5d12fb93a3f9c48e0863da39809270af03aac542b74f0145aa3fc4e033b36ddf

Analysis

max time kernel
1047s
max time network
849s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 12:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

mmc-develop-win32.zip
Size

13.5MB
MD5

bde7f40bd67d7c48a8f88581d85d82cc
SHA1

5dc7eafbc757ecc228f55c0b5ae37254aba4a2b1
SHA256

5d12fb93a3f9c48e0863da39809270af03aac542b74f0145aa3fc4e033b36ddf
SHA512

111d61a2ce76a1d2609475eb7f0b09d9a0166cb70425bc805c3403981ac973488edb1ca8965ac4ac130a5509a52b6954b315d78bd5f6b58fda5582f3d1027c0f
SSDEEP

393216:iinAqB81ZGDeb+kdL8FeXi4h/0y/mqGw9e:J8zGD4RdO4h/0y/mHwE

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
54	discord.com
55	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
552	chrome.exe
552	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe
Token: SeShutdownPrivilege	552	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe
552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 1536	552	chrome.exe	33
PID 552 wrote to memory of 1536	552	chrome.exe	33
PID 552 wrote to memory of 1536	552	chrome.exe	33
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 1600	552	chrome.exe	35
PID 552 wrote to memory of 2152	552	chrome.exe	36
PID 552 wrote to memory of 2152	552	chrome.exe	36
PID 552 wrote to memory of 2152	552	chrome.exe	36
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37
PID 552 wrote to memory of 2228	552	chrome.exe	37

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mmc-develop-win32.zip
1⤵
PID:2172

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4be9758,0x7fef4be9768,0x7fef4be9778
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:2
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2212 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3744 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3464 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2192 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4036 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2540 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3404 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3708 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3796 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1756 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1976 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1180,i,2137350773293354732,11815746660686868414,131072 /prefetch:8
  2⤵
  PID:1728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2756

C:\Users\Admin\Desktop\MultiMC\MultiMC.exe
"C:\Users\Admin\Desktop\MultiMC\MultiMC.exe"
1⤵
PID:1576

C:\Users\Admin\Desktop\MultiMC\MultiMC.exe
"C:\Users\Admin\Desktop\MultiMC\MultiMC.exe"
1⤵
PID:2052

C:\Users\Admin\Desktop\MultiMC\MultiMC.exe
"C:\Users\Admin\Desktop\MultiMC\MultiMC.exe"
1⤵
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9a1768a6-6cae-4780-85c5-8306a1865f3e.tmp

Filesize
262KB

MD5
c60778b02442bfd7b66f1a427aff6886

SHA1
74c43e3b2da16e51e3ff22b4980cc0c25473c66d

SHA256
ad27485fb8989abdad6f5e9eeee6037977e367b7fdf8adac27e3d0ba166fece1

SHA512
54d48344a838b460b1fffdc3c3ba6d1e984a0a74deb8abf5786cc44b4d94ab263153e5eecb16aff8b1704f194d7a5a29d638773933ff461391274e33eeaabc2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1982c2f8-3316-456c-b8fd-801c89221631.tmp

Filesize
5KB

MD5
a83889e347edffff35f56b62c6b45ac2

SHA1
8429f2e5ade40c11725efc6bcec3c9cda0a1e865

SHA256
fcd17b6dbf87ab4f3895da2a0a5aee201e76aa24faadd7ba993706994f0f434f

SHA512
ff567e44f2ff5f332a55fb02928b2c70c0abe5c3ebe7f78cd2084c93af34a7ab5ae35e4ff1af87758675c32cfe37009f044c9c7b49207293d5a8ad17ed2cd07e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
783b88599a6419970eacf0b97546d581

SHA1
553627bd759e5eaa8a44229c05ea47a232bae7f0

SHA256
296d025b5fda9349e59db4bdce1317fda0a2d9aaf3ad001411e95ebc4280054b

SHA512
b199307dc68aef8ac5eb675d7b53aa12977fe6d39e0d0c683142db46e2e145dde45e109fb8f9b905022e36fbbd7f6f59fc869db997d47558463cee856035f23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c0f2208850351090ab6411548eb59c10

