hxxps://github[.]com/TrickleMergers/Fortnite-External-Cheat-2024-Aimbot-Esp-Wallhack?tab=readme-ov-file

Resubmissions

20/02/2024, 17:16

240220-vs799ace98 6

20/02/2024, 16:56

240220-vfnebabg7z 6

Analysis

max time kernel
670s
max time network
635s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/TrickleMergers/Fortnite-External-Cheat-2024-Aimbot-Esp-Wallhack?tab=readme-ov-file

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
33	camo.githubusercontent.com
35	camo.githubusercontent.com
36	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529230025140079"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 3456	4040	chrome.exe	85
PID 4040 wrote to memory of 3456	4040	chrome.exe	85
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 2896	4040	chrome.exe	87
PID 4040 wrote to memory of 4864	4040	chrome.exe	88
PID 4040 wrote to memory of 4864	4040	chrome.exe	88
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89
PID 4040 wrote to memory of 408	4040	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/TrickleMergers/Fortnite-External-Cheat-2024-Aimbot-Esp-Wallhack?tab=readme-ov-file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a7d49758,0x7ff9a7d49768,0x7ff9a7d49778
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:2
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5632 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1468 --field-trial-handle=1896,i,12513851904248036692,6537720092048977457,131072 /prefetch:8
  2⤵
  PID:3776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1456

C:\Users\Admin\Downloads\Launcher 2.17\Launcher 2.17 Setup.exe
"C:\Users\Admin\Downloads\Launcher 2.17\Launcher 2.17 Setup.exe"
1⤵
PID:1116
- C:\Users\Admin\Downloads\Launcher 2.17\jre\bin\javaw.exe
  "C:\Users\Admin\Downloads\Launcher 2.17\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
  2⤵
  PID:5016

C:\Users\Admin\Downloads\Launcher 2.17\Launcher 2.17 Setup.exe
"C:\Users\Admin\Downloads\Launcher 2.17\Launcher 2.17 Setup.exe"
1⤵
PID:4196
- C:\Users\Admin\Downloads\Launcher 2.17\jre\bin\javaw.exe
  "C:\Users\Admin\Downloads\Launcher 2.17\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
  2⤵
  PID:4532

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Launcher 2.17\hs_err_pid4532.log
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\12c3f6dea3d32f8c.timestamp

Filesize
59B

MD5
1af28fc62ca3a49d0a5b9db5a51a8fac

SHA1
089f23d333a234477f256dbec8d7588e67438ced

SHA256
405d06d7ffc313de2d7841af3f3f2b91d7ba3ec2537b6abca8d3b6761682c467

SHA512
7df0bb309eb641e49ef96a91c0dc96bf0c20d6a69e4960fb92e4cdbb419c90d38965c868c8e117e2f0a2f924ae486929e49145798679c7792b8573932f344f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7889734362e9a7b3590327b83004a800

SHA1
540d09372b270a7751904cba327170701afd0d8c

SHA256
07ef66a458a2b9f33aa92ceb8ff03c223ade220def8b482c6e8dc99a86027e93

SHA512
62b424c063ef964e1181c93d881492da27eb527122990ea2168b7341a12123e7b3dd46f5cedcdece2e2c921f48f3fee731143c2332d4b356fc2f3e053922871d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ac9e0915ffa2d0dacb91bd0624e3ca7e

SHA1
f2393a1b7c6b6aa07183d0768a59e1cf60a76fb0

SHA256
b47e8447c6ec7890fbef7237f4df8ab383b723b2f129ac7668bc8fb64f997ccd

SHA512
c5fb6c7fbf659a25e48d21383fc4c71a5488a422ec41eb7b379a4efdd940dfe1e207a17a48b9fe78b535567923edbbf387b3933b0b19feffbb25f498229bd75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
57b89bb5b2c5612cf3c9d3cc4b69a7fb

SHA1
fd6115b033cdcd362170f30f3ee593f46f5b8fbb

SHA256
21f855461bcda91a49becbb552d566f15671f03c0068d8df9c6e4b1eb6401099

SHA512
3aa513a51faabd0e0a7807cb6cb2d31086ef852ce5af745aaf1e788c9a9894cf1b3b471ebe5f54624e7f2fecc1096fdc9b55ffb57b5fd928c9954b7d7ed1205e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
37781008f7a719b8fe4293959b631aa9

