hxxps://bitbucket[.]org/ltbase/files/downloads/MinecraftInstaller[.]exe

Analysis

max time kernel
210s
max time network
225s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bitbucket.org/ltbase/files/downloads/MinecraftInstaller.exe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
412	MinecraftInstaller.exe
2404	GmingRepair.exe
5860	LauncherFenix-Minecraft-v7.exe
5384	LauncherFenix-Minecraft-v7.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{285E6ADE-A89C-4153-90ED-A9DC812D3BDF}.checkpoint	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{285E6ADE-A89C-4153-90ED-A9DC812D3BDF}.checkpoint	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{535E3D3B-5F51-485A-A2B2-7F18F64C77B2}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{7D6972DC-B7D1-497E-98F7-656678F121E7}.catalogItem	svchost.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\MinecraftInstaller.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3020	firefox.exe
Token: SeDebugPrivilege	3020	firefox.exe
Token: SeDebugPrivilege	412	MinecraftInstaller.exe
Token: SeDebugPrivilege	3020	firefox.exe
Token: SeDebugPrivilege	3020	firefox.exe
Token: SeDebugPrivilege	3020	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
2524	javaw.exe
3020	firefox.exe
3020	firefox.exe
3020	firefox.exe
2524	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 2284 wrote to memory of 3020	2284	firefox.exe	81
PID 3020 wrote to memory of 4316	3020	firefox.exe	82
PID 3020 wrote to memory of 4316	3020	firefox.exe	82
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 3744	3020	firefox.exe	83
PID 3020 wrote to memory of 912	3020	firefox.exe	84
PID 3020 wrote to memory of 912	3020	firefox.exe	84
PID 3020 wrote to memory of 912	3020	firefox.exe	84

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://bitbucket.org/ltbase/files/downloads/MinecraftInstaller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://bitbucket.org/ltbase/files/downloads/MinecraftInstaller.exe
  2⤵
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.0.192259517\1698601533" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a745747-c731-412b-823f-cdcc1937d9a8} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 1976 27e10fb4858 gpu
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.1.1976109564\1684848861" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dfbcb58-d344-439d-8b58-c4fc6ea6e490} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2400 27e10f03258 socket
    3⤵
    PID:3744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.2.231958477\1710413380" -childID 1 -isForBrowser -prefsHandle 3256 -prefMapHandle 3236 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e9ec944-7bac-4330-88a0-78c594d6a7c8} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3264 27e10f5c058 tab
    3⤵
    PID:912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.3.1598494084\1498846931" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5387a25-7c0d-4e8e-8433-3c6cc8a1d2ee} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3644 27e7b262b58 tab
    3⤵
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.6.1398053127\863957199" -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd0beb9e-9d4d-4dd8-8f78-55a1727a370a} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 5112 27e176b8b58 tab
    3⤵
    PID:4320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.5.811758489\1518252713" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85d54639-2315-4fb1-bb7b-adc08c9b8f9f} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 4920 27e176b9d58 tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.4.1714826128\1587452117" -childID 3 -isForBrowser -prefsHandle 4784 -prefMapHandle 4636 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48e12a91-bb34-452c-aa04-8c5efa845d81} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 4788 27e7b230d58 tab
    3⤵
    PID:4048
- - C:\Users\Admin\Downloads\MinecraftInstaller.exe
    "C:\Users\Admin\Downloads\MinecraftInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:412
  - - C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe
      "C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe" scenarioMinecraft
      4⤵
      Executes dropped EXE
      PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.7.1404437171\859117124" -childID 6 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 27136 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15dcd998-c542-4335-a22f-de31daf6fd4a} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 4108 27e14f48e58 tab
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.8.1954233103\939997278" -childID 7 -isForBrowser -prefsHandle 6236 -prefMapHandle 6100 -prefsLen 27136 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61806e25-f989-4d4c-b3eb-be6aef4619f8} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 6660 27e161d8e58 tab
    3⤵
    PID:5624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.9.2046982054\1189974071" -parentBuildID 20221007134813 -prefsHandle 6984 -prefMapHandle 6980 -prefsLen 27136 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f02dc55d-b85f-43f0-9b4b-2fd4a13cbf2e} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 6996 27e1a263558 rdd
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.10.62330733\1287906757" -childID 8 -isForBrowser -prefsHandle 7128 -prefMapHandle 7124 -prefsLen 27136 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9b5bfab-c1b4-411c-bc80-0101c8191088} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 7140 27e1a3c3158 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.12.363023126\1943243426" -childID 10 -isForBrowser -prefsHandle 5284 -prefMapHandle 5268 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f22b239-75e6-41fb-9cc9-f9726d8cc9e7} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 5100 27e19dc6b58 tab
    3⤵
    PID:5820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.11.2122646320\480252578" -childID 9 -isForBrowser -prefsHandle 7344 -prefMapHandle 6136 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7051986-3d20-4a42-93be-c350fe94d6c5} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 7312 27e19dc3e58 tab
    3⤵
    PID:3884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.13.296292446\1213160854" -childID 11 -isForBrowser -prefsHandle 7468 -prefMapHandle 7460 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55bdea66-daae-454e-9b1d-fc3f346de6ed} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 6892 27e19d38c58 tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.14.664581779\1379512755" -childID 12 -isForBrowser -prefsHandle 5332 -prefMapHandle 5092 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebba1d26-7006-4d0f-bfc5-2ba3c0428f28} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 7600 27e19e8fb58 tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.17.758000596\239162491" -childID 15 -isForBrowser -prefsHandle 8392 -prefMapHandle 8388 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a076bf-e8ed-4059-ad2b-90de1c422b66} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 8400 27e1aa81858 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.16.832270576\903449029" -childID 14 -isForBrowser -prefsHandle 7444 -prefMapHandle 7164 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e79b447-af94-4218-8edf-261bc9731009} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 7276 27e1aa7f458 tab
    3⤵
    PID:4120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.15.1080348328\462807119" -childID 13 -isForBrowser -prefsHandle 6676 -prefMapHandle 6672 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86f29c30-6e87-4526-91aa-8fddda67ff05} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 6764 27e1aa80c58 tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.18.1334887937\2124438486" -childID 16 -isForBrowser -prefsHandle 6728 -prefMapHandle 6756 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60444c33-5c90-42a1-9556-0b6e2cbc1f82} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 7496 27e19dc8d58 tab
    3⤵
    PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.19.2020449445\1283603174" -childID 17 -isForBrowser -prefsHandle 7344 -prefMapHandle 5448 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f274eefb-901f-453d-a27b-cfeaf71847fd} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 5232 27e19d70658 tab
    3⤵
    PID:5752
- - C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe
    "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
    3⤵
    - Executes dropped EXE
    PID:5860
  - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
      4⤵
      Drops file in Program Files directory
      Suspicious use of SetWindowsHookEx
      PID:2524
- - C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe
    "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
    3⤵
    - Executes dropped EXE
    PID:5384
  - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe"
      4⤵
      PID:4136

