Analysis Overview
SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
Threat Level: Known bad
The file LauncherFenix-Minecraft-v7.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
Drops file in Program Files directory
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-01-08 23:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-01-08 23:29
Reported
2023-01-08 23:32
Platform
win10v2004-20221111-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240629562.tmp\jre-8u351-windows-x64.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230109003027.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\bbdd81b6-5e00-4da4-8692-d3e4da1b7529.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2971393436-602173351-1645505021-1000\{1551D0F0-4788-4D09-A317-5C6A45DCF826} | C:\Windows\system32\svchost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 569845.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240629562.tmp\jre-8u351-windows-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds240629562.tmp\jre-8u351-windows-x64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7fff1e7246f8,0x7fff1e724708,0x7fff1e724718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x1c4,0x224,0x228,0x200,0x22c,0x7ff767b15460,0x7ff767b15470,0x7ff767b15480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5056 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x424
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8191977050194005299,976691234869878043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:8
C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe"
C:\Users\Admin\AppData\Local\Temp\jds240629562.tmp\jre-8u351-windows-x64.exe
"C:\Users\Admin\AppData\Local\Temp\jds240629562.tmp\jre-8u351-windows-x64.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | www.dropbox.com | udp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 162.125.8.18:443 | www.dropbox.com | tcp |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| N/A | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | ntp.msn.com | udp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 204.79.197.200:443 | www.bing.com | tcp |
| N/A | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | assets.msn.com | udp |
| N/A | 95.101.74.139:443 | assets.msn.com | tcp |
| N/A | 95.101.74.139:443 | assets.msn.com | tcp |
| N/A | 95.101.74.139:443 | assets.msn.com | tcp |
| N/A | 95.101.74.139:443 | assets.msn.com | tcp |
| N/A | 95.101.74.139:443 | assets.msn.com | tcp |
| N/A | 8.8.8.8:53 | c.msn.com | udp |
| N/A | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| N/A | 95.101.74.204:443 | img-s-msn-com.akamaized.net | tcp |
| N/A | 8.8.8.8:53 | c.bing.com | udp |
| N/A | 20.234.93.27:443 | c.msn.com | tcp |
| N/A | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 13.32.99.105:443 | sb.scorecardresearch.com | tcp |
| N/A | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| N/A | 40.79.189.59:443 | browser.events.data.msn.com | tcp |
| N/A | 40.79.189.59:443 | browser.events.data.msn.com | tcp |
| N/A | 8.8.8.8:53 | edge.microsoft.com | udp |
| N/A | 204.79.197.239:443 | edge.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | srtb.msn.com | udp |
| N/A | 20.42.65.89:443 | tcp | |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 204.79.197.239:443 | edge.microsoft.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 204.79.197.219:443 | tcp | |
| N/A | 151.101.1.44:443 | images.archive-digger.com | tcp |
| N/A | 204.79.197.200:443 | c.bing.com | tcp |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 104.18.27.85:443 | privacyportal.onetrust.com | tcp |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.118.138.128:443 | tcp | |
| N/A | 72.21.81.240:80 | tcp | |
| N/A | 72.21.81.240:80 | tcp | |
| N/A | 72.21.81.240:80 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 95.101.74.210:443 | aefd.nelreports.net | tcp |
| N/A | 13.107.237.67:443 | tcp | |
| N/A | 20.189.173.12:443 | tcp | |
| N/A | 20.120.124.64:443 | tcp | |
| N/A | 20.189.173.12:443 | tcp | |
