5a240cd865b64367889534e3e8e9768f588da0dc16345d7df001d2101bf3e4c2

Resubmissions

20/04/2024, 20:05

240420-ytzlaahb9t 7

20/04/2024, 20:01

240420-yrsd7ahb4t 8

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

minecraft_1_0_0.exe
Size

42.3MB
MD5

54f3e3486ce377df4d6c8956732678fd
SHA1

6da7c2274a61f7b50a6b58c96a640d9f5a232be3
SHA256

5a240cd865b64367889534e3e8e9768f588da0dc16345d7df001d2101bf3e4c2
SHA512

8bb5bb4d540ccddd52e20ef23f35f23837713596fef28a592390a24c36152657656b99356a6db4bd3a5f0ba2e1c9fea802ef614d5558c7a2cd6c18b9cde0e411
SSDEEP

786432:2AURImrfGtlkHW1xL1fyOIB2LUCSl5+zFuKT2d9n0gcWbjwA3/+6nKVVjL:2zvTYiW1B+WUCSlIoKyd90vA3W4KVF

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4984	Minecraft.exe
4748	Minecraft.exe
3848	JavaSetup8u411.exe
544	JavaSetup8u411.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133581169805614265"	chrome.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
1952	msedge.exe
1952	msedge.exe
1152	chrome.exe
1152	chrome.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
4984	Minecraft.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe
5572	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
544	JavaSetup8u411.exe
544	JavaSetup8u411.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 1952	2728	minecraft_1_0_0.exe	100
PID 2728 wrote to memory of 1952	2728	minecraft_1_0_0.exe	100
PID 1952 wrote to memory of 3640	1952	msedge.exe	101
PID 1952 wrote to memory of 3640	1952	msedge.exe	101
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 2256	1952	msedge.exe	103
PID 1952 wrote to memory of 4792	1952	msedge.exe	104
PID 1952 wrote to memory of 4792	1952	msedge.exe	104
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105
PID 1952 wrote to memory of 1396	1952	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\minecraft_1_0_0.exe
"C:\Users\Admin\AppData\Local\Temp\minecraft_1_0_0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cuk.net.ru/forum/25-97-1
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab58d46f8,0x7ffab58d4708,0x7ffab58d4718
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17699466176753174954,588706783909527252,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:2256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17699466176753174954,588706783909527252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17699466176753174954,588706783909527252,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
    3⤵
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17699466176753174954,588706783909527252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:1664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17699466176753174954,588706783909527252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

C:\Users\Admin\AppData\Roaming\.minecraft\Minecraft.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\Minecraft.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4984

C:\Users\Admin\AppData\Roaming\.minecraft\Minecraft.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\Minecraft.exe"
1⤵
- Executes dropped EXE
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffab46fab58,0x7ffab46fab68,0x7ffab46fab78
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2052 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3364 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3632 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4060 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3644 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4736 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3396 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3940 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4640 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3088 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5132 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5276 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4916 --field-trial-handle=1684,i,14563294970586659385,9768175164269933040,131072 /prefetch:8
  2⤵
  PID:548
- C:\Users\Admin\Downloads\JavaSetup8u411.exe
  "C:\Users\Admin\Downloads\JavaSetup8u411.exe"
  2⤵
  - Executes dropped EXE
  PID:3848
- - C:\Users\Admin\AppData\Local\Temp\jds240715718.tmp\JavaSetup8u411.exe
    "C:\Users\Admin\AppData\Local\Temp\jds240715718.tmp\JavaSetup8u411.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:544

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:440

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5572

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\97cb557f200c4d5595a065cdaccb8aaa /t 5664 /p 544
1⤵
PID:2100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0087b86f-8368-4635-af88-dce617056b42.tmp