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4784

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
ebc10e8752362559fbbf535a3bec2e3e

SHA1
bf8bb64139db334f60331989f66bbf7790023c25

SHA256
5bda81eb0c9d24c18052b7ad5435b01827d8db5cfa5604785cc2e74c34b6a1c5

SHA512
4f5d9a654c6a3786290d9936a3ea9b1cc3bc2d280afd9cae1716382e0b8eb26002757014b7784f9a5bda0349ea45c280a4485f44436630148bd2ae014193fb67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
c5a149488da17901d99408dd4f83e28f

SHA1
80323b922e74f08eb3a95f724435874e9c78c2e1

SHA256
3a187d0c6a8a967d788a1fe85868532fce928513c583cb90c1fe11c74f41a713

SHA512
5650cdb59d4c376019ed7a2056cac64d6e11e86fb484a531c7a3e9dc830f4c09bcd8854cf1343670c1d7a21a66284cc900f9b44e099fd0827aac2b99fb73b6ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\10145

Filesize
15KB

MD5
0184e197050b8264affd5c70626c2fc1

SHA1
97c5dd11f97aa97dbb4dfff57d0cb0bf6c88f83d

SHA256
3747ad9d0e5c447d76fc1611fe56b894e0074a9ab037f7c400fa025aed822053

SHA512
630e43b8e06f3ef8dd00de79d44075241597cd84c2e74560712d967b2e5827a0aff0e264e999f3099a8cae1e25d90f17b6bb4bd7e8820e565d34e1205a89b4b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\10956

Filesize
9KB

MD5
62005a7ac7e97485f1adab3ed1333786

SHA1
b3ee4cb8b067b5db2804b1d5330e3538f9f06631

SHA256
bacdda127ac4eabf0d25fcdc2a07fed103969f8c9a8e56a783284187a45c1a58

SHA512
4314f9af293178f9b2aadce6eb9ed502333fabb532ba5672e5740d2c47864c60de94d0b42dcc857a4eb0c1ba36ef9ff89d3bdf5a49a264de7692a1ace4870b69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\16459