SHA1
3f8bdffdd33a5d56f5e0548c26040bebe9682c83

SHA256
6f0c3e68e050465cd5e2a2d7ff05920ab317abe840349d4f40bc3a98390fb119

SHA512
bc66807ee877a2894688b956a1b03a52a29938f585a93b4fdf9d195852edd973ecd860d56b87af48f021ae206afa92f35965ccd18f1ce6ef5d19bec2ded470f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
869B

MD5
6e357682b1c4c88a6547a54adf6727f5

SHA1
c570d9636c935af5b2d122f3e142962728c0a8d4

SHA256
5096e066fd91dd3532ddd5e36425ce500b6aae07279d6d56cf349536c31e96fe

SHA512
9632d214f024491b2072a7074398d879cf881041daa3ae4544fe1137071c2f029c7aa416ed5379c9c8bdc2c7c5d9a15df13fb06cb637eea0dd561e8aefe36360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a25a950b9176b99fc120024970a9fb0

SHA1
a3840e1b28428f9d5cf5efd0502eaca0d8580ed5

SHA256
3d01cba7f2b179cfb6b10e6ca2aa91a67a4e16e75e635f1ad05022fd4cac0e69

SHA512
6c311a6b588437b75c58efa45c603cbc53008be59776673f367207b04803d7c328d402a9426a0a6820d6f6cf8803169daa75ab579b90fa1efc0446ec5186b07f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79e8b93f6ecf8bd2dfbe3dec5edec564

SHA1
715d9ac2ac805506c95d56b2d43cfefd5d629820

SHA256
2c020650d8ccd61d9cddc63d46541cef955ef2e1010d55bdb9c8c1a5afb54b8f

SHA512
155f17cca03018e195fe52d1139397baa09d4b0513ad12bc56ed329c8a226027322b0d65b329c51259ab1cf2672f0c0f008a063d03f36c1fd01ea4db41a2e680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
371afd3a19bb24a1a4c8ecc5536a4ff5

SHA1
3fac22878a48115946c7b917007d12e788f9902b

SHA256
e2fdcc946393cc88ab341eec60d7a4009d5662d749d7080134af02c02f812bef

SHA512
70f32979a84fdc717fe5e6a9a7d9aec17834f5666b89868e4b3c179a30595145e76956ed0b1d30a7eda40b3d9405e59014b0bc0d28a412f2b6cc618d8b35f3fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a90b5163df09938af6df7de06553aee2

SHA1
a0a8fb26d9bae20eb4bfea462d157621115b0afe

SHA256
1666698fc87ad008f92f8c019e6a24ba75aa58a17625ea9a34ed6c180a741f46

SHA512
62c548a7b413c0697eeb6ede1637d6a5c8305a54718f2ed60bea24f802019565bfe1ba17c776dba3dbffcb5131aa59ad29542d0f3adf0f7603080d14daabe84b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
acdb74758ea83584e150f01937f80658

SHA1
df173285206c180908d055c5b795b2ffc4c10c30

SHA256
d5bf04c32ee2ae7ca9d2f039ac7c6c93caad5bed3db7057067b7e44f07f634dd

SHA512
a923a5b6aaa897821a78ead9150361723c6fe4a6a2d1d3bdc471b90399f6f0743eab343b93fab2db8c61cdd0a0172935b761926c30ec5e02de558aa3f84ea83b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aed3c4a736947faa62020e0d8e1c9382

SHA1
2ccb3967750a5316940792d58c8e1f98394d5aba

SHA256
683af1c1743150187e724d7c4c65d7c147bbc720ab37041ba8309b2395e38b1e

SHA512
6f8c6f1f4ba365eb20e8a2e43c69d9506eec58b795f409fae0ac828e8b8238c0a35307007f1eef397353d28a2aa006359807d8eca7e42103c22127ef95c0eaca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
75b1064e8187f4745ba2ad1b88c6fa15