Filesize
7KB

MD5
7abfa45160600bcd51b27488ef825a26

SHA1
1782b79b0abc6e1f18bf8028115fc71038822d7d

SHA256
eb546625459b6c5f388e156e539176bda391fa82a28f63985bfde533be38fc9a

SHA512
1a380653138fb0875322fed506ade4a90af945543fd13f936fca0965dfc067f2d8d77db2bf792b9cb5f63cb3f087ef9383d30517ba0f6697687d8b7c6604e30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
65b6120013c867c89aae80dcea11bb68

SHA1
8cce72610c99e6065018c8f00f16ea0bb3158f93

SHA256
5389967ff06f52485890606ff8e48ba5a2ea78270c145fdc043db1f058d9f568

SHA512
6189a32ade51d73231bf9757af1765c58adf4b04afbbefe991054dcba53dfefcb442959d7b8bbe4bf350c8d0f77559b6dbc8bd6aa77ff25e6cc954c1afda75e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bcb072d8464478685a28331b78591fc6

SHA1
559fe6b6e36b20dcb9136cdb4fc91d5c3df904c9

SHA256
5437c7b7c818291b9244d01ffa633d63e7fa6a15554d353509788dc5b17bc060

SHA512
273132f5a8cc423e7142a5395e74f285ade617807288a80c1583692c76b75f94143c4772ea426a5b2568e7fd653b911cfa6d804fc4e11fcd50846486c78e6b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
73de0ec9c3aecf91a8d16ed25c9474fd

SHA1
1394adbab2f8b727c3d6c60002ebcc3018129d8d

SHA256
b5e7e62f404ef66e787a6d00e6206253fdb5e345ee249bff051c1e4186e1141f

SHA512
81b0073b9d3683ab94b693fe76de8553c6240023573a2875c01f88a58ba23ad54bce435a141a4ce0f95a6daa337fd5fd2f44f27b8468da631bb0f589ab3860d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe140daab0980a7f7da0613eeb9e7848

SHA1
f8e1c71480855cdae4d1e7762f140e534aa1aeb3

SHA256
079ee10fb7d9f8c3b319e2d344b384ac682a90f5ac7181e1ad5a3c608da0d671

SHA512
cb52358d55faccb1cc21b4cc67cdba609b30b23b0c4908e801734451cbbdbd26ca2c05ddd435fa33b722f9dd11eb29de2e4b39a6c7d0b83d4caa702884ea409e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31c9ea76f11d6ab6c28b8487d0443493

SHA1
f35f819dcf6df91e9a0139c11a5d306818b7163f

SHA256
16e278d691253b7177a8c740769f9826b3988ed0d558630713e7a0763ffd37c4

SHA512
f3bd2863529b27b5fa62b83d9ae015be8b7696f4dd0453058f30a7ab65b1bfd67e9957f56bbd7b0a79145a4b28d96d4e0e42360a43c75d429792c0a1ed88e739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7ec7dd6fca616b92abc329ee266705ae

SHA1
b2b21702584f12b703e1c11de0b03d3d07903534

SHA256
e648757327430016fe75f9b7606fdc790e87716bda901132afcb8737673a120c

SHA512
c39df945da9d17d4debbac025b731d035f0dbc1144f9988971f35a23e11396bcc31fd646bfac8c289742f9062aebb32a63ef8297f97edf49a79a6aa46c052d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
edb1058600bff9f57ee3b12b812acc9c

SHA1
7a1b9202d7757171fae5e1b8cfaf0db8461b2a69

SHA256
df00988adfcffd51bbb24fb57b621de041c009924b002d5e4de4fc61db23723d

SHA512
281300e0ac59e69f2f75ed65bea851559ba14b7ec6e815660b11bc5afc7790b67e29e0725719641aca05951a1faaa516855c91b6d74a7549a02ad714a8b6fb34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ae31818fef8e668a39e7d31037756729

SHA1
274a898a035428a7e17c28e332dcaeae1e7082b9

SHA256
e669cb7280674f2b56538527ca0bc7ffb3c23bd9327bb5ea327ded7d1bd5bd70

SHA512
b67b9138ec0ba17497d9e9b8c113854a5ee724bbb9ea1d0bcd3e89eeb1b15390c130340d59afd8b8bef3568b54aa174619e2a78eca2e524e2e9dea0ba945b2de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
24c44bfba828a87f1dffdefe934dcc17