Filesize
20KB

MD5
162a0c6d6ba9f82c2974578df26fd940

SHA1
92e7fc448cad855088b0b58811e12e1b08917253

SHA256
6a43cc35d5ed7b3666096a54be069b83f4a4b0a5cc954472069a1124a11ffc2c

SHA512
fd2e3baae419112c7948180b4156996c86e3d3a0e5790fa4128643466a54fbfc9de05a1dcf3c4166b7bbe63749e2888bb562c977d243331b7e66ac6f159aeb0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\1654

Filesize
15KB

MD5
f32cd2a42931f0c01bf0d861701efd65

SHA1
76400b54832713b4ca476a169ae9dfd21f42e774

SHA256
612301582ff12a60654c11886de805c72d887e5ee96512dbe34846e584b89824

SHA512
8e6c28f1386a6edfa7f8ca93d8e587d8cc7cba81f51950df30f25b4dc122b4a62585caac382e34092231962179a754e74cf4c7428d075c96272b9ea0b5ebdac8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\18808

Filesize
15KB

MD5
66d6371ace2a036b2fa0909e91493c83

SHA1
b80b18b138bb9b7c30b45556ace1c414126f975a

SHA256
94a6478e5ffa1cdef10e83711283dc298e5ab54db93442a880cae8e9f1f942b8

SHA512
fa73e21af5d0452e7eb00f9cbe86ec7119efd5d86a9e3fb7bf39d53d2f29e03cd62889c10b656dd39c54afcbf59bef5b2c15995326bf84059ef8f0b8cc689767

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\22558

Filesize
14KB

MD5
6cea8168998586a1777b650d04baef97

SHA1
8c1c05b68e8ff9ac60c598a2cdd33fc8436d9dca

SHA256
f4fba541fed3992ebec8b3d879e8e92da9cb3ea24a401436058543829e80ec9f

SHA512
b2cc5823ebd3d0eb387e16c8eb634e5b7e71b7fc4cd18c66dff5eac3e0c0587a5c960a109b650027719219b114ad51f893b5e46e54bd0ad6eefedb6dfeddfe54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\24206

Filesize
20KB

MD5
b16cd146094829ef583a745ba79ae3a4

SHA1
84941b771e707a2edadaeb2d20a91a051a512501

SHA256
62d0c1ac455574e39c30103fe2eca9621d3551bea37adea9d8d3eea077a3d8c2

SHA512
177ceb7fe8936c8f71c421b94cc9b7dd93cda8fa3af6497dbdb0f7951700faf8bc0151e51e58640fad94a7166b41c5485cbbb93d59b423a4bfff02736daf18b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\27226

Filesize
8KB

MD5
d1a0526f82b7936945d0b28e4d889d1c

SHA1
3609284430fa5450ce72544f7dfdb179d417f1a9

SHA256
e8b3f023015569132630716d6983893c65e59e0eba393dbb0c45d8a239e773c6

SHA512
cd3621334f9c0569e644fb439189dcc07ede4298468f61909b5f5ba57f9f104468db41d8776fa9065f4f90f90a368c8447343c1a86d198f40a4e9ce355e4a0ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\28145

Filesize
8KB

MD5
0543f7da5161c2f21190180cac01c62e

SHA1
f187c90df64da2970d60d47cccb3c2ff44a45267

SHA256
ec96da49879d6d4b2045d2cc31288f848a0bf01afbf3f5431afecd1351d57328

SHA512
4560c0b618f4aab93737966b08efe9a245904618b5d969fb6ee8c2d8b23616f67f789928cf7417b4233424411738df1a149f79d6f6058fc896126f985798fbbe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\28528

Filesize
9KB

MD5
a6662944f2c9fb46b10e0c4d2d3ff30a

SHA1
5b7c25bb5d2b12c351ea061e36773e0309fe771c

SHA256
5593606b858bec24eb9219c9b3f741edc8cd5fd6ccc6e978732a45901e504360

SHA512
0fc4f17a384572b2fca48175afe74c33c7bc72270e191f7e0d9ea077e64f8716dafa724ebcbb73c2d9899468905370090c3a5a97b2e00481c6a5a46e1eb13957

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\301

Filesize
9KB

MD5
50f6bc89261a8a905fee08ece301b9e3

SHA1
16930767e29f4bd5579daac9492df8e844aa7005

SHA256
03321bafcc4b6deb8d185d709740f022e782d34a435806b01f041ca60954f1b5

SHA512
c0cf8d09c1ab383aefd777d60ce56e9bfe328b7fd74b4fae51490bb64055dce64be23c4501b4fd1b6c5d3145a5b38bc0cb9fe31bfd8976d4afc6a7957452ed6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\6622

