122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Resubmissions

03-02-2023 00:32

230203-av1mzace7x 4

03-02-2023 00:30

02-02-2023 23:07

02-02-2023 20:25

28-01-2023 03:21

28-01-2023 03:18

18-01-2023 00:00

Analysis

max time kernel
94s
max time network
91s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-02-2023 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LauncherFenix-Minecraft-v7.exe
Size

397KB
MD5

d99bb55b57712065bc88be297c1da38c
SHA1

fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512

3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
SSDEEP

3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.htm	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.shtml	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\open\command	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.html\ = "ChromeHTML"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.xhtml	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\open	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\open\ddeexec\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\DefaultIcon\ = "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\ = "open"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.html	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.xhtml\ = "ChromeHTML"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\DefaultIcon\ = "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\DefaultIcon	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open\ddeexec	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\ = "open"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\open\ddeexec\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\ = "open"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\URL Protocol	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.htm\ = "ChromeHTML"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.xht\ = "ChromeHTML"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\URL Protocol	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\open\command\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --single-argument %1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\URL Protocol	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\open\command	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\open\ddeexec	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\DefaultIcon	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open\command	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open\ddeexec\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\open\command\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --single-argument %1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.shtml\ = "ChromeHTML"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.xht	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\DefaultIcon	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\open	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\open\ddeexec	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\DefaultIcon\ = "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open\command\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --single-argument %1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1912	chrome.exe
796	chrome.exe
796	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe
796	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1256	javaw.exe
1256	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1256	1952	LauncherFenix-Minecraft-v7.exe	28
PID 1952 wrote to memory of 1256	1952	LauncherFenix-Minecraft-v7.exe	28
PID 1952 wrote to memory of 1256	1952	LauncherFenix-Minecraft-v7.exe	28
PID 1952 wrote to memory of 1256	1952	LauncherFenix-Minecraft-v7.exe	28
PID 796 wrote to memory of 1756	796	chrome.exe	30
PID 796 wrote to memory of 1756	796	chrome.exe	30
PID 796 wrote to memory of 1756	796	chrome.exe	30
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1948	796	chrome.exe	31
PID 796 wrote to memory of 1912	796	chrome.exe	32
PID 796 wrote to memory of 1912	796	chrome.exe	32
PID 796 wrote to memory of 1912	796	chrome.exe	32
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33
PID 796 wrote to memory of 1768	796	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e54f50,0x7fef6e54f60,0x7fef6e54f70
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1040 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3392 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1036,2291127444461519915,5602462008253410908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e54f50,0x7fef6e54f60,0x7fef6e54f70
  2⤵
  PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6af6ce211c2ab59fccfacb95b2a2ac48

SHA1
1d384947dcac567774034a8c0354fe10f1eb3b31

SHA256
db6b2effffc703723197d276bbe9dce9a6ad16b47cc12d61f7bfea0be88a7bd4

SHA512
8c4e58c9140e41dc243b9d168163da939691e6bdff1b8963f4dd04f0a73f38e0eedb285eca230a1cf24f547bda648a3b30ff2843b10138b95fba35dd7bb162ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6af6ce211c2ab59fccfacb95b2a2ac48

SHA1
1d384947dcac567774034a8c0354fe10f1eb3b31

SHA256
db6b2effffc703723197d276bbe9dce9a6ad16b47cc12d61f7bfea0be88a7bd4

SHA512
8c4e58c9140e41dc243b9d168163da939691e6bdff1b8963f4dd04f0a73f38e0eedb285eca230a1cf24f547bda648a3b30ff2843b10138b95fba35dd7bb162ec

Download Submit
memory/1256-74-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/1256-77-0x0000000002200000-0x0000000005200000-memory.dmp

Filesize
48.0MB

Download
memory/1256-71-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/1256-72-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/1256-73-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/1256-75-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/1256-70-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/1256-78-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/1256-79-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/1256-80-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/1256-81-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/1256-82-0x0000000001F30000-0x0000000001F3A000-memory.dmp

Filesize
40KB

Download
memory/1256-68-0x0000000002200000-0x0000000005200000-memory.dmp

Filesize
48.0MB

Download
memory/1256-56-0x000007FEFB971000-0x000007FEFB973000-memory.dmp

Filesize
8KB

Download
memory/1952-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download