hxxps://steamunlocked[.]net/f57020-jojos-bizarre-adventure-all-star-battle-r-free-download/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21/05/2024, 15:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://steamunlocked.net/f57020-jojos-bizarre-adventure-all-star-battle-r-free-download/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\diskmgmt.msc	mmc.exe
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\ramdisk.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe

Checks SCSI registry key(s) 3 TTPs 24 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607794355504383"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	control.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3376	mmc.exe
2676	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: 33	3376	mmc.exe
Token: SeIncBasePriorityPrivilege	3376	mmc.exe
Token: 33	3376	mmc.exe
Token: SeIncBasePriorityPrivilege	3376	mmc.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3376	mmc.exe
3376	mmc.exe
2676	mmc.exe
2676	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2420	4892	chrome.exe	73
PID 4892 wrote to memory of 2420	4892	chrome.exe	73
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 1332	4892	chrome.exe	75
PID 4892 wrote to memory of 5112	4892	chrome.exe	76
PID 4892 wrote to memory of 5112	4892	chrome.exe	76
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77
PID 4892 wrote to memory of 2152	4892	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamunlocked.net/f57020-jojos-bizarre-adventure-all-star-battle-r-free-download/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff87d0c9758,0x7ff87d0c9768,0x7ff87d0c9778
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4980 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5468 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4664 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4840 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 --field-trial-handle=1764,i,9761481513186097330,6837743826477428420,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2808

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\diskmgmt.msc"
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3376

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:4220

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:596

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager
1⤵
- Modifies registry class
PID:5104
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2676

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
147KB

MD5
ca1ee0eaf0ea41216526e04852b1309a

SHA1
2a11bdd3f3217df586631306acb6ddc8e97fb2a7

SHA256
12efec029172543b60d8763636aeb1b4a7569de4a3831d26790b299cdc92c473

SHA512
34bd7719db509dd3d7aff946c4a852958644703f9579f349711091a91e3d1658da4b78fdbe6cbe8350c5e20c9679d498a098533f6fbc89cc4402401b45e8a4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d38198863af403dead7c7a6ff41474bf

SHA1
1a99938a273c5e360feef4b77a1825f0ce40bb18

SHA256
fb087b55f15010a9bf85ac2ad1e830bd0540d4512f9bb4272e02b5772063d182

SHA512
7ddfb7372aa137b5f57819d40f90c5b6fb08f1446b253ceb7d2f7764554fda1e237b045661d1c7147af5dd57f020c99657d52dd530c7b24ec59f8e7344c90b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
9a37a34658dc7c4f86b9d78dd89b379a

SHA1
506d7e393901e25171767be41121e3291bd6cc84

SHA256
180d0173848406183d43cfa245056b07ae02b53f6f90ad26b1e6749207efc5d6

SHA512
81c71b206cf5717fc38a940b8ccd0b2dab53ec5119b484655c209c9e78ece2557c3ae517a08d731ca7e112eed9654b20d9e010416ba7e9cfda71fc319287fb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_tgqrp.dwhitdoedsrag.org_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
55fc8f6330a9e05e29738c2738f6b9d9

SHA1
aa7d6712430ad63d86901976a535c5241947f1ba

SHA256
371a58221c35c86b860e3f8c241e474b2489bc44e5dddd4b510a17235dba3eb4

SHA512
8b6e9b74f6fe59aa93f0432ddcb8623674ff077a4d1c922ae65529c25911073541d7ebd4ca7965d1f538cb649c3cf10bddeb54a8948f2d155bdcdaa924426c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08fe0b934c0734381e9eebdb3b92daa2

SHA1
8fa94a44498d9cd94e5b9ade927e019d6e49eded

SHA256
fac88f98c3056ccd5a9389470379e5f58219596df6104c1086a47d6ba7d9e4b7

SHA512
2edbd34d599b817aab230eee8f1ffdf1aed49b2d3ff893a8b8b2d801b5ad69cfcbb3f404dfd7476240fee206af81a01b5fc04652566dd5517cae709eeed56e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
870B

MD5
7d7b40b97c48604c1a6c488a4fad92a1

SHA1
89f530f47b87299f72d35fc52a61b682d8c9de32

SHA256
c074a4460ff22dd4fa88191d0c5339357995606e8219d2f2322c1eb8a9f65db8

SHA512
27b18e675edb335e4416bcec4bf9315a790200aac361a3353e75bd6ecaf50cae6ed7821cedaca7a72b614ce2e0cfd2ad2c123d85e9786be55d17ec4f6c623b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2e77831ba6871532d99d576583c73ecd

SHA1
6a4fe6098c404359edcc40f2522542879b020321

SHA256
0b7b5d439349cddd6342e037844cb82c8eb245bbd33adddcbfd5077fbafc24a3

SHA512
94e5237186b58ee6ef8e568b9d0fd21fcffc3ad0c1ad15c072648d70df2df77411a8b68c82b155f82c3e8b72266ebe9c43d65ecc924a16819a4502998b860445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
867a6cacc28a730ef30c8cc8e14fb169

SHA1
93cae1c6f6151e5f82a1ace6993aea112e7a3966

SHA256
52020d60bde36fee094db2b985abfddd7819432a44c55491e40811e51b905eba

SHA512
86132814abfd3da9e9a37b4d791b954abf72638af80df2ec052d0105261a415097f3a03cb8273acebf36ad9e1cdc25e3e663455c6a174de0260b5955766c1cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
634677ae24f1b46af9ba17e10a67e774