SHA1
1dd5b0f42dec7199713ba9bf82cd4e29fd94ce48

SHA256
0cbfb79d0e07d6251edb2744c705bff25ea830b65f1dd0679119c47a188bf9a6

SHA512
edb11a1ded285476179ef3d86027cf26c8b1ae6be5a7aa0c042ac05c97e8f93077ed81a8fe5171f8dbb6db457ecd75c41f9889301f14f09fae938d31517b2db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b6d655cfe1c5515803c40ae5fe75959b

SHA1
f903a04d67dc44612b7699b94a162b7f819e7f42

SHA256
02650eea83a6c768217e4ebc45a73db0bde3b671983e68ead290454d860d2acf

SHA512
e89a7d785a6f517c1736df9ff92a1fcbe6a8c50156331fa37a9446e3d2ec8c2ae252f394c22217bc59c5a63af77f0069742da82dcfc68d19d72680337eb001c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
cc36ffe7e49e76f614db9d6294095c0c

SHA1
c5601931cbd1b65e8b26db49677ae657e3245f9c

SHA256
d491785f7dd0a55257e6522af36a208fc31ae7d8d749c57d72d8ee7cb1c7b67a

SHA512
a61f41f351454848227772cd471b8abe96ccb357060762a0623aea8e343981056b0cf668b9aebed8e8ac2df0b4a99ef0431a7c2f93b50b7383e4ff0e2ff68da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe6010dc.TMP

Filesize
107KB

MD5
e24aef7540954e48f38302ea3380fd8e

SHA1
714cc22a31d5b9b09fc962dbc4774524323d7a43

SHA256
edb3accfabe4c51199892dae9e97bf6d69d7ae277f49ba5031c94e15cdff8103

SHA512
1bdd75dbf85314c2cc2606f95098be1a3a1efa00fb1e61e5e8d635f666c72e7d0384f60233d7672dc957123f36d5547dc480bf1f88eb279e014242c3f1338f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Launcher 2.17\hs_err_pid4532.log

Filesize
17KB

MD5
535416a30945e835712dbed16e7e3ff8

SHA1
f5c020b296028ab6e1a9879eb7e415f461612ec1

SHA256
b9eab7ae17595fe949205831ea934b80eba80c741af3c279d5bb43f5faaee1cb

SHA512
dc851f0354c4c2a44b6dcab0c2d0b8ab44c8a02b10c8650aecd58b3581a8526d03fea41f416df29538ab8b7173ffa9b6c11adf6b326c9586bdffe1c2fcacfafb

Download Submit
memory/1116-270-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4196-316-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4532-346-0x0000000002820000-0x0000000004820000-memory.dmp

Filesize
32.0MB

Download
memory/4532-350-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

Filesize
4KB

Download
memory/4532-362-0x0000000002820000-0x0000000004820000-memory.dmp

Filesize
32.0MB

Download
memory/4532-360-0x0000000002820000-0x0000000004820000-memory.dmp

Filesize
32.0MB

Download
memory/4532-359-0x00000000028E0000-0x00000000028E8000-memory.dmp

Filesize
32KB

Download
memory/4532-355-0x00000000028D0000-0x00000000028D8000-memory.dmp

Filesize
32KB

Download
memory/4532-358-0x00000000028D8000-0x00000000028E0000-memory.dmp

Filesize
32KB

Download
memory/4532-357-0x00000000028C8000-0x00000000028D0000-memory.dmp

Filesize
32KB

Download
memory/4532-356-0x0000000002858000-0x0000000002860000-memory.dmp

Filesize
32KB

Download
memory/4532-354-0x00000000028C0000-0x00000000028C8000-memory.dmp

Filesize
32KB

Download
memory/4532-327-0x0000000002820000-0x0000000004820000-memory.dmp

Filesize
32.0MB

Download
memory/4532-336-0x0000000002820000-0x0000000004820000-memory.dmp

Filesize
32.0MB

Download
memory/4532-352-0x0000000002820000-0x0000000004820000-memory.dmp

Filesize
32.0MB

Download
memory/5016-314-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-307-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-286-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-308-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-315-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-304-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/5016-313-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-311-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-297-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-309-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-281-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download
memory/5016-302-0x0000000003010000-0x0000000005010000-memory.dmp

Filesize
32.0MB

Download