Malware Analysis Report

2025-01-02 11:59

Sample ID 221229-th25tagf71
Target LauncherFenix-Minecraft-v7.exe
SHA256 122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
Tags
bazarbackdoor backdoor
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Threat Level: Known bad

The file LauncherFenix-Minecraft-v7.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor

BazarBackdoor

Bazar/Team9 Backdoor payload

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-12-29 16:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-12-29 16:04

Reported

2022-12-29 16:07

Platform

win7-20220812-es

Max time kernel

94s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds7150025.tmp\jre-8u351-windows-x64.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre7\bin\javaw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1844 wrote to memory of 276 N/A C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 1844 wrote to memory of 276 N/A C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 1844 wrote to memory of 276 N/A C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 1844 wrote to memory of 276 N/A C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe C:\Program Files\Java\jre7\bin\javaw.exe
PID 988 wrote to memory of 544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 988 wrote to memory of 1040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe

"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

C:\Program Files\Java\jre7\bin\javaw.exe

"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6454f50,0x7fef6454f60,0x7fef6454f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1428 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1780 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3340 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3420 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3776 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3960 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4004 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4480 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=540 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5204 /prefetch:8

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\jds7150025.tmp\jre-8u351-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds7150025.tmp\jre-8u351-windows-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10046585982713203112,13163928770381412511,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 8CF5CF34B71B5186991C91275CF84E38

C:\Program Files\Java\jre1.8.0_351\installer.exe

"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 www.dropbox.com udp
N/A 162.125.8.18:443 www.dropbox.com tcp
N/A 162.125.8.18:443 www.dropbox.com tcp
N/A 162.125.8.18:443 www.dropbox.com tcp
N/A 8.8.8.8:53 files.launcherfenix.com.ar udp
N/A 172.67.153.84:443 files.launcherfenix.com.ar tcp
N/A 8.8.8.8:53 launchermeta.mojang.com udp
N/A 8.8.8.8:53 clients2.google.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 172.217.168.237:443 accounts.google.com tcp
N/A 142.250.179.174:443 clients2.google.com tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 13.107.237.67:443 launchermeta.mojang.com tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.8.8:53 profile.launcherfenix.com.ar udp
N/A 104.21.72.175:80 profile.launcherfenix.com.ar tcp
N/A 8.8.8.8:53 iniciolauncherfx.tumblr.com udp
N/A 74.114.154.22:80 iniciolauncherfx.tumblr.com tcp
N/A 74.114.154.22:443 iniciolauncherfx.tumblr.com tcp
N/A 8.8.8.8:53 assets.tumblr.com udp
N/A 8.8.8.8:53 px.srvcs.tumblr.com udp
N/A 192.0.77.40:443 px.srvcs.tumblr.com tcp
N/A 192.0.77.40:443 px.srvcs.tumblr.com tcp
N/A 192.0.77.40:443 px.srvcs.tumblr.com tcp
N/A 192.0.77.40:443 px.srvcs.tumblr.com tcp
N/A 8.8.4.4:443 dns.google udp
N/A 34.104.35.123:80 tcp
N/A 8.8.8.8:53 static.tumblr.com udp
N/A 192.0.77.40:443 static.tumblr.com tcp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 142.250.179.131:443 ssl.gstatic.com tcp
N/A 142.250.179.142:443 apis.google.com tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 tcp
N/A 142.251.39.110:443 udp
N/A 84.53.185.139:80 tcp
N/A 84.53.185.139:80 java.com tcp
N/A 84.53.185.179:80 www.java.com tcp
N/A 84.53.185.179:443 www.java.com tcp
N/A 138.1.45.89:443 tcp
N/A 95.101.125.213:443 www.oracle.com tcp
N/A 69.192.64.212:443 c.oracleinfinity.io tcp
N/A 69.192.66.17:443 static.ocecdn.oraclecloud.com tcp
N/A 23.222.18.199:443 tcp
N/A 95.101.125.213:443 www.oracle.com tcp
N/A 99.86.4.35:443 consent.trustarc.com tcp
N/A 69.192.64.212:443 c.oracleinfinity.io tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 15.188.95.229:443 oracle.112.2o7.net tcp
N/A 99.86.4.35:443 consent.trustarc.com tcp
N/A 95.101.58.226:443 tcp
N/A 138.1.45.89:443 tcp
N/A 23.72.252.176:443 tcp
N/A 23.72.252.153:443 tcp
N/A 23.72.252.160:443 tcp
N/A 23.72.252.176:443 tcp
N/A 138.1.45.89:443 tcp
N/A 138.1.45.89:443 tcp
N/A 69.192.71.29:443 tcp
N/A 69.192.71.29:443 tcp
N/A 104.85.4.85:443 sdlc-esd.oracle.com tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.4.4:443 dns.google udp
N/A 142.251.36.14:443 sb-ssl.google.com tcp
N/A 8.8.8.8:443 dns.google udp
N/A 8.8.8.8:53 javadl-esd-secure.oracle.com udp
N/A 23.222.50.60:443 javadl-esd-secure.oracle.com tcp
N/A 8.8.8.8:53 rps-svcs.oracle.com udp
N/A 23.222.50.60:443 rps-svcs.oracle.com tcp
N/A 8.8.8.8:53 javadl.oracle.com udp
N/A 69.192.71.29:443 javadl.oracle.com tcp
N/A 8.8.8.8:53 sdlc-esd.oracle.com udp
N/A 104.85.4.85:443 sdlc-esd.oracle.com tcp
N/A 8.8.4.4:443 dns.google udp
N/A 151.101.66.219:80 speedtest.net tcp
N/A 151.101.66.219:80 tcp
N/A 142.250.179.131:443 tcp
N/A 104.16.210.12:443 tcp
N/A 151.101.2.219:443 tcp
N/A 151.101.2.219:443 tcp
N/A 151.101.2.219:443 tcp
N/A 151.101.2.219:443 tcp
N/A 104.110.240.177:443 tcp
N/A 104.16.148.64:443 tcp
N/A 104.18.26.85:443 tcp
N/A 104.18.0.236:443 tcp
N/A 151.101.2.219:443 tcp
N/A 172.67.70.134:443 tcp
N/A 92.123.124.238:443 tcp
N/A 8.8.8.8:53 www.microsoft.com udp
N/A 151.101.2.219:443 tcp
N/A 151.101.2.219:443 tcp
N/A 104.16.148.64:443 tcp
N/A 172.217.168.226:443 tcp
N/A 104.26.2.70:443 tcp
N/A 104.26.2.70:443 tcp
N/A 104.110.240.177:443 tcp
N/A 142.250.179.130:443 tcp
N/A 142.250.179.130:443 tcp
N/A 130.211.23.194:443 tcp
N/A 130.211.23.194:443 tcp
N/A 52.73.108.170:443 tcp