SHA1
1160dc1d51a83a51b382222ac06dd5fad8d32011

SHA256
bf7641ca7219fcf2b8782a2de71ac8d1eab2996a86d2ae3d450092909038a44e

SHA512
7495ab4b9b9dc6646a83217954afa40f8c7961bb1371afca9afe7d1c8aa129b77b02772b6848a3bff218e0b4df9ccec958c246dd50c73206d59d72c6cf63a817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ee587ab957b024c179318a333cd0bd74

SHA1
3605000988bdbafa3f3c10a8a698355f5c28035c

SHA256
4197a44f1e0ae96d2bd74a73828ecd80eeeec31ea37ade66b52d8fb786a8faf3

SHA512
d40586fbc989c02bd5e2fa2e259c80e5ecbf1ffef21646a987c388a825394726db8d59713b8c9ac868e447902b4dafd32ed1fe2690133fb690170e3789d5b220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2784a82071b3e989f475cd0a759c5a84

SHA1
8bd2b6c7ca6c43e4eeecec7eef994e5a927b2f59

SHA256
70e538a6f1040428a06856acfe3eb77821d12d79227efd31824c0a52cd036934

SHA512
b43dd6e706689baeeffee505c1f2fbff9f26af70e1912958e5e5a6c230253ed25847120f1cac89e855de97a5faf00412349e10bd302530c6f4ec16950e255a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
e14b66508990d68289484b4cf95d0762

SHA1
1570770e410f4159867c3baf9002715b0dcc0a34

SHA256
379a56cbc5f45437f1b6f32dbd980a80ae58213511b0f6cb0335b711873b2a96

SHA512
68c5d340ef139cd2503e32e00c46d463bc0f413311e808e2334e32981b88e71f8af6122479934fbf2d6244aae20cf14a6200c1a9a9a1a1b33fa9549eb694a47d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE087.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\mmc-develop-win32.zip

Filesize
13.5MB

MD5
bde7f40bd67d7c48a8f88581d85d82cc

SHA1
5dc7eafbc757ecc228f55c0b5ae37254aba4a2b1

SHA256
5d12fb93a3f9c48e0863da39809270af03aac542b74f0145aa3fc4e033b36ddf

SHA512
111d61a2ce76a1d2609475eb7f0b09d9a0166cb70425bc805c3403981ac973488edb1ca8965ac4ac130a5509a52b6954b315d78bd5f6b58fda5582f3d1027c0f

Download Submit
memory/1576-515-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1576-521-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/1576-513-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1576-509-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/1576-514-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1576-512-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1576-516-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/1576-519-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1576-520-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/1576-518-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1576-517-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1576-510-0x0000000000BD0000-0x0000000001214000-memory.dmp

Filesize
6.3MB

Download
memory/1576-525-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/1576-526-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/1576-531-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/1576-534-0x0000000000BD0000-0x0000000001214000-memory.dmp

Filesize
6.3MB

Download
memory/1576-535-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/1576-533-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/1576-528-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/1576-524-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/1576-523-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2052-539-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2052-570-0x00000000003C0000-0x00000000003D8000-memory.dmp

Filesize
96KB

Download
memory/2052-536-0x00000000003C0000-0x00000000003D8000-memory.dmp

Filesize
96KB

Download
memory/2052-542-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2052-541-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2052-540-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2052-544-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2052-547-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/2052-546-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2052-545-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2052-543-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/2052-573-0x0000000000B40000-0x0000000001184000-memory.dmp

Filesize
6.3MB

Download
memory/2052-537-0x0000000000B40000-0x0000000001184000-memory.dmp

Filesize
6.3MB

Download
memory/2052-572-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/2052-567-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/2052-565-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/2052-564-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/2052-563-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/2052-562-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2052-560-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/2900-551-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2900-575-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/2900-556-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2900-549-0x0000000000D50000-0x0000000001394000-memory.dmp

Filesize
6.3MB

Download
memory/2900-555-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/2900-554-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2900-552-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2900-553-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2900-558-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/2900-559-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/2900-557-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/2900-580-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/2900-582-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/2900-579-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/2900-578-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/2900-577-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/2900-587-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/2900-588-0x0000000000D50000-0x0000000001394000-memory.dmp

Filesize
6.3MB

Download
memory/2900-585-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download