hxxps://www[.]9minecraft[.]net/baubles-mod/

Analysis

max time kernel
78s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2023, 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.9minecraft.net/baubles-mod/

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133326372019561167"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177513644-1903222820-241662473-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe
5612	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 468	220	chrome.exe	85
PID 220 wrote to memory of 468	220	chrome.exe	85
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 4884	220	chrome.exe	86
PID 220 wrote to memory of 412	220	chrome.exe	87
PID 220 wrote to memory of 412	220	chrome.exe	87
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88
PID 220 wrote to memory of 1040	220	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.9minecraft.net/baubles-mod/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad7069758,0x7ffad7069768,0x7ffad7069778
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2936 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5060 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4936 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5244 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5592 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6316 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6592 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6876 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7384 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7604 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Baubles-Mod-1.12.2.jar"
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 --field-trial-handle=1804,i,5563042770197842071,1316838149007345017,131072 /prefetch:8
  2⤵
  PID:5484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3356

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
94a08b3b8665dd58eed05a30b9360bd0

SHA1
9da53b612e4a1404537980256ad288cf6603ce26

SHA256
066e0af17df84385155307f9c4eaaa3c9a0260d8d41245a47781bf67952a425d

SHA512
bdb669bb98e3c3848aec39de50bf1b58bd0c59ff6c65fccfb48511d14f6ab15b65b2c9c5b229ca4e17671cb8e30cc5669f8840b3ba2ecdf3af3f4aec4935de96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5074c21e889f586250c517d1b67b9311

SHA1
43db98014233e5b1016331f36f6697707224d9e7

SHA256
67a858d85f6cbd05c3282639eb446486e80999be0c78fd5f80d959aadfd3b471

SHA512
fbcee024dc8871dd48a4620d296109e1bde3b0d7ce88e22cf02a4e6a84cf6ac471c3e0609327c7bb2b3a0081c01cb14b9ff34560451859fc0c20dc80f62b1ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
37b521187d6a299b6edb98d80da201a6

SHA1
a4fa34a8a678cc8be4d5477d30fc9041aae86c6d

SHA256
ebb80eb4252929d74264c253064eba130181b21f24c76e26932bfadac3ef902f

SHA512
2b061d5b54e6a3ea8d23736581642edfafecdc1001149d234db3fb0d8d33110b8ad8f7b6903d46da16df4a4e826174f5087c0f70daba41537e4cc8b045923eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00a59a4c9fbe4d6b604496deed4d3f88

SHA1
f0824bd9c34e9df3f87b4a563a21a470f96aa271

SHA256
498d13924703857a6fb4924354c5170b88240f83144ab3a6c742dd3ab3f962c3

SHA512
8d3b6726fdaeaf46af0c688abd80b90c2eef22fda3e3cfbb5a0af74159da653cc741d9088bdf4508f1d4f47db3a16af2e6b685c29cd1d7aee17956706bf6e851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f62e1f0e4ab871e86a5bc9a1087242e0

SHA1
1f04980575bb6903d5e93921d66e1727fd8b6fd8

SHA256
20c959cd2760c2c27154c461e3eea1a94164d7c17bfaff24e74be170af478474

SHA512
dbece2d6d8fe793c9c55cf6ea7456b1ec64137df71a684da7f9920c76ce7d55e2bfeb5c166f23557f76e6013aaeb4af27be9aaed8f5e153277725005824d1db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
08ae94b998ea203778164bb0d032ea1e

SHA1
22df44bf5743e88fa59ddfdbc822e475e19caed7

SHA256
75a6271d8179e6b45c415fa66d46bd8039e0ad224f19e31b86a34dc0d128e3ba

SHA512
8fb9ae4052859fd0ccdfa8b8408d368f68d0ec6edc79ef36a26b4d14e6e1c7a0e91d508a896216bddf09d5c3760b057a965f7234d66548d6161e377f40d8a269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c514645631966cd6e02120086f9fd8d7

SHA1
c2bd4ce456d1482a68d596f2679458082f589ab8

SHA256
46e838ee52966674c75446aebd8a8d6fbbe1ec423cce3f98948a5e0895b9ca45

SHA512
5777c2d4ce122eb0cf4898031c6a4cb933a1206c5b0e3f653bde5c839587b45f039520ab1f095b6172be96a6bbb46950c031e8e6fa97a1473cea3cc3bb459074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
1d28ddc22efb31e9c7b4a560f5224412

SHA1
79c6cb0fe09428b069be9eb76e2499c2ff880329

SHA256
67fe68a9db53e09c2f345faaf9cff7fef9e79963a203bac9eeeab0e667811634

SHA512
ba7701586cea28e121e33dbe9b38533484a82f308d5d58dba68a02c4b58b66e514adbc9e5a31085d518fc084f697628069ec8c08e160c211e183d23c1606d2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
0f5a2f5e75de2b86ee2ae3e9c5ae60a4

SHA1
4327537733f5ce2e016347ce3c64195fb7601d3d

SHA256
2a86c020db58b8064fda43d8d59e607180b2a58f47683794dc9797c462c79a2e

SHA512
b0f377f3aba1c54932bf1d4388d94472c7c40a5c3ee3e3158dca1afb4a228012ccbc6206754770bc7119e8b7f3bd4e38bc731994d08b7edf2f9230493e3c9232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d8bb7ff1-e0b7-4bb9-823a-dd7c3bb1c467.tmp

Filesize
172KB

MD5
a6102e1a77b419402fa9291ecd677ba6

SHA1
68f837e02937cc07127ffac73bd877e21bfb2f6f

SHA256
e9ee4a2c474dd7b367d5ab313d3b5db07e71284308fd90cd0308b971f380dc8c

SHA512
f1dfa8f3630e146fc00ab4d541e4bbbe40ecf2f842aee7e0305e290562aeeb40bda339ff866c26642b3790f2b6b0c0d633d550b405a10f4aac2c8ce97ea1f2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Baubles-Mod-1.12.2.jar

Filesize
105KB

MD5
944dec4ef3fbfd4d498d94a7047af201

SHA1
cb13fcfb18a9cb0cbd825fd5fe8d813c77368549

SHA256
b32010b2f2778aa1188585e7ead91ad46d4cb2c715f9c778a61848ba7fe51f8d

SHA512
cbabe9cdfa7e818b279713b7bcef4cb4b185d0e837ee66e445f52fa0200cfe116977c6cec794d18b87657f282f8089bbb6d350f66b7a33c06f0a2d3d4d4e54d1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 724279.crdownload

Filesize
105KB

MD5
944dec4ef3fbfd4d498d94a7047af201

SHA1
cb13fcfb18a9cb0cbd825fd5fe8d813c77368549

SHA256
b32010b2f2778aa1188585e7ead91ad46d4cb2c715f9c778a61848ba7fe51f8d

SHA512
cbabe9cdfa7e818b279713b7bcef4cb4b185d0e837ee66e445f52fa0200cfe116977c6cec794d18b87657f282f8089bbb6d350f66b7a33c06f0a2d3d4d4e54d1

Download Submit
memory/4560-475-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/5612-496-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-498-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-497-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-507-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-508-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-509-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-510-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-511-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-512-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download
memory/5612-513-0x000001DBAC6A0000-0x000001DBAC6A1000-memory.dmp

Filesize
4KB

Download