Files

memory/1844-54-0x0000000075781000-0x0000000075783000-memory.dmp

memory/276-55-0x0000000000000000-mapping.dmp

memory/276-56-0x000007FEFB721000-0x000007FEFB723000-memory.dmp

memory/276-68-0x00000000021E0000-0x00000000051E0000-memory.dmp

memory/276-69-0x0000000000270000-0x000000000027A000-memory.dmp

memory/276-70-0x0000000000270000-0x000000000027A000-memory.dmp

\??\pipe\crashpad_988_ARNICUGPFVNHQWUS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/276-72-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

memory/276-73-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

memory/276-74-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

memory/276-76-0x00000000021E0000-0x00000000051E0000-memory.dmp

memory/276-77-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

memory/276-78-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

memory/276-79-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

memory/276-80-0x0000000001FB0000-0x0000000001FBA000-memory.dmp

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

memory/2596-86-0x0000000000000000-mapping.dmp

C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\Downloads\jre-8u351-windows-x64.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\AppData\Local\Temp\jds7150025.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

memory/1644-89-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\jds7150025.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

\Users\Admin\AppData\Local\Temp\jds7150025.tmp\jre-8u351-windows-x64.exe

MD5 dfcfc788d67437530a50177164db42b0
SHA1 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f
SHA256 a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1
SHA512 dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08d55ee549378e3018f0eeb6dd788e96
SHA1 1f82cd8f5eee3ca59583d324573f9b007cd3e0c9
SHA256 8481b5982a2bdd1ae9f9c35337bb2dc799620490a6cabe6a819094841153e86c
SHA512 d3f696a2be1e883f32c1313a2b5b51d10d443ba2cbd420ad86ed63ec70c7b69bd2448e78a1a013f7491d4159ee60f943a8cf7e333fc9ce8e54f9b6fba5c1e9ed

memory/1328-95-0x0000000000000000-mapping.dmp

C:\Windows\Installer\MSIEC16.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 941c75e47b6289cdbc651a80aa4cbd79
SHA1 baa35c1d1a727c07fe6cf77cea694453cc4e4486
SHA256 c7504f73a8a4f4ed078ef3902a58495e3416cf81bfcb897f7e05059cfc3a1c63
SHA512 69e002d5cdfa1a902f3aeab5b6ef7fd964c6ce34b9c7e60e213bebc65e27e62cb923b4de401fa5b280d294341e40c5ebc6c2a407570e73c2f9ce4e25a764f110