Filesize
20KB

MD5
1c37449da8c035a7c5d5bc5ed0e3e649

SHA1
79210e7d744ac1ec1b57fa27da83f8a594bea0c4

SHA256
537ef3d987c422986311be34cda4bec89ebc697f19ca60c6f4c878d313b5f283

SHA512
7631fb382b20d4d951908f56c73e54d3493f0f13a45e06fff86b187268d720a465fdc83ab7f17116881ee944e86da4276f0b25100cdb4d7a91b3b0ede51e155d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\7017

Filesize
15KB

MD5
d87cbce853d29c0478b259b69b688dde

SHA1
72a2ff74a442be6603d6e9c48d0d0e5d6e6b576d

SHA256
561a369d7e6e93d0edc8a72c4b471479c183101fc7ad4e4c47e50c1ef22ce1fd

SHA512
fe010a417e0d272df5d746faed97b20cebe9bbcdbb58fb00db6b2e4093c4f101a9e8f18508d15756bb2174d8915f031b1b244fd8294777fed82427275f422ff0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\7848

Filesize
15KB

MD5
9798a40ea8523e3964e64bcdc4c16010

SHA1
3dd8004995d10eab48ed88d5c2dddf2e44d9b4a2

SHA256
bac07b8b1d87f7df56be942139b8b733d8fbf1655a4ed2ec7b34949d42ab9a1f

SHA512
9533086ced8dc94260374115bf07a2f7e1cec05764a0ddc2c6eaaf016997f7b8fc2914bbe0dcef5f8cea1db785e7b0c76887293751e235d0fc86eb70e15ce783

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\doomed\9848

Filesize
15KB

MD5
2fce76040c3ac994cb435c8fd2a834cc

SHA1
68b8ce65212c0513d1c307da666a13ad24f90c2f

SHA256
e25d0f3737ae01839ba7b21e91021839ada9c09c3001712a523fd8e31a94c092

SHA512
20619ca97f842ee4e5774d9ced5db854ae1886b0ef16aa39ceebd0ce3839f1e78e2581630986971ea29fac735f32a2f5f8b942aed05555e66ded67d63fc17e77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\0DE5521A8401202221193245183E13E61E35CB2E

Filesize
101KB

MD5
0c45da7fd3f80dd8d62f80e2d205a4a6

SHA1
c0d3f48497a9ec90663597614c57332eb881a722

SHA256
390daa7de85d0a72d035138a998c0396576bc305e267fc2f6727b5ed193ca6ca

SHA512
b46cfacfd9053e4ba491d70d54c54d65116c7f746fae19cf736774b5bcfbf7d1f4a37ed91b15e9cbd1b1cd1e30851cb31e2c6080e2014427c355581ebdfd1d89

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\280A5A0EC73ED5F40429FE383BA1DEED5A19B262

Filesize
120KB

MD5
c3e73cffd0def2a4688bc3113f2d97c3

SHA1
9dabaedff897cbab5b8e13494f96d0877570576a

SHA256
619cf885f3524eb50c1a4b04b76f40b8fc8bd8a9a73482e8929b2db2528f2eb1

SHA512
999c7f65969b96f9fbdb39ecc78d16a3b934055a8b204c99be5318fbe189fc8733a51465b48ba76d74020db56761a31bdbca2683c346c35aec35f73025d71934

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\32203DC925B4A48E06E5E443CDC4D5DD3E588029

Filesize
95KB

MD5
7542226bfaad776788c2040e181025d3

SHA1
e21bf4ca9459132c56fc0143bb95f79263987ed5

SHA256
23b777a5c5910e7b7d91f8c19f0e2dc100d79c140e28a8d38f79f29362e36a49

SHA512
b8ea00713a7a374775c3011f2136993cdcc84e870c602a73672fe114a43c29bec7a563420c71c39c7b66c6234796d033cc82c93c913005bef22eaea0162e9375

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\40916C174BC3A7193D131EC8C25D252604D34362

Filesize
13KB

MD5
4f42ea5aff4f249bf484dbd3b9190320

SHA1
4bbb3d2d3f19b1e23ae097886f79b8d80e10b99d

SHA256
5bc4e5982c75e6a24a802be2cef7f0778a5d513c9060335453d94bed86cbf737

SHA512
db055270f65da4e27abf5c4e8a4fb83e758baa20f12748c26c83a59c3aef53d81bdb0ec97347433ee2e269cc537b930d3368c087ada92ee9dfc63e058577a256

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\4EB191A60A8AA6FC61C6D41597DA9248B0435047