SHA1
86fed4e0ae595f016f8a1ca1f65cd4f17d1401b3

SHA256
f856de1ec0a13bcba53f2d18937938b45c32bc9bb3b53041049c7678249fe393

SHA512
99185e8d776b93c093f90c2ceb89427ffbb370b4fbb20d5f4d457749d33ece766f6561764f46a751947880044e1a68679a8854750be3ae671d48ec9837ae31ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
ddb507984cfb9310c99b8616588c75c6

SHA1
92958442bc4ba942679ce20436b2df176cef5dd4

SHA256
cc13833b69fe1999b54bfce4fbc6dbad1d404337ac29c9d09264e23cb2215e62

SHA512
eb9d1203b8a8abd8ebe2067d478b8f327cc41537ab0d558d92a767f1417b77692f0916356519a395d4a76628c982f09fdbc31634e6db89121314d6875d417cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
25c6109989458d1fe23f62ca286c0969

SHA1
0b320bec27ba0d728179925410911db069d59fe4

SHA256
130216fc657a08c50d0500c74e97445a775009e466c4f9597125f89d90f0a933

SHA512
1da59c076d2277c8e05be4b891f714ce6ecf265df96976c65050553d2132910f4f807db4081ab6cb6f352636a9103936fb1e83ed9710eb6d5caaa4ffb5fcfd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592ee6.TMP

Filesize
89KB

MD5
84483c8002d1037c3f3e07c4cff83b98

SHA1
cd67d1ff58db9bb89d4bf1b3bda00312017580b7

SHA256
d57dd2973ce25bdd9a9cdf137629290c73cd099036deb0385e64680f9d9b73e8

SHA512
7d5e360b5555f3e6fbd7afb3021714164932aabcd9843ee812188c40a1b23a53bf702d6720feb0c7beb5bdbdf0da8b68c7af03481c7962d55cd9982657740ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07e894b1917c6794ced0e63160eda612

SHA1
a9d343d288728486e2832ed00cd35f296832799c

SHA256
b12ba6408505ab33364eead8bf9d3fb1c1f05a2cfabe617b26086713f7997c73

SHA512
136193dc3a52443afccb57d0d091619f3efc1769e326f13b671d91dce626d04ce53f75fae7f7ad130c32f2516b28b916bc952abdd478c29ace128a844a34e8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcf9f3c2e31f12ac7576f420d2511e9d

SHA1
1410d25bf604f4ff8bbffc8459ea32876538b2a8

SHA256
9bde755556b00ef2985e0e98dba422567191db7cc4f58b4f0fb92fe31116fd4e

SHA512
619b3aacc2079b5f148d0f64784e910d96526adf5b3f62a64fd04f8b0dd85a88e8e3e509f85c8183460e0576f301a05faf35d1046ee394416dfb59e0c3c5afbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
51f556c172c763a9f0d6820d798bd584

SHA1
d56607a6a07357bbcd3683b8fdcfcd4d4a93a5ba

SHA256
3c4903ce10738c70329203f1d60c7a28d4721605d195a5aab92231dea75946d0

SHA512
cf2a5c144e82f80f67a6fba188b05b2f2eb4a523c396f2b486757e7c3942c2cefb7a0dcfc726959fd97b40186a9a5d3b627629744f18ee95c0260bfb6fae642e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

Filesize
8.0MB

MD5
10ced705c860072ed8f892f442b1c1d3

SHA1
f379662a61f57dfc791aa3ace50b273abc6b2f9a

SHA256
c1dcd77401ac1a458bf2d36d42678e84d98d3f315aabc67f0f12948d74c5f347

SHA512
b1935dceb15699343c175e37db9affd56ba5ff8e8cdb77c593efe413a40e904312647de21db2aab17e80a4037eb5ae694d00ecc464a8064f3dac69f87afe801b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

