hxxps://www[.]curseforge[.]com/minecraft/mc-mods/from-the-fog/download/4572858

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.curseforge.com/minecraft/mc-mods/from-the-fog/download/4572858

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608197121040240"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\From-The-Fog-1.19-v1.9.1-Forge-Fabric.jar:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2320 chrome.exe
2320 chrome.exe
5032 chrome.exe
5032 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\From-The-Fog-1.19-v1.9.1-Forge-Fabric.jar:Zone.Identifier	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exe

pid	process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2320 wrote to memory of 4204	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4204	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3132	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 564	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 564	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 5056	2320	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.curseforge.com/minecraft/mc-mods/from-the-fog/download/4572858
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3e8cab58,0x7ffb3e8cab68,0x7ffb3e8cab78
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:2
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:8
2⤵
PID:564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:8
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4276 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:8
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:8
2⤵
- NTFS ADS
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4220 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4352 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4916 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5020 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:4156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5264 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5268 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5736 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:8
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6000 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5784 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:1
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5724 --field-trial-handle=1828,i,3254553255567124676,6515210737490677396,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\91cb16e4-860a-4d8a-8abb-37be91800876.tmp

Filesize
129KB

MD5
12c5a5b0144810479e1e19bd4ad69447

SHA1
db3da434ff340196fc2998d6bd146028af329855

SHA256
5d01aa424b7564196179edcda8326fd86b54dc94dddbc7fe1f97f68071091b7b

SHA512
a0e289561eed7ab8fb9228ec63b618ea9b85716662d7a7b3f267fbcbd034aa955d0a61d22093ab19d77a78b45431c43df919f85fbefa6e91ae0d5afa523341c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
184KB

MD5
79938097a00cc88f10802c10476e9d93

SHA1
c5df92286ac075e7666b92898bb57f00c73f43c0

SHA256
b219d56a477946922ec286262743c43a844cd6b34523e86e64a0918d006afb18

SHA512
d62f92afe98f435b027bcaa72c0e330697faa100f1578e5562c9ddcc6bd2a0b17a86e129c1a17269b97774ec55b9480e703912e463493c9a20fee614146c44ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
27KB

MD5
c984007d060766e41c7822ba1429658b

SHA1
b016cc7dd0f8243422b7bd3636c6f45426edc234

SHA256
1a5ce05e4a177d78ac9565c1104e1fd113c41aa5deb202442e48c102d22955d9

SHA512
7720ac3ab724bafaaaadd5892fafe526fef0d4cf9618453a5df6dfcebc35173a980aaa52f7ccff7afea99cdc39fe81ab7fed4cd2baa5dca89d07b8befa3480ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5ca9528f344a4805_0

Filesize
147KB

MD5
a0f23216ec0970a498687ea68917de36

SHA1
ae7d954f1e11caa4e9c548a3f191d5b305ff51fe

SHA256
64d365c5183c68f896ea254944e0dbcf5e96d191a907f49fdee840583b98392d

SHA512
e02ab4a5d675361a5a7acf13724f0ddb58b98bf26da6489d3f79b74354b432ecdac5e68043c7ebecd0042850e944be2f237affcb6a5a9a985a89e6c25ceb941a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\849e838794f3cb09_0

Filesize
252B

MD5
309b5b1473e902ada3901136937c6179

SHA1
c2a57347ff808fc01cfee4dd4b16262d4e10fb69

SHA256
6c7519cb4c2ab6f3f7acee06727fc974af677200744dfeb0de6f57912f7e4d95

SHA512
aa750c16b066ce00050f427a4db7406b0e7b7082ddef748112e8e8dd81b4b23c24a681adf42e7015380c09a1c383ae8bb7fb13cb8ec0c794d6a7ea59f2155199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f95cb54374a1fba8861afc76373a105d

SHA1
26bc391a6a3e8ba88493a369b1437894c0716798

SHA256
bb2d067989891e3296daac50ef6da8c29844cfc7bad6c463badb4c5223cea9c3

SHA512
3f7267c80caff4c39dfd5544b294846412cf6dd9447eeb0d3545b3afadcb073d5b6b896b42388b658e499d8325c217c74cd9d536e7751ce24fd28c44fb0b5a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
814e52f282f6026341e7fc3584cdec05