Filesize
9KB

MD5
ea246f5bbd0a82c57cf918bc099740c4

SHA1
455090d95162cc6945f4cc868abb632b543a74d8

SHA256
74ee108d63575b88c5e7fe362ddef7bc5e4f42692d20ea228588ce5e3c85ad51

SHA512
c96c5f95ce0aa3fd3d054217d3e12ad57bfa43bca1803ed44522187ed011cd2078c32d9b0759df5af24a81d69e845262e526ccbe5a4c88a6de4e148a08d6d0a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\4FDC68AED072F80D104F1D4AC2E84FF4C9A74221

Filesize
113KB

MD5
15412ef5685c5fb562b257b55570494f

SHA1
47d8f2b587cbdf38f92e65ecc0b33bc8753c453b

SHA256
e5e69fb2d112157c1f490ef6df1534f67783455fe627a16667d46737c825ad12

SHA512
0b9e388552b11dac85649f5d897bc08ad1d29136930442b6ad03a1bf50551eec7ee65c02002a81583ba8493658b6155a7652b1e5934dfb7dad73a193b5c3b972

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\502D32C73446CE3D0FDEE5A260824D6DE49B6299

Filesize
18KB

MD5
9f59acf1b4d676bbdd0a3132e693123c

SHA1
c2c3ec7d226f12cbcbc06eac2e42eafcbb553d21

SHA256
5023e8c190a083e18749e382c3c1011ef446de7ea6ab54bb0fcd1274a1aad019

SHA512
f439d0f06ad8e8f16a77cd2a8630c8571e023adb0169037bb750b2064c83f0888d08e0862ac310319422634498e1afd91d54dff73c6409b622d6215ea69d0649

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\6085CEB4F24A6732F2858CABE4850715ABFF804E

Filesize
190KB

MD5
7d5ed99c72aead4c0f3fa42e15c07d53

SHA1
f46323a87c794763c00ce7bb149d85c1ba467e97

SHA256
d961cef72b2b7a5790ca1ab1cdb58a47ca70a6a9a29dbcc4e7ac7f5de78d6dda

SHA512
6fe624548e3f5d1b9e252d4212d6733ddab04a8e65bfcad5c1df9eb04d65840a52bf5382ae4e7bce11d47a0972d033dfbccac6798ccb60d51f12fd681862df7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\877CD7B845B926A7D66FE4D87EFBB4134C29CDCE

Filesize
715KB

MD5
8c6ed6dae6db2a2916ba0346000044d8

SHA1
ba799c14ff14edd116247bcfb272df8346101ccf

SHA256
32d07106f44d624bf3b91e59466d628536021d2afb71d3a12ae3b654affb2eb4

SHA512
6910e5e57e8ab4e3505ffbdf0bbc76662ebe79690e2dd65ff57f3aa429b15dbc87838982742e198506123230143dfcfcf488786f715b358a98e1aa44fd3afd16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\AC3D77AC4F74563945E1B1509D77D8D21C980DEF

Filesize
909KB

MD5
d512adadb25c907f54d150c16fd205b9

SHA1
efbf67361bfe29483c06bcc4e07e5ad629cc4734

SHA256
82ab3f3a1c90a84b4593aa6cddc409134c6ea60f1b972be8934795e839b4555a

SHA512
697de8b571dafdc57eb66f1c096264a7caf4ee293e3025fe74df582faf6308ad1dec23f2e992b3bd4bed8e4d7a56d5a19076a5e16d491494d7ada3ff51422677

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\FBC88924A73A441FE9C81CD68E3ED4E61CDC98F6

Filesize
1.9MB

MD5
4511ae86215c7ae751784283f8a34c1f

SHA1
6076a693fb42914421b920d12863c80e03c4ac66

SHA256
f9dd94d209a63690cdb0224117163724f58d8af4ef226e0977687739f103f82a

SHA512
25c88bfae5732115facc7b7a610e0a7d8d77b066ca24def1b49cdab08867805f104fb7e56cc0db776386be418677a606a6ccce035aa2d74402cfe5b97fe84532

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\cache2\entries\FCC030F57940296B4C989D2C74BA07DCC70A995E

Filesize
13KB

MD5
877776dc2737ee01b985105c0c17611d

SHA1
c7e6712ad38f19670816e4374e66730e6cd71f5a

SHA256
2fd4c49eff74800c99d92da66b156756ea8b3c936ff6d44015852e9dd692ec86

SHA512
49bf84fe436e0bb789519b4d522407862433b66cc2259502024b703742441c9f44eeaccf718683e31c41c2606f0f31756384df4e6bca4feff2e859d1c2fd1c2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\jumpListCache\V_hb6OwMDmxCzx6wS4HwXw==.ico