Filesize
8.0MB

MD5
6501c72b6f4272ed9d00da815b9744ed

SHA1
34fdbf74909ec79ddd8424d7b5368046f289404b

SHA256
472cb0b385dcfe1207dc95c022bf653fa9ccd599a9e24f6df0f837562308fb01

SHA512
0c938e7aec931cfeb81622ff607d1e234f690358611f3bd083f177d3291394b9f209eb749e07a3c120826953064953c940fb60de67967489fd071b8adc04dbca

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
8.0MB

MD5
5d84912840dbfddfc8ab819f9f0c556f

SHA1
97a5898a4386b5bb1df16ea90904ad8193f08ce5

SHA256
f18f24246592b833adad24847c8679509491592d57529e990e9d49c927383771

SHA512
328e1b132e99b3f1d16579d5d13c7bddb80041589e6c250f7081996aef2a8975fc8d0d6b026a4bf525ef1f268b5c08d5b13d4b67486042528a362f07db68b7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

Filesize
8.0MB

MD5
a7331dcd9c6a1fa8945aa6fdb80028b2

SHA1
a3b937effbc8a6499cefb8fa447e95279a257fa2

SHA256
d84c2218bd9ee7b1fed159011d34868b7f4d5d58c578ef341a229261b0d44aa5

SHA512
64c67a8cf3ce0ac83899ea9d8e387b316608ce1e0e6dfc2a0f8ccc070543e11c6c36c8177e2a147b3be23f27330c7937a9227cfbd52a98b813181af6089c3c30

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

Filesize
2.1MB

MD5
975a41b57639b17d9c660ee935918367

SHA1
860660e84c5226a8c1045ce2025b15f69d9182eb

SHA256
e7d72782e820920eb1be08a5451ff944727f47b063238a9028468dbb3f025245

SHA512
db18cd2b3df2a196df74bf6a063056c01da82eb343a1cd61aaca03ebc703756476408693c87c86758809bdea5a8270f64b01adfec024a927990046efd962216d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds240715718.tmp\JavaSetup8u411.exe

Filesize
1.9MB

MD5
a9b69edaaf925ea6a71679d9a0f56266

SHA1
efe45a8e10c3d559b4800b0974f65bf0e87c747b

SHA256
e37988551194fccbbb82fc0a159a9b9abb242cdaed14a331cbceb0f5195e18f4

SHA512
663f2dc7a6faa7c2a0db5ad3d60b9e0909543b77285a048a1b3c7b20d3cd2a8607202bfc8a0d4b597ec517a7b0ed01f446a4a9c722a750a07f5ece56dff74e23

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
154KB

MD5
74fbea50366392c3c3c139db34736551

SHA1
db0a20e64bac2f1297b3a52fa10809ac3f10c402

SHA256
496835e80217a89dffd2c92695dfb630946862630246ddc06670cfe322b8f186

SHA512
69c99c67ededf93bbe03a0b9831af4c7b6fcf629771d02a88fd31c9f11ee9f65f2cf015bebc8259c2b52ee84ae9571e56f863fd85e745fdaf588c0b709a53d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
155KB

MD5
b16fb1c6eef0878a89ae4a64529ae5db

SHA1
557ff64b453714a0adc128e4957209ce1bb45d12

SHA256
ee5650d4d2c41d4400af3e129991335829325c2cf6324eff5d1aac7ceabd4a9a

SHA512
575e176f7570b306c86b41ec83fad57772816495887d057408fda9966c1391526beb4532ee2c77cdd15b9c03a563b3204e19d3f37248f2bf93eeaf9f98d4cc3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
183KB

MD5
28a71421cb99f83fd6db60501f72667e

SHA1
dfc22a321fdfd6b1630b48b8fe1b97df65837a20

SHA256
d247e55b38e72de9b4d1e4e8bc469d3e2a63b367768da1e2f65be18db4f29d34

SHA512
d139d5eefea4cae5dd1b6d4bd0ad716509a3b2055c2e1ee520ea4e1114acc2c2bfdbb7b647020f321cf3bbf075d49737fae6df0d558cb0e691f6b29482a48992