\Windows\Installer\MSIEC16.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIF442.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSIF442.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

C:\Windows\Installer\MSIFBD2.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

\Windows\Installer\MSIFBD2.tmp

MD5 62cfeb86f117ad91b8bb52f1dda6f473
SHA1 c753b488938b3e08f7f47df209359c7b78764448
SHA256 f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e
SHA512 c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

memory/2528-105-0x0000000000000000-mapping.dmp

\Program Files\Java\jre1.8.0_351\installer.exe

MD5 0b074b3d99879ad73165417c9b1fd80d
SHA1 6d6c46364bd4686a895fb8e7edd19f99d952b97b
SHA256 3fa878d8ee7ff581ebec38e7559920ea05a226f0b17d979c2d9105f6f1da83ab
SHA512 cca9ae8602283f3e0e61f8c7b542c7549fad220d31d93a58bd1f8a8b492d4b709381ad7ddbc5485e37d1287a167c734e26a5b862524623004526d23ae605cd92

C:\Program Files\Java\jre1.8.0_351\installer.exe

MD5 ac117c21fdf6128efe5801939c39c879
SHA1 36e47e3395a84081a980a9c54e5572588049737f
SHA256 34a09ce273423872b3449edbaf5e1d923ddc75e3ca4d6ca1a0011d3a0d8a605c
SHA512 409af8194e89ae96a948306ce676ad6ad5db9960561273badecfb988f3afa0e2e487d9fa03705d4c77f2d441cb4edbac1b2d5fa899f96053e6f76eec8d131868

C:\Windows\Installer\6dcd72.msi

MD5 c42c18bae027f2b41314280639983e93
SHA1 8176906c69780a70cfa8cbd371c4fcaeb796f976
SHA256 8f8c3fc858fb70839f001334035754dd4a118a0ab80a8be0723f14573e0bb787
SHA512 004626749fa129c3ad16395c353387ac00c6b1ec23526c084bdfb25de9554525ccb69422834a0036e6f654b5e63cb6fad90c694fd8e8769d43f5147dd135cb31

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4a47b7c0905b634a2ebbb8b56dd2aab9
SHA1 1665650990086868dfdec005135c84167e79a15b
SHA256 a61868076916f38173e12dbd13394bcbd7b196027facd1af2eaad11276d9cd8b
SHA512 e1d80d22358d3a8572036cb2aaa76a252a31101975d7b36341136ade9ad17be383778f7211ee3e8b3111fce0297aefd1b0317e9b0df3e70a2a1261f4347570fb

Analysis: behavioral2

Detonation Overview

Submitted

2022-12-29 16:04

Reported

2022-12-29 16:07

Platform

win10v2004-20220812-es

Max time kernel

108s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

Signatures

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2295526160-1155304984-640977766-1000\{94F0892C-2831-434C-A5F1-A933FC8E60E4} C:\Windows\system32\svchost.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe

"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

Network

Country Destination Domain Proto
N/A 93.184.220.29:80 tcp
N/A 8.8.8.8:53 www.dropbox.com udp
N/A 162.125.8.18:443 www.dropbox.com tcp
N/A 209.197.3.8:80 tcp
N/A 20.189.173.1:443 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp

Files

memory/1080-132-0x0000000000000000-mapping.dmp

memory/1080-142-0x0000000002E00000-0x0000000003E00000-memory.dmp

memory/1080-153-0x0000000002E00000-0x0000000003E00000-memory.dmp

memory/1080-159-0x0000000002E00000-0x0000000003E00000-memory.dmp

memory/1080-160-0x0000000002E00000-0x0000000003E00000-memory.dmp

memory/1080-161-0x0000000002E00000-0x0000000003E00000-memory.dmp