ebf4ca7f983b012af208371db40388c94385de59d7d758ebf9e69a5

SHA512
debbc0a4463c8ddb56b16ef9aaeed2a64f6b05dc9b11928c27a0ac34c83d1caeaa8f53816093db5a6630970d46516e019d18f1bd799a67c922644cae578e9751

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.EU2516
Filesize
716B

MD5
49038929c85c8966a3b9c537aca6f02d

SHA1
88b6fd50ae30efdf1c17c52f1d8fd3ab18eabb9d

SHA256
5e0781431e265cfca6a42bea7f9f4809c50c96470b6cf33db7d27e41f6e62b1a

SHA512
564d59fab3553f0cc4dd999ea92a6bc0a5c67a261e770f4cd9d6b1f4f88463083489f30265cd788e4548653442ba5efdf7192e27d7eb1e7356147178b604879d

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.Hk2516
Filesize
957B

MD5
af49545c707f156c26b0fa81540295ed

SHA1
efa72322b211ee90c490cbd4ea0191115456600e

SHA256
e3de82a8d1206124ff047063103ccb76d311a5b4fbb734aca01a3a0f9a318509

SHA512
b0accad9652bad21772ca5289b98d471428ca8cf8f65501bb98d58f46fb2ea8d4bbcee51c0fb741355f0b037303f78b7eb03b482d43503aa51394298eb7b16bb

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.MQ2516
Filesize
976B

MD5
3eec9f07ff3bef6fffd6d6e3fc62ea21

SHA1
c41c1e0f295a55865c3a3db1c796fece292db189

SHA256
65614eb02ccd10f9dc8e918aded73d638d17731c9f4964704aac552f8d3092a1

SHA512
4256b959d0c5e6a05c7ac6518e72beef9b52f29ce3d2427bf2e245715876e872daf219f913b8013c0f74ebf7310e50a060770df7e6364f91f6697082979d488e

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.Tb2516
Filesize
1KB

MD5
2f24c9a56afc31a3093a6db8cc97f45b

SHA1
bfc1259271cfa80a0aa95b706a8ac3071d4b9e3f

SHA256
4490f3089443a2ebc7e695bd6c68b18718630780810ef30f55f5a8b36503cccf

SHA512
2acbbe62d596d63d83822757c7e1568dcff1e18e56ce26f57bc02cceab0d6e047f17be9e12887454626894febf45f5707ec5178881878bcc0e8d8e5ccd72a402

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.WC2516
Filesize
872B

MD5
d502ab0ce5edc506b8234a96e0b7988c

SHA1
68d4f8849deb718b61378583378e649b0609cf05

SHA256
56b115d3ff714c6fa8de4c27075b9f2b5521e396820e6cd3f237e1744809573a

SHA512
e40dd8da8ee4bb560b14d6e3503412a2b2cccedd27bfe32f9be12b3c282260f8cecd010a1540307aa423f911e9d073d22645cf967b721699857c4b923475389e

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.Xb2516
Filesize
1KB

MD5
281b1a4d81cf03dbec7ab94fbb3fdcf1

SHA1
e99bececaf4ae60abbe60e78383dc8672ca9ee95

SHA256
fd3ad24be42b57ddaeb3346f78f30a052bbb5082927f06430de7405061be490d

SHA512
d2b99ed8769bc32f9c859e906e0051ab1ad5a260f5e1dbd3a194fa7c8fc2f325eed3d78d87bbb6614f235e028076ea8cbb190ca55ce405f32dd30abe3fc2f474

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.Xv2516
Filesize
1KB

MD5
cbc8d6955912a7b1af730a346b255e74

SHA1
b3bf1128dd77cd47ac8935486d1ea4246099fec4

SHA256
ca0c37b8c41099ad5e1f202ae1e746afca3499c6b21792f746ca689eb3a65ae8

SHA512
4f02e4e2dca33f2ed779a3eb48e54ff8c4988ab7eb3c45f44467959131bfc522ffa243614bc5cfdbfa95b802930adee5c369a2ccb6deb2a4c0e29e9c030709d9

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.aS2516
Filesize
775B

MD5
c91d4423dd69d5d665fee9c9e4b9d388

SHA1
798378d0e59d090a9524d2ae9f61ccfe931e656e

SHA256
82d7c071396d9c17b080e57f58063764e3184e0d3f27dd08785642360d6523ef

SHA512
ce48e101755ad159a8175cd573ffa35c7a1a613dae8890cd306fbc474fb8e0701f79ee9ec2249603dc3640e4c3f2d18ebe9e67310aca8d330c1ad03f33f0855c