| N/A | 20.189.173.12:443 | tcp | |
| N/A | 40.126.32.140:443 | tcp | |
| N/A | 95.101.74.137:443 | www.java.com | tcp |
| N/A | 95.101.74.137:443 | tcp | |
| N/A | 104.73.145.144:443 | c.oracleinfinity.io | tcp |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 104.73.130.18:443 | tcp | |
| N/A | 104.73.146.31:443 | static.ocecdn.oraclecloud.com | tcp |
| N/A | 23.222.18.199:443 | tcp | |
| N/A | 95.101.74.207:443 | img-s-msn-com.akamaized.net | tcp |
| N/A | 104.73.130.18:443 | tcp | |
| N/A | 104.73.130.18:443 | www.oracle.com | tcp |
| N/A | 104.73.145.144:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 18.66.122.78:443 | consent.trustarc.com | tcp |
| N/A | 18.66.122.78:443 | consent.trustarc.com | tcp |
| N/A | 15.236.117.205:443 | oracle.112.2o7.net | tcp |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 147.154.233.124:443 | tcp | |
| N/A | 72.21.81.240:80 | tcp | |
| N/A | 104.73.148.114:443 | tcp | |
| N/A | 104.73.148.114:443 | tcp | |
| N/A | 2.20.8.83:443 | sdlc-esd.oracle.com | tcp |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| N/A | 23.65.205.24:443 | javadl-esd-secure.oracle.com | tcp |
Files
memory/1144-132-0x0000000000000000-mapping.dmp
memory/1144-142-0x00000000025A0000-0x00000000035A0000-memory.dmp
memory/1144-154-0x00000000025A0000-0x00000000035A0000-memory.dmp
memory/1144-161-0x00000000025A0000-0x00000000035A0000-memory.dmp
memory/1144-163-0x00000000025A0000-0x00000000035A0000-memory.dmp
memory/2572-164-0x0000000000000000-mapping.dmp
memory/4836-166-0x0000000000000000-mapping.dmp
memory/4044-167-0x0000000000000000-mapping.dmp
\??\pipe\LOCAL\crashpad_2264_RZWQFZLESESSZUDM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2444-170-0x0000000000000000-mapping.dmp
memory/2928-172-0x0000000000000000-mapping.dmp
memory/2156-174-0x0000000000000000-mapping.dmp
memory/1948-176-0x0000000000000000-mapping.dmp
memory/4628-178-0x0000000000000000-mapping.dmp
memory/4604-180-0x0000000000000000-mapping.dmp
memory/3704-181-0x0000000000000000-mapping.dmp
memory/4160-182-0x0000000000000000-mapping.dmp
memory/2676-183-0x0000000000000000-mapping.dmp
memory/2240-185-0x0000000000000000-mapping.dmp
memory/4604-187-0x0000000000000000-mapping.dmp
memory/3620-189-0x0000000000000000-mapping.dmp
memory/228-191-0x0000000000000000-mapping.dmp
memory/3064-193-0x0000000000000000-mapping.dmp
memory/1012-195-0x0000000000000000-mapping.dmp
memory/2156-197-0x0000000000000000-mapping.dmp
memory/5236-199-0x0000000000000000-mapping.dmp
memory/5256-201-0x0000000000000000-mapping.dmp
memory/5384-203-0x0000000000000000-mapping.dmp
memory/5492-205-0x0000000000000000-mapping.dmp
memory/5564-207-0x0000000000000000-mapping.dmp
memory/5580-209-0x0000000000000000-mapping.dmp
memory/5684-211-0x0000000000000000-mapping.dmp
memory/5760-212-0x0000000000000000-mapping.dmp
memory/5832-213-0x0000000000000000-mapping.dmp
C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
C:\Users\Admin\Downloads\jre-8u351-windows-x64.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
memory/5864-216-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\jds240629562.tmp\jre-8u351-windows-x64.exe
| MD5 | dfcfc788d67437530a50177164db42b0 |
| SHA1 | 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f |
| SHA256 | a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1 |
| SHA512 | dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3 |
C:\Users\Admin\AppData\Local\Temp\jds240629562.tmp\jre-8u351-windows-x64.exe
| MD5 | dfcfc788d67437530a50177164db42b0 |
| SHA1 | 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f |
| SHA256 | a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1 |
| SHA512 | dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | a189e9453567d4ad471755d1cad1818a |
| SHA1 | bd624ac1e3cd3dbd810647af474e7e08863e8238 |
| SHA256 | 71a1e4e1b1cec10b1cd2d726f03b86a2b8fe540eaba9ad00ffaf5d63eb598f58 |
| SHA512 | 1c47fdef980d470624cacf1b267d92a0747e3c82958c94f7eb141a3ec968821d4dd4c6fb68977c4e2b1debffd646912412053cd6ef3823d8fce60f27eab126e2 |