Filesize
3KB

MD5
0a8da0fad644b83ccf40b6b39381c9a6

SHA1
5ae821385c4697c214c034fcce2f4bc81643be72

SHA256
efb36deb2367e8bde3c65155170c4bc463410fc5b4fd281955457624e6716105

SHA512
2b1e2926e16bd27b471db2b416bd8fd04f2e051c6194d73bb6143fee9f581cc3f8e4af24302a476bab8ff09f05b3d49fc9f9f4b635249e4bc6eb022a5c6b9d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe

Filesize
461KB

MD5
4c15abea139342edaf5cf161fc1100a9

SHA1
498225859a606fa7162317b150b43185e389685c

SHA256
604bd7e4b0395b3424bbc8e82f52248fc5ff0d33349d07fe424f6301a089d939

SHA512
818f01f8925f2b625cb4a894b1ee073ed92675079b6d6ac862f579cb5eace8e0490fa238175fabc105582b6addd7a369dabe3055674f8938759e8913e83e0553

Download Submit
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe

Filesize
461KB

MD5
4c15abea139342edaf5cf161fc1100a9

SHA1
498225859a606fa7162317b150b43185e389685c

SHA256
604bd7e4b0395b3424bbc8e82f52248fc5ff0d33349d07fe424f6301a089d939

SHA512
818f01f8925f2b625cb4a894b1ee073ed92675079b6d6ac862f579cb5eace8e0490fa238175fabc105582b6addd7a369dabe3055674f8938759e8913e83e0553

Download Submit
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe

Filesize
461KB

MD5
4c15abea139342edaf5cf161fc1100a9

SHA1
498225859a606fa7162317b150b43185e389685c

SHA256
604bd7e4b0395b3424bbc8e82f52248fc5ff0d33349d07fe424f6301a089d939

SHA512
818f01f8925f2b625cb4a894b1ee073ed92675079b6d6ac862f579cb5eace8e0490fa238175fabc105582b6addd7a369dabe3055674f8938759e8913e83e0553

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsu121C.tmp

Filesize
1KB

MD5
2021d38a1b2c72a06bde60ee18daf32e

SHA1
c96cd0e2c91d0973e185151dbb18e0c12de3894b

SHA256
0afad0f3128453007cedcacfeb718a4cee45712b6e018cbac8d37f5bf74ec72d

SHA512
3c3604ec2a5afb1a6992333fde8ab4c50ef73b5c7a6adcab1c5830af2c80b0c51340f1961326a174f68ff2ca8820e6edb97e67c8ec90da2ec2c07589ce38bbf6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3011986978-2180659500-3669311805-1000\83aa4cc77f591dfc2374580bbd95f6ba_ecc70296-7405-4ae7-81c8-95373cc69196

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\prefs-1.js

Filesize
7KB

MD5
bf58cec027256edb70200ef414a966b5

SHA1
022cddad865ba5ff526669c50be866eecdb2a1b2

SHA256
cb7fe7bbeb052c5b1b2891e6434de2d73b62d0f0bae0acaebfbe6278f0a94c2c

SHA512
3deaa61b48dd5b72757c1b809c60ab9ee7eb20b3629df3a5ff817195100abf3a75deaadc7d953ecac19cf0dceb685d77d3fd5772b612734fe445468bbff32c74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\prefs-1.js

Filesize
7KB

MD5
50a21bb8ee72b53f799b967b1a7797dc

SHA1
83e6a96a27c3859177c21670acecceda6f42ce5b

SHA256
3fb54bc2e978affc8d7e1ad8575ae902b65a06675b33f105caef471d9564716e

SHA512
f0a24b2647d36ca75da9549bad2bc8aa06c8d3baef959e53eddfbc3760bf9eb05aff64d65f43be68848ae780dd74cddf846bff0ef952da6922279ac21bb53fe4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1002B

MD5
07039e1b560f506d7e88d345ffcf5abf

SHA1
b2a31a24dc9a8927becbe20a0338ce99cb94de05

SHA256
a88af73000f426de7c5c273dbafe265564c067962ed989f85523f82bd94300f3

SHA512
b350d1f8bbd7585e797c976ee3523255bccd35e04f0d89677af6524bd313d25c0d6e388c78eb8cc73976fc31a1e171bd38421fc546e98c8312f80f7b6aed8030

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
19861b2f1872c527edafecf7a9beb9e9

SHA1
40e6c860cc706d8832ffe581c8dc16cd1736206a

SHA256
a705303d00fac7b5c2e6552fb0bcc45d9e4dc34d2c792d881a264e985b293ad2

SHA512
66860c6c893de1d18aebf0d5ba9c7d0c1adf15a6dc054bb25b42776bac058b0972f22846b67637a5f9f9f9b62b9badf18ab0b6b38c9f1df2546e4c7d72840ec6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
92a3676928e39570c12c85cd39e8f0c0