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.mi2516
Filesize
853B

MD5
63d4ad668251ea22ccc13b6f2ae687d8

SHA1
3127fe5ec0111fdc1badcc3a5d679f3a9e58c8cc

SHA256
4164233146175b2576ffa11152271e962233071571b8125d4c05d3984770b2e9

SHA512
8f3ca3f8d5ce04a85795ee058e962343eaa131c89a4abb9238adfe5685748f732b23d21e424f653319ffd7f0bf03a5609166f0eaba681e7e5c872551f559a2a7

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.qa2516
Filesize
667B

MD5
9b9ea036553cf9caebd34c2c4ae64289

SHA1
e25f3717deaf441251d586228e481ce3b7fb2cb0

SHA256
65f1e8849790881c02ed664635231a5d5f6ac2a470b7938c77bf55edf5708bd4

SHA512
594f4e7993879bdb349196b3f347fe6a1ad870e8d964e7dda00a13576c842c04ee66969ab794a7bf4620ded14236e7a03295caac9b10e0b9bc6cbdbb4c864d33

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\instance.cfg.ys2516
Filesize
879B

MD5
791ea5c1fe55c10b7467ad12cef3d87a

SHA1
50f4840d5e9b997a553924436461d8901218b739

SHA256
f3487f5d56d38a54a61c3adc0b187f250f609bf3459fdae84dd73aa059585e17

SHA512
9115b70e5417f6923f8c7b7c695be7e0c462e597b2d897b713319a1421d449c21a208a78ec276e9be2e48cc2ca0a0100699c67616ce6ad7e311ba2a241375619

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\1.21.1\mmc-pack.json
Filesize
251B

MD5
ba71325ddb15e8d24937e1bf8e1dae6e

SHA1
51ce41dfede5700eb3cd08ef3c2077ee80b1d524

SHA256
c695268142aa31c2ac9fdfad24db9b1e20fb781ce7a92afbe31cd8ad356b1baa

SHA512
19e699b79d7fa723ed3563ba04101dd748d39860da25211bcd8ecc5e6c2537f56fa080cb480e203a4702606233f8ad56f7c83097757d456d29c3ff2aee0006df

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\instances\instgroups.json
Filesize
52B

MD5
e779e78d956ca4bf36d98ec3c326d88d

SHA1
13cca38b02da0fadf1f83b64964d52f1233203d8

SHA256
0dd2a2f647bd2d34e72ba82fe690d52b8cb0d36a57cf0c59c119e241d0c478d0

SHA512
fd1fab8367f3e8dc0e8c17211b3aa2115ea6ad5e6c319a28cd0033ae84923f96f2c2556cbff1bb8de22f2e0b7ef1c521b19881d11eb1690efb3b4700e9d87509

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\ultimmc.cfg.MF2516
Filesize
1021B

MD5
435592f3b148f2187140fbf0f26fbc1b

SHA1
2992102dee79e85b2acc925b2d8ac0d9af071037

SHA256
ca7afbe5483fad1a48f4571d498d846689983878f58f1c229c6185a5edf3e7f8

SHA512
1a5ab385927963263fe33cadaa6d2063f4e2cb565bdcf1236a14c8a36bc5fc1a804f9a8f78a6414d05b035890eb2ee6484dbd632a33d372cb226917c8f5c8ed5

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\ultimmc.cfg.gn2516
Filesize
1KB

MD5
793f2e8ff83790c4a9dc833999c4421b

SHA1
a67a226facc3b028f19cc0a427f05ed3cdde3c07

SHA256
6cd7f4b772a6a34d2fb4b71273c16ba50188905deca1d7565c5c69cdb7e63c7b

SHA512
bad7977cf883ca7a7abb8380ed0396396d6788b6f1834cc07ce2af689ec1f901365a09c633e6cf4244716fc1cdcac101df6d28ba87d6acb04011feb8addb9546

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\ultimmc.cfg.re2516
Filesize
1KB

MD5
7a81e13d43115eafba0d309f00afb1c1

SHA1
53e46806b9340743f012e4b20bad51d8a0e529c8

SHA256
b8de40c844ebf76414a84762abd8cbf7c86d353fcb9ad6ee15a273025e5f2be4

SHA512
3ad47e2ac9eebe20e039b5e967f2dcd49236ae21c94d7917ecee95de4aaedf5c8281e966ab7560416b937d48640f039c81c320faccb482cd8d4b985a03754757

Download Submit
C:\Users\Admin\Documents\mmc-cracked-win32\UltimMC\ultimmc.cfg.sa2516
Filesize
1KB