SHA1
d7ab8475d304f9d153d07d708be91a1859100a9c

SHA256
1765bdfa0bd24cb57337fc62b5a9f55907446d3d87bf256eb652eed14bda7cc7

SHA512
2aa6b709c1772e889aece187975109988ecfa35c3123759b4d0bf5cfad9fc97369fee3002edb3457df7b8a6c090d136f4348e4c31fcbaa887e9ce88765aa022d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e1b4245e6c61406e09d99aa033aec965

SHA1
5a195121cedc34026d5140a973f364282d94a7d4

SHA256
b332e9669a8cbcda1bb9d941c29f5420dff7e101f083c66f738316036073b951

SHA512
b813ffbb979314207feab30f9fdf7967f5b8b10c2e2b857a6211023132ebc297f826af34b2fee407f931695a7c0ef65fa7455854a0589530a0f8ff6c7aaf5495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8daf94c8434343e73fa2f596ac1a8d6c

SHA1
f6cae069d4156aa3767aa31b48b41713c6850670

SHA256
ca6f400295f18fa426e895ac90f0744e50726b1ec0c36a810e5fa1aa888f57ed

SHA512
fc05ca17ae449148875f94ed9c2b00e2f14877814db9dc29556d3d3a121610e1c9d3671baeedad7088531f2526af26d4289f2826732b95d0b80fe2185355de98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
52b10b9e4784a7fb0eaf3d39c77066e5

SHA1
ee472ea233ae20a09a66f63e6608ac943a5940fb

SHA256
14091e1bad9d9146f7e242ab621725655a008b18b1152b31239b1e6ecd615723

SHA512
bdabe30f9acd3d1a9a6a06f2fef29e4f77bb4824439a3f4ff1ef5099afa4b08b0f6595f1704264881a5343a97fd331024c2361779e73a07dbbb43b8d6c86a2ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
45702a6566a47ea3b465977d07233785

SHA1
373ba3a703409a2fc93bf460582fc5a253ed74cd

SHA256
bf506aed45aa3ad89303c1e4d40a747a6599f26e1a3bbf917a53a7ff120d3364

SHA512
b8756379b3e2aeb015e32cfab044a2166b247b1acec00b0230971a1f679d141e57c0feae305d621e1fbadf144a575944407c2f48f8ed61f9c7fd4d6fafe0ec73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ebd7.TMP

Filesize
48B

MD5
429e13ddfa8ec60faa18bdcffe3ddb0d

SHA1
ab9e996aa34fad2abdc297ea2d045b0a2782ddd3

SHA256
e28ff74100bbf7e6392d56c1709746698ccaed186b9da0361a2db8d0c74ac586

SHA512
0431919101d9ede862e79cb84df1e49c4a3325f1d0c36823854c4f16bd1e276b3c23dd93b3be23b7472880f17e49d2cdfe7cbb9e45b4d37dc41c10312e6a27cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
87a8fee7ffead05574d36ea63a4688fc

SHA1
ad737e1cc367e52b39f64c50133ef5bb9b6a09cc

SHA256
e3ea89916aebb849a06f2494ff322b455254305a634e317ca0632254cb1b7757

SHA512
c1261e5a8972878a51c1a5c5f5b3c77b3686639a0c0a3768fc0896741c1dfa8e11a07c0872fa14a619e50ad32d2045abcb0663ccdf70c67413beeeeb793b13d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
da73b57b84aaf6da19dac88f90a906ae

SHA1
c368f13186868d7cc3ccd651d1058f4734a142a5

SHA256
92dcdf11166a65946ebc7a0913e5d79a018530e99b3633fc39013af237a66d6b

SHA512
7457cab493d0906461bd6230aa38f89cdffd03f1e2ecaf6be528dbc843606e4c69671ac2ead94df1781245ce27f6901a8ce11b728f2a56a9c729748757f7abcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
0722ba459bc141dd0e30e06d91e30f5f

SHA1
5e0481b738dbbc61c89f59db25448e2729ec421a

SHA256
dcb5a7958c62c9869d44f6a33fed8ef2f9e5fa054d5a83ef0b10be1d620329d0

SHA512
c74035ed3845912da29d1b8e07686ec876d94026b75add15d8dad4f747bbf2342692e00057d1f9cfedc001ffc57348f993b32c1ffa2fa97072d664e5686ca4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5883f0.TMP

Filesize
100KB

MD5
e45f60d2abf92caec9b51623e61db873

SHA1
a532d44271221a73c2eda53656c6d4872fc4456c

SHA256
86330e37f9ab4f7a1187a06b543dc1776c320e75d299ecc3526898826019d45b

SHA512
a0e28d48c003b4a3308575b9c590a643f2c0fdb831ce18b3d9f461af1fade39cc18b07949931d3f679dc62a4001fa11cf02f4213ecbdf58af279b848bd59c6a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\JJBA.All.Star.Battle.R.v2023.12.04.Incl.ALL.DLC.zip.crdownload

Filesize
5.5MB

MD5
a2eb0a99f4308b21beed7d834a4a7061

SHA1
cc4a32b59f5a7ca84f852f5662b2836bbd9339ca

SHA256
ed5ee0a5a2392f52612b0987910537a4efd51c216680dce011c9e50d9f689322

SHA512
9140f3d5b33a435d2832ef6c7053a06968616c1beb4683f5ded71924b3211f9e13189cf23790eb363d963ecaa2394d8b7dc732d822b13bc8e3ae88e127f3dbb4

Download Submit