SHA1
4df81ec696f7eec96cd47beb9e61fc17237178e2

SHA256
1c8f396a51b5acdbbb4c2e1159a5a39d7bdaf14bfb65f3c1b0388bb41bc2850d

SHA512
35439430f3270cbbb6247db85885c1f78c3862b3fc81daf175be8241c9a34a4d4421123df22acc67fae2178806927bbaf9cf5c4a56b61f6e0f79e35ea7f8219d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
da42afa4166f242fd2e00b3949010294

SHA1
1b1274fb2da449c8907dfbbbaf2a0ee608d93cb9

SHA256
216386802a3fd5c3192337008e6fd8ab1e38263f09058bfbebddc666a6404a47

SHA512
3e54becbca390f7ee00ac10d70564871cc5b778138c65c2ad850a8bff05de639140c023bc023c17b2184e1b70d57100ca44bbe0cc68636cff6a1d7ca5bf890e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
a84f72a245bf9ada6bb112e013450a99

SHA1
61dca83491f9e1a75bed376342880d10d78222fc

SHA256
32f1443bbc893198709e1a19a9ddbb06b7245f6f6f5ec181fecfbdd15904bc67

SHA512
c8804b59d2e02340651410e21b356fa6fea4dc23fa86499623787fd2079419e4417fb79a53bc07d560c12406a2bad6d76d499d6a1c867cb523265af9d0ebf90e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
2c66b27a2cc707c6e0f0c73fbcb59619

SHA1
f028db6dff57a37a42f58df5959dac6368827161

SHA256
9ec1b62658b6432f7f0c8a61ab60c12aee5c76bf4a805f6b7742c9d3ac8bbc38

SHA512
3a7129a847f475d9f4e456c09fbb0e0f268207bf2670df17d3d7d569855aaebba16bbd5443c35a4918ad2fcae9146f23dcf18d59a6c331a684b36918ecaaf7c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
664KB

MD5
ecce3f813fd553385b9929b9a634009c

SHA1
e4ee63d043698a06250b7669ad5c7f8e409cacff

SHA256
a274b4efb76aacaee56980bf7b3be7e57fa45bf0274ac0c47c49a882e6ea9a0e

SHA512
d130b5abdfe309891ca6eacf581f9222e41d8240c44f4cebb7158072ab9f1d679b21e907166898b35f4f67d78ce0eed8528b32a0adb1c815e3d6fa1dcfeb2bb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
023bdef3fe94a19c79139b37c80943eb

SHA1
71f7d361e6afc9b5037f6f660096aa77529e0d7a

SHA256
03c8e93db6f14e68cb510153cfd92756ce57b48bd5fe85c9c57c438a0af162ea

SHA512
589813dffe37a0bf1bbc192ecd2fdcd2021bdc25db947c8736ebcd565e56b826f6ae195ff01abb8c33ff5475907cc6e06fb196d9cb2bf258b18445dad06ed921

Download Submit
C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.WjhrAZ2H.exe.part

Filesize
397KB

MD5
d99bb55b57712065bc88be297c1da38c

SHA1
fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

SHA512
3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

Download Submit
C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

Filesize
397KB

MD5
d99bb55b57712065bc88be297c1da38c

SHA1
fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

SHA512
3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

Download Submit
C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

Filesize
397KB

MD5
d99bb55b57712065bc88be297c1da38c

SHA1
fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

SHA512
3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

Download Submit
C:\Users\Admin\Downloads\LauncherFenix-Minecraft-v7.exe

Filesize
397KB

MD5
d99bb55b57712065bc88be297c1da38c

SHA1
fb6662dd31e8e5be380fbd7a33a50a45953fe1e7

SHA256
122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

SHA512
3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17

Download Submit
C:\Users\Admin\Downloads\MinecraftInstaller.SicNGQNk.exe.part

Filesize
16KB

MD5
19d06068e3938efdcbf68da522510acb

SHA1
1de3402b384ea97a91fb659f0bf35dbfa065d859

SHA256
2392cc81e68936585c5c302c8863dc42507c2104a5e347c54526e8a351e8ced7

SHA512
6aa864669198ba8246fb72717121ff707a4724a24614cf3a9aa57a7114344fde0b5e89cb61b243a7e0a5e1f1d071d49a6de57d0cee063ba9692828a937c8424f