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\Minecraft.exe

Filesize
679KB

MD5
605a171c61a0607bdcf6be80ed07cf95

SHA1
477d4391b0d84406127e43ead289a3596ac1e5e5

SHA256
09b78dc85713ca0f27f17d94c939cc606a59847c1f2b5cdd281b52a48cdaeab9

SHA512
3b32197d76951d0e1cd7043758af9b33be12b30c03df00a3ef36078205fa95b1582f65bdf4437a1b879a922d2950868e905bcd2227ce3816d5437556b103d338

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\Uninstall.exe

Filesize
65KB

MD5
f7d29d45dbf17e171473073bd6ed2b4f

SHA1
b1e70405d209232c0ef5b0b0a10b8e78766558ad

SHA256
36bec0f2f3377c39ad671b7c2fc46f2eefad31d8d2fcc5ca48fb59a867f0444b

SHA512
d3339798811f0371d283d4cca36a5c8f01ce70d020ffba16b0510820477da8dd11cd8521edcef584960c8a35f2d8ae7acfe16f4e932a446b03badb66f3c6565f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\newsound\random\splash.ogg

Filesize
11KB

MD5
a997aba3fc7ae137999399abe76d417a

SHA1
22a491f266f5c3cdd6e669a9493daaf40c9c8575

SHA256
7a04c68c956f4fe67935e6665666e603de918f64683a79f9e5d5700e6a4c2765

SHA512
1deaa6cd197d9733ee36b4e41dbfd2860f4d0df6e177577fedce7275a663069e50a7d357352fa0a8faa6b64b64840bcc39be152f107f6b8b39192ae4fe5efa84

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\grass1.ogg

Filesize
7KB

MD5
98bd0e0359aac0eeae8ca703f0bcc574

SHA1
41cbf5dd08e951ad65883854e74d2e034929f572

SHA256
3619fdb8f8aad57a48d45e02a3e8be90a9ca5d0ab8c8802961c78fd59c1f84fa

SHA512
9ecb7d7cd6f0ccab9f705cc4ac06756561c483c6b3c88794544c469177aca0a123455dcfea1af9104c30453bf16ff6018145b317ea0b6e5dfa75021911dfc63e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\grass2.ogg

Filesize
7KB

MD5
a4269cb765813cc0b66c44eca7c497a2

SHA1
86cb1bb0c45625b18e00a64098cd425a38f6d3f2

SHA256
b0763cf2c5b4d49602cb143e457b6206b6b101113a525795ef9c622ae31149df

SHA512
4d636695330c10c1fe103dfc196ad819aae6cf32b8711848745fd8c6a868f556102e1925d169a341b8b6c51d091a5ca20b28353003f53e9bf7343b4a1c35c907

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\grass3.ogg

Filesize
7KB

MD5
df515774818fcb13fb54b10f0a99d44d

SHA1
f7d7e5c7089c9b45fa5d1b31542eb455fad995db

SHA256
9ac02803710f8556be3501d021ca2120d121339fa07f0a18a0b63ba5547508fd

SHA512
97f2065b5fa2340be8fd5438ef0cd39cf4afe82f7484f87512fdf418ac0e73f8ac461dd1aab9dcd17ea3f69b1b5a7b106c05af336840c154cb80b46bdcc01c74

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\grass4.ogg

Filesize
6KB

MD5
98738c7818c4e5d96d6b746c4adc675c

SHA1
c7b1005d4926f6a2e2387a41ab1fb48a72f18e98

SHA256
dd73335714e52237ef6ebc05035418367b4785cfef749b5ea1cd9b6b1c523b93

SHA512
97b6f9755585e31a4e93b8b87b760e7279b9676c77e9b79e69347acbc4278ce52a86e9a5862f6a6f68946e1057c6485028ed0c35a50750ca52d227561f407544