SHA1
1802b8da1d96ea4c017bb9c0c0ea0c34303a489e

SHA256
67fd01e99284ec7bbe3c00c908516f64fa75c5a00ff414e58260d961efbb0127

SHA512
f3c7cb4d4c3f6b5e7f373efc072036c9f797f2104d2607b00d47198291f024d31ea3dff54dac2368f9aa8f56135fbb2ee6ec3c9ca18bd882981f10f34bd3bacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fdc899991e878bfc95b01b67e97d3404

SHA1
a087e27db98fe635f9fc64104413e33db6c8fbea

SHA256
b65ea033a2a77eb38c4d7c00edab0c9a0a37038e24aecda592ad93e7b9d616db

SHA512
9e6b9447e8cb4dfa4e93d63f5a2b88c579e056448cc6b44b6c3ed613714915d520ea1e0f3b67f1be1d008c964191b4609080d5ef0d07d9c6c5dd913dfa91136c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a4e07ca9404ca30baf3761aa6654181d

SHA1
786e3716c3a0ee8d87216450654e039dda07ab75

SHA256
bdb0b3a0a07efb82469876ea6906b36ba2430efc64f11127bf19624b4f3ae06f

SHA512
f664ac60650d68afdc6359caaa0721a8d65d15c3ecdc1a16612adfffce1cb5dc443372c5829f043911ddeb8435b719b0a814fac4c86b711c2152a397f7c3e0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\78041d1e-bfe4-495b-bfa6-85108c935bc5.tmp

Filesize
3KB

MD5
4398858e38e3746a5e2867be0be56403

SHA1
4f775a411ddac365483aaf661d8a0d883f362577

SHA256
5c64e5c5e12807ca3a792475094d4991d7e33e2f0f403a342ce1676da54389ce

SHA512
04e5a3f815756f359b609d13a232915b3e0dc7032a22db0c2ebba6709867792d8fb589eb31b636c810c2c700a41133868619e7654b101826e700cc66181b34eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
3394a2ee2b3296d5c2faa5db4c39c271

SHA1
7d7eb1750c2090b0bd42ff23325cb25950f92759

SHA256
b5405604205cc4c1fb5fd3ebdb9343c94bde0608cf50016579a6fc58f3ba008d

SHA512
e694f2f6e8279d6b5056f29d7f5a766b76704119be8b92d59ab635bd4ccf334af544bb3970aebc07d3170f7c6fc0803131454844e25d4b03f8db10306e9381ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6540b024616efd3694951fb3de273859

SHA1
b1169b8b7bf280a7adacfbf4c3801137ad4a1f5a

SHA256
0028fadb3824b723140cf7f900290a6147d39d1a3f5f286ad699d7be6738d591

SHA512
b4512e2eedf652ce226d7c55ca23a690feb99bc5b14eb9e668f569a803a5f1f78ef30464444ac535bdda9607b000697ac5e76657141bb92cb530eff53081ad8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
82657d6d0dc490322462587d16879571

SHA1
9d6ff7fadb7dbe3c0deb232b2b96707b8f176e17

SHA256
9a8a2e070c37496ae20255dd187de53d35630f37a1b3b3c5719d54efe440fd0a

SHA512
60803672926a2481033f524d420b723dca81a688ce1acc82216f4792bafb8b400c60015e91563e7e2bde23ce9e179b129047897829caaf6cffc0f53fb440ed1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2f053185927059fe8244130a478ea6d

SHA1
f86d2188d596e07ac3364a8b126252bc24b1b845

SHA256
a547a2c8f6f19b40b36fb5182d8a927bd4678d9741eb60e167553810324b59bc

SHA512
1f6f40bb65759d118e2cb84e3a077ae0e655bd55f0a5465e1b2d39d5582ec9e1679cee093551c14245b101852bda02e25a491ffc2bd03747df912ea4b9d6442c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c4a585a34285660000f2fc2517e692cf