Download Submit
C:\Users\Admin\Downloads\MinecraftInstaller.exe

Filesize
32.2MB

MD5
d03193d3a30ceb126904df28abc953bc

SHA1
9ad806e2ebe4a6f6dd2d48cec1b598505d6e53ea

SHA256
df166846ab3a86b2a797e81ee48377ee5dfb8a2f3091e6344816cfd63316e72b

SHA512
a51d29b1eb3936fa3447aafe365dcee28f18fd6509cfe5d83e66b5ab7f1e0029ef8367c1203944ec93e1289570cc42b656d2c74b35e003b841f43efd336987eb

Download Submit
C:\Users\Admin\Downloads\MinecraftInstaller.exe

Filesize
32.2MB

MD5
d03193d3a30ceb126904df28abc953bc

SHA1
9ad806e2ebe4a6f6dd2d48cec1b598505d6e53ea

SHA256
df166846ab3a86b2a797e81ee48377ee5dfb8a2f3091e6344816cfd63316e72b

SHA512
a51d29b1eb3936fa3447aafe365dcee28f18fd6509cfe5d83e66b5ab7f1e0029ef8367c1203944ec93e1289570cc42b656d2c74b35e003b841f43efd336987eb

Download Submit
memory/412-120-0x000000000BD60000-0x000000000BD6A000-memory.dmp

Filesize
40KB

Download
memory/412-98-0x0000000074750000-0x0000000074F00000-memory.dmp

Filesize
7.7MB

Download
memory/412-118-0x00000000078E0000-0x00000000078F0000-memory.dmp

Filesize
64KB

Download
memory/412-109-0x0000000074750000-0x0000000074F00000-memory.dmp

Filesize
7.7MB

Download
memory/412-121-0x000000000CEA0000-0x000000000CEC6000-memory.dmp

Filesize
152KB

Download
memory/412-122-0x00000000078E0000-0x00000000078F0000-memory.dmp

Filesize
64KB

Download
memory/412-150-0x00000000078E0000-0x00000000078F0000-memory.dmp

Filesize
64KB

Download
memory/412-108-0x0000000008360000-0x000000000836E000-memory.dmp

Filesize
56KB

Download
memory/412-99-0x0000000000EF0000-0x0000000002F2E000-memory.dmp

Filesize
32.2MB

Download
memory/412-100-0x00000000078E0000-0x00000000078F0000-memory.dmp

Filesize
64KB

Download
memory/412-103-0x00000000087A0000-0x00000000087A8000-memory.dmp

Filesize
32KB

Download
memory/412-156-0x0000000074750000-0x0000000074F00000-memory.dmp

Filesize
7.7MB

Download
memory/412-104-0x00000000078E0000-0x00000000078F0000-memory.dmp

Filesize
64KB

Download
memory/412-106-0x0000000009590000-0x0000000009598000-memory.dmp

Filesize
32KB

Download
memory/412-107-0x00000000095F0000-0x0000000009628000-memory.dmp

Filesize
224KB

Download
memory/2524-1000-0x0000000002E90000-0x0000000003E90000-memory.dmp

Filesize
16.0MB

Download
memory/2524-929-0x0000000003110000-0x0000000003120000-memory.dmp

Filesize
64KB

Download
memory/2524-933-0x0000000003160000-0x0000000003170000-memory.dmp

Filesize
64KB

Download
memory/2524-934-0x0000000002E90000-0x0000000003E90000-memory.dmp

Filesize
16.0MB

Download
memory/2524-905-0x0000000001230000-0x0000000001231000-memory.dmp

Filesize
4KB

Download
memory/2524-935-0x0000000003170000-0x0000000003180000-memory.dmp

Filesize
64KB

Download
memory/2524-931-0x0000000003140000-0x0000000003150000-memory.dmp

Filesize
64KB

Download
memory/2524-930-0x0000000003130000-0x0000000003140000-memory.dmp

Filesize
64KB

Download
memory/2524-894-0x0000000002E90000-0x0000000003E90000-memory.dmp

Filesize
16.0MB

Download
memory/2524-913-0x0000000001230000-0x0000000001231000-memory.dmp

Filesize
4KB

Download
memory/2524-918-0x0000000002E90000-0x0000000003E90000-memory.dmp

Filesize
16.0MB

Download
memory/2524-901-0x0000000001230000-0x0000000001231000-memory.dmp

Filesize
4KB

Download
memory/2524-932-0x0000000003150000-0x0000000003160000-memory.dmp

Filesize
64KB

Download
memory/4136-985-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-990-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-1141-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-978-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-1152-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-973-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-971-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-1088-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4136-958-0x0000000002620000-0x0000000003620000-memory.dmp

Filesize
16.0MB

Download
memory/5384-969-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5384-986-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5384-974-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/5860-912-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download