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\gravel1.ogg

Filesize
6KB

MD5
9f3935893ce70145ae7f5e7331e294cb

SHA1
e8b89f316f3e9989a87f6e6ff12db9abe0f8b09f

SHA256
55a610c8739c045a65343b8447c6b95c1e54465939aab666001af2d4869c1e83

SHA512
a1f949183ff945686a17ccd683c336b9b9b161267cf2b75b7f2b3004e531e6788b79f13b6c2bab2a305105931500505df3f93922d2b85be5a43fe1c42f562819

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\gravel2.ogg

Filesize
7KB

MD5
a773996fb9190a29908ca74ebd6f9bcd

SHA1
c3b3797d04cb9640e1d3a72d5e96edb410388fa3

SHA256
60ebf0ed49f258a62adb9849386b2795f7e409d21ff958a803eb0727d7e98913

SHA512
de799299acbc7de5224f29d5deaa5c40cba35f5100b4e3479c1f36a691cf5902613b640e921082b91b82dca048d4105c6aa8cb57a3122a03c12ac6ef587af03a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\gravel3.ogg

Filesize
6KB

MD5
ac4a92eb3e8f0f349c87e3ea83075823

SHA1
48f7e1bb098abd36b9760cca27b9d4391a23de26

SHA256
ab5e4b408d1eca44546e86c11f5fcc66d3a4c035910ab14736f952d1e8ce98fd

SHA512
546f2a4399b80e6927de1fcf5b557291f318c1411cd9f8eecb35c50dc9e63ad2eee155362a582b4ff9d43328a40f2e369d185bb72c5a3c40792cf4b4404c0417

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\gravel4.ogg

Filesize
6KB

MD5
644465befd41420e4b869d49558d271a

SHA1
7bf3553a4fe41a0078f4988a13d6e1ed8663ef4c

SHA256
fd4aa7553a4f99fe435b2df57bf9ec1040ee2409d09fbd15dbc7049f0e261ddb

SHA512
265639db88d155a6f2cd39aa43e8c4c41c0f4b6847869e8b0b6c36c562752ee046efca18a5913a814970f34f65467a5730177500cfb1a796967e20b99af9b0a4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\stone1.ogg

Filesize
6KB

MD5
3b2cb7bfa7f55c3a9556be1b82cd321d

SHA1
4e094ed8dfa98656d8fec52a7d20c5ee6098b6ad

SHA256
97f2a8a73b6f577b85c1a162c31810c7aff1ad1f34564dfdacebb64b26d1c7c6

SHA512
c41c1b5256cd20785a4eab383390a62d7190c4a9b68955c28cb6efa3499645d546b0f3e99cd271f2500097abfcd22bff30a68f9c2f08b0643bb35cd1507c0cee

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\stone2.ogg

Filesize
6KB

MD5
b9419adb326a59074ec4e7339766bf78

SHA1
9c92f697142ae320584bf64c0d54381d59703528

SHA256
98a5c3197845526e6ca9e8a669ffda843cfae3f5c7ac842ee6aac8896bae03b2

SHA512
d183e91da48b3f26f7795e6b43db41778d1cc6e67856b37098b9260b018e89e6f106ba4be750645f69d9a7186324dc90513bcea95a73fa950311174b3123818b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\stone3.ogg

Filesize
6KB

MD5
cb411f6c50a705fdb3f833dbd95a24ad

SHA1
8f23c02475d388b23e5faa680eafe6b991d7a9d4

SHA256
19273f0e7e25b459ea29511dcbc4f7f209c04cea2fd1c34a16250737469ca51c

SHA512
9352a94757e3cd585c2685dd0445f4deec43750355abed6aed0600ae010db7398372df008f734ff6bfcfd8bc8799707e3af10534e7aba6b5dc068b8e8fa3a9b6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\stone4.ogg

Filesize
6KB

MD5
304f934dd37198cf30c3ab5d56475953

SHA1
363545a76277e5e47538b2dd3a0d6aa4f7a87d34

SHA256
b164e7324510480abac9518090e48439123ea05ebc48970e48fc59406729a197

SHA512
35f07590926922fd923e191d5ed180ea18c9308ca7e634f9f95db5d1773ed75dc14ac8f9793469dde9e0b7b462cb3e740eb71fef86b74297745f63250743117e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\wood1.ogg

Filesize
6KB

MD5
4c58a8df862c333551e49ecd6f7bb57d

SHA1
9bc2a84d0aa98113fc52609976fae8fc88ea6333

SHA256
cb6071c83a7f19ee555e9d661dc9e564c77ad9fcf2d1a6848aab21bc3b1c0289

SHA512
f560987ffe978e17d4bb4fe315234f8e42b19f126475d5c03e72642f6bc9bf117da0c25069c9961f5030bf971423092f6b738caae1c17ef4df8cd45afe193c1c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\wood2.ogg

Filesize
6KB

MD5
bd13ba3ef643026bcc104fe937381b5a

SHA1
98102533e6085617a2962157b4f3658f59aea018

SHA256
59edca84840951f2d6f0ad9ff5fd439a6dc916b2cc50164569b94ee107b4bc3f

SHA512
a26b4f50918f783b4db91a46c2a44f1b26794fb198855d5cbdf7ce9ece6ccbbae5345d0550b5dafe5424071694d776111fa96c82fd9b77615c709196fffab112

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\wood3.ogg

Filesize
6KB

MD5
0efdd06219119dbab7e9c30b3be30a42

SHA1
45b2aef7b5049e81b39b58f8d631563fadcc778b

SHA256
cf6be2314c08ea3fd311bdaebe14d0c73ca189bbbda09f96d26a3dea7e711cf6

SHA512
3066540274acf37979c259a3c483cff9fceea74e767a2af9a24e1166b8340994a83f8b0666e6846aad7e9e252c115905855547dc1ee7aed0b9ee4f5c736f774a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\resources\sound\step\wood4.ogg

Filesize
6KB

MD5
1a24bde5e714d1ce7d76b948ebfdb4ef

SHA1
dc66978374a46ab2b87db6472804185824868095

SHA256
de868b3119b03ad42cbe502805e895a5fd8565f059f991f542b4ee68d6556bfe

SHA512
d97425ec32f0df8be61280994821839e96ce87726b074bb66cda2cc0ce4f3344d1f109a28bdb8d2a20d6ec51d67b82d307ca63c76fc3566524a0062fcf5736e7

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\stats\stats__unsent.old

Filesize
138B

MD5
60c531026640931dea220dabe4db1c9d

SHA1
2b3750bf5576cfdc656273b33631ee96c8781902

SHA256
0f0cc6c0973c0733132fd3c7db9c7cdf08f672c9722b8437883a47b465042d22

SHA512
41e1a5a7ee84903ebd0136fffae36053d623b20325402865f6b8688fa9671bfcbccb9ea129e8223fe7436353419d988be3e2c3274082da270f46349f1a812f99

Download Submit
C:\Users\Admin\Downloads\JavaSetup8u411.exe

Filesize
2.2MB

MD5
c8e59f75cb74e2a8d644368d5a06ca68

SHA1
562af1976898764ffc35df1d523e98fa95630e8a

SHA256
6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c58

SHA512
74a6bd15ed411d3ce70ecd40e71f09aec019752cfc004a1adf5e738ef6a448249d47cca82064c80fdc4ab70a6ce5268bdf0957cbbe6901488728427ea3dde127

Download Submit
memory/2728-1004-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2728-11-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4748-1114-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/4984-1109-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/5572-1544-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1549-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1550-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1551-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1552-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1553-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1554-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1555-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1545-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download
memory/5572-1543-0x000002A81C4F0000-0x000002A81C4F1000-memory.dmp

Filesize
4KB

Download