MD5
b6aba2ffc083a42dc113146fd7a4d565

SHA1
14c7c6664b49aee20293382ace91bc820ac1e801

SHA256
e6baa0eeaa47501f39e13a231074c253488818bbd4c940b7697384c3bd726be1

SHA512
5ba93e445a29fa4baf6ba665ff1754e48f59c8904fdfa8d12c42229e24066184d0d4900a3c57b73455b5710ab75dba13dfbb89ac9cf02c263377d9c8abfd1cda

Download Submit
C:\Users\Admin\Downloads\jdk-22_windows-x64_bin.msi:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
Filesize
12.8MB

MD5
ca86f9b41a267494a2c7d129e08abeb7

SHA1
ac747f4fcbc677e45eb6d1ef7c2b4ae3186432c3

SHA256
0acd6a140615977bb8a2522894c01d9cea6e7628f115f6510452a5b21c613183

SHA512
cf28191d256f1af2fd37bbfb0f3eea3b39045c9f68f286b4db5275f6a1ec18643dc0367e4bf4822003d136747742eaa23b88488006106c260678fba3168da181

Download Submit
\??\Volume{8f05ed10-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{eb0e46af-2b89-41b0-8cbf-59c3f81db142}_OnDiskSnapshotProp
Filesize
6KB

MD5
d144f65cf0b810dd1731618c2a5ded79

SHA1
b1337063b661dda832cde9606bc29251593c662e

SHA256
83bec4eb860f8bd9d3cd7cc2ac945d115212cf55d17344fa2229fa5b611f906f

SHA512
29beca02cccdc6ad2103bdb9939a0c294abe6ed400fd0547aa0a111bbd0be82f9f1167cc88a8af0ebfab321d644feaa8500e5f74a8dfa8ca132b55cc11288499

Download Submit
memory/1036-54-0x0000023419FA0000-0x0000023419FA1000-memory.dmp

Filesize
4KB

Download
memory/2516-104-0x000000006C600000-0x000000006C615000-memory.dmp

Filesize
84KB

Download
memory/2516-132-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/2516-90-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/2516-92-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/2516-85-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/2516-86-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2516-87-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2516-98-0x00000000015D0000-0x0000000001B45000-memory.dmp

Filesize
5.5MB

Download
memory/2516-91-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/2516-93-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2516-88-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2516-95-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/2516-96-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/2516-97-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/2516-99-0x0000000000DD0000-0x0000000000DDC000-memory.dmp

Filesize
48KB

Download
memory/2516-101-0x000000006E600000-0x000000006E674000-memory.dmp

Filesize
464KB

Download
memory/2516-102-0x0000000004D60000-0x0000000004F72000-memory.dmp

Filesize
2.1MB

Download
memory/2516-103-0x0000000006160000-0x0000000006171000-memory.dmp

Filesize
68KB

Download
memory/2516-0-0x00000000015D0000-0x0000000001B45000-memory.dmp

Filesize
5.5MB

Download
memory/2516-105-0x000000006E840000-0x000000006E852000-memory.dmp

Filesize
72KB

Download
memory/2516-130-0x00000000015D0000-0x0000000001B45000-memory.dmp

Filesize
5.5MB

Download
memory/2516-89-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/2516-106-0x00000000626C0000-0x0000000062706000-memory.dmp

Filesize
280KB

Download
memory/2516-107-0x0000000061B00000-0x0000000061B10000-memory.dmp

Filesize
64KB

Download
memory/2516-108-0x0000000067740000-0x000000006779F000-memory.dmp

Filesize
380KB

Download
memory/2516-109-0x0000000066AC0000-0x0000000066AD0000-memory.dmp

Filesize
64KB

Download
memory/2516-110-0x0000000070700000-0x0000000070714000-memory.dmp

Filesize
80KB

Download
memory/2516-100-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/2516-94-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/2516-3-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2516-125-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2516-126-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/2516-5-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2516-21-0x0000000006160000-0x0000000006171000-memory.dmp

Filesize
68KB

Download
memory/2516-14-0x0000000004D60000-0x0000000004F72000-memory.dmp

Filesize
2.1MB

Download
memory/2516-6-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/2516-2-0x00000000015D0000-0x0000000001B45000-memory.dmp

Filesize
5.5MB

Download
memory/2516-4-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2516-7-0x0000000068881000-0x0000000068B29000-memory.dmp

Filesize
2.7MB

Download
memory/3172-57-0x00000238763C0000-0x00000238763C1000-memory.dmp

Filesize
4KB

Download
memory/4416-53-0x00000214058B0000-0x00000214058B1000-memory.dmp

Filesize
4KB

Download
memory/4436-70-0x0000020E4C730000-0x0000020E4C731000-memory.dmp

Filesize
4KB

Download