SHA1
84f32a4f49108e4ebc72b8e8abc5afb45192bf7d

SHA256
85df5eaeec7f2a7c72ff28dc2d8cfa0a12df7005f9c6608ddfe49c606153cf43

SHA512
577b701ab9977b55f8a87e4e26beb94e99d370d83103cd80bdc7f02afdedde1c6ea9583016d413d2a96fc68b523cd181834896da2882cf278eb2159ded7c3ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
40526c0eb5eade19041ab613eb6af380

SHA1
6bf5e45285880e5c1faee8832a85ab328de9f572

SHA256
d99b51db14bce547dc3f5a99c46f195add47d3a3c0dcb3e9464c9688149c0810

SHA512
e65b266277aa3ce6a3c1a066fb7df5f26939d3729d940e92df3d701b6292048a4f7bca469cb5a484fafdb0be10de1ac2adf34a35edec2a5cb8e64359e39c4aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
25d995ebc72d6e24136a36f898427fad

SHA1
466e77422aa6e9829d2dec8ec3863265d52514bb

SHA256
ab770b7ab3c4afa47e8966863030ee41eb9bd70d0c9d9ba723ec29b797cb10b5

SHA512
113d3fdf137e8eb77f227232fec0b4d0be053cae371033191d3e65cb55d2b13c0c258eed517110bab35bb38c3545214b4c22f6f5d3845fdc54b3779a9850bfbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
38f5b3db0d838df138d27544dba3fbf5

SHA1
5251369e4427bfa82e14cef794e06fe7fa8969b7

SHA256
8e9bd485736a1bb4d6d62a0782b68c0f6e50b7010824b7ab26b55411df53219f

SHA512
0e8a6d9710446b6357ab7d1194fb323d8dca8f64b3bb71ec53b356631feb3af33d9aa69ab2135706f7ad65f32b4cf5237bfd53bbab0ce4c1c698907c1c44a4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a90d414ccec03f11510e37b1a5fa0e24

SHA1
ba5ea9f6e8f8e11abfba8e942a8989442616ea4f

SHA256
e060be3c6ba7529e967d9031474224d5490e3da065bc42ee74fb91b4454394b8

SHA512
99398ee64118171382faca4c5ff1975f06279db10628f0c127885ac7cfd1763f57c2ec8d8db453ba82862dfc84df3bffb11e6f1ef0712b59345fe66e88160adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
7d197144605e206992bacceeb54a141b

SHA1
aa2cf9d56989425460e7b0c88b6e2b7765700ff2

SHA256
ce32356456a515d04ac56c145837f5afff4bcd4c4320ed7e3d0f3b1ccad740ee

SHA512
c85ee6bca5c279f41c4cb2ddc14737dd8d526d0b90af4288b7c7cb3e137d57fdcb18efdd1fa2f1fe925cfd7a24c756d8ff40c2c4588e36312d78a5cfa7bae4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5822f4.TMP

Filesize
88KB

MD5
41912f063d23c6791f854d009c8a1a6f

SHA1
71710b38cf0bfd102842bec623a8041879eabfa3

SHA256
c773822f55982a871ca10aa7b7ff16843d7753c7346551bab4187021d96ac996

SHA512
b70ef1812ae277b88893234e8d93e119913c7d0c040156644db13e57e1c34dfb6d092921bc5c0d8972ad8f102b767471c63cf49673449d1cc20e8b55b6e78260

Download Submit
C:\Users\Admin\Downloads\From-The-Fog-1.19-v1.9.1-Forge-Fabric.jar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 2870.crdownload

Filesize
10.4MB

MD5
d5e86fbe72a238e37e06d1c0bc241608

SHA1
8b8adfaea713ec953891f785500c513db3f7f283

SHA256
371597e21faf59988b51f8e76084339fa36cc6eb5ea5db5bab886b60c69b5fbd

SHA512
f1ef65ebd50a0c89a74fe108453f99f787dbcc37de5b03278881a9bd5373548e454681ffc159daad5dc4b1afb08dbd64428bcfccfa9e11a5f0f3df80e407a392

Download Submit
\??\pipe\crashpad_2320_ZSPIRQEOPUFEBUCL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit