ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

Analysis

max time kernel
244s
max time network
248s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
16-07-2024 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.js
Size

1B
MD5

0cc175b9c0f1b6a831c399e269772661
SHA1

86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
SHA256

ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
SHA512

1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

Score

6^/10

execution

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

54 discord.com
22 discord.com

flow	ioc
54	discord.com
22	discord.com

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133656241371045947"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	chrome.exe

NTFS ADS 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Launcher-0.6.14.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\mmc-develop-win32.zip:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

MultiMC.exe

pid process

1948 MultiMC.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exeMultiMC.exe

pid process

924 chrome.exe
924 chrome.exe
784 chrome.exe
784 chrome.exe
784 chrome.exe
784 chrome.exe
1948 MultiMC.exe
1948 MultiMC.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

MultiMC.exe

pid process

1948 MultiMC.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid process

924 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe
924 chrome.exe

pid	process
1948	MultiMC.exe

pid	process
1948	MultiMC.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

Processes:

chrome.exe

pid	process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MultiMC.exe

pid process

1948 MultiMC.exe
1948 MultiMC.exe
1948 MultiMC.exe

pid	process
1948	MultiMC.exe
1948	MultiMC.exe
1948	MultiMC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 924 wrote to memory of 1420	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 1420	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4940	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4692	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 4692	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe
PID 924 wrote to memory of 2720	924	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\target.js
1⤵
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb08cc40,0x7ffcdb08cc4c,0x7ffcdb08cc58
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1676,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1960 /prefetch:3
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1932,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4448,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3744,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4856,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4440,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3808,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3584,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=872 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5484,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5492,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5840,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5780,i,5482638964857920560,4185124208215304650,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:784

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1220

C:\Users\Admin\Downloads\mmc-develop-win32\MultiMC\MultiMC.exe
"C:\Users\Admin\Downloads\mmc-develop-win32\MultiMC\MultiMC.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1948
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:1120
- C:\Program Files\Java\jdk-1.8\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:1416
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  javaw -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:468
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  javaw -Xms512m -Xmx1024m -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:2120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
1⤵
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
6fbfef1d79c88e5b2544e6286cc7a732

SHA1
7d547038a6f4b1af0b8e38f0c24d641b77dc2a1f

SHA256
df3a2efceb33ae8964824ec8b2a5783dbec3044b2ff58fbdd4f2b13e096cb0e0

SHA512
544448b4ecb36ffda2d5d779a3f76a48f71b18b8c6f84e51532d794d8a1f75c01e6968b6e2105e1d7b6489490d73f3c3249bcdde7331c46a3faf27ac8cb33ed2

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\448abea6-7721-4820-a417-1121386c9802.tmp

Filesize
184KB

MD5
33f00036bf7efa5bb467d6aefb5f168e

SHA1
f0aae99c24c852887da933887375bb9de1d3d41f

SHA256
9dbd52e81d6782c39fd2791566fa1599836b3d2a0009a6d289cc9f7948ff3502

SHA512
714f884250ce2cef9eda625befb0e9bc587f4d9180bbb969db5d09f0ad5c74063335662d85dec3b7e98451cfeeb011c616396479e3a584c23bf94c3faa6564fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1f624cfe-4250-403b-bc8a-7196ceac14b0.tmp

Filesize
9KB

MD5
f7aea20ac336804fa6d8b05bb3f532bf

SHA1
1373be4aa97e26fef3329e2a9e1916aa7fd704ce

SHA256
2de74f72df6e4a16d1ef84333898b1e5102fb42fb4d15643c261e168430bc4af

SHA512
89d3fa26451f155c4d8cee778355bda46f3b6c565f71893f1250341f13bc90fbedc819ed4fcad6e1a45f0b3f85974543322fccf19aac971ac059068f07f85908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
988aa691d05d0415322ce8b4d5a7f437

SHA1
17a04b7306b1d02ad8bd14e5dcfeac69057b27a7

SHA256
4f77626b86022168f58c1db41a80196e2a7780e07005a16c89a08fb004a040cc

SHA512
aa5a6d90bee6f3ddae3f13e6ab420ec265a7062071329d7a9f58c9952afaef4ea3f3dcc798cc17ce81efa00307fff12fe68ec9d841a1b71c4e3b62cf468b565e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
23KB

MD5
cba68946d3694c460fe5acc9d751d427

SHA1
3e93f6164d0ed467f70062275ff14f2aff33fa0e

SHA256
073de9884f36c190971412d4d109e4bdcd3f494d530964dd4686341454654c7f

SHA512
e6cf0ee7039b02e5bb83c11640aab6f897ae7227b18db00befaf5180bb5fa5d85ef2a0f86e9ada1150348db56ee0a4f6756d33bafbb849e2cee3180afe3b0e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eed6fd633e348aabe7a8065d508c8991

SHA1
f2699769b1eed68b32edc40c1033e561a3447b4d

SHA256
b28244c2c12f3dd9263d0fc0740799e010c8afbb0e12877cf659b66c72f00b58

SHA512
c95c1c5aa619900d8a59bd5d1aecf675c2f571c96fd6edab61ef9cafe3b86c0488c81afc686cee2e1cdc83ed0465baa5a68ca70ab8fe89e75b0682cbe43c538f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0e19da304e51dd6646e04e39d0885211

SHA1
a0f35019200d20df853318a881608265d9ea1def

SHA256
4b169ed5b4c2d24b51da17d1a7a539b408d72d8fbcdf49ecca71560683498d9c

SHA512
60a0b421b906b9ff57a8a72b0e9432e84188a74cb6ada1860cfd13dd32fa1b1ee41eec0e433e877919af50818d78e0344b97c8bfa656e97619e8e258627c47d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2dbf7e9df3f48fcc68933c9bd942c771

SHA1
99dd159a9600aa2d120ab2827140e16d6d79606f

SHA256
1276418994af3bfb960a54b89721b0f928811a55b96b7dc4b6582e98d2357797

SHA512
3f0bb822d93e3b9b5d71dc7d393ab322d45010cf7706bff1f7df7d124b6bc351239b1c721e1bffa2cfad22d78cd99948af1ca90c190cd1a9f8c3a91f15cc74fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f6d29944b032d0ee3a15022f2927cec0

SHA1
b09a158e9df3cd6a745a59070aed3e007a49c17a

SHA256
d4e9fc69bec6ca90ddfcb4b84afa9c16f0cf1aab8b449d02683280d72369dd1f

SHA512
973e1d3d4479a4e93dbd68b9081371a8ea6d9571b8c88d5445b06702e66b95426f4385eab373c03294a7a5900be94e230c70c46deebe84a93de5c9602b428b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9e5a321afa7145ac12af72f151b4186f

SHA1
eb561dfd7fbb6866ff0ca24ef6000611268118de

SHA256
bba91b0d18350f647d1c2bb64f61b5ac45df268dc130049ef0a1446c4b8c28a3

SHA512
3f03976acfc93d4db8631e52ffc0221bf22a5177ec8cb9898bdd8078b7203d4c491e188605ac3e2023c5118ab2eaed2677efdbb793b0a010ce741c0afdd8ee96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5053d361e9fbde877bcab893ef248930

SHA1
61664a51abffb2098a7edd1ca49ecdb1893a7214

SHA256
d0a91578be574ed23b725c65eea75924509d75032ce822bf30e66edfd76ccc0d

SHA512
912e003607e22f647880b72cf1d0f06f1799ba0ed53bc860b4115ddf11b22149dad6c48b737129d283a34b758c08e6dbc67adb2ec48f91512b2aae4d1e4dd159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
082bc1b177b977b73e2c96cb928aa6d9

SHA1
ef3277e0901cf134f8229871553c061caed7833e

SHA256
813ae67ec835aaaaba2c3a83df550a46b27848305e8f65af9a640596c02a0f30

SHA512
356ea28776e9978ae85c324c520d8d93a22bb615e6d61457bbab28718cc2a23bf1ac1832fe3adb262a541e2a18f7ca35c06849dfe88d3bb2f8a23cd805ff8ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff84d4b29669fbc413cc6ef5a6340aef

SHA1
7e76f389f352a3375ddfc9625e1912f430d0d458

SHA256
1076c275d9570d6580a190c67f774a29e8d02107b7e320a71a8d6c0e98b959a1

SHA512
2cb8c1e7e82fc1b30226280266feed88a35d76eeb0bdf2b8ae308f9e4c6bd9688729fae16e040e08c4fc29648fb3fd686df6283b93569cdbd8fdfc7211a1cb30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
407c0facdd50edbd8aa2df063c180423

SHA1
6d0b291a24c5f666a047cc53ff9fd6593a65dc80

SHA256
6f7768f1cd7addfad6866aeb8242282a9de7f1b6b4bf7d29cfc18ba6be61fb6b

SHA512
e623b4e22d4e5fe600de9aca462eefcbc60bc2c868eda4577c5844d8fd39a0b8b79ed22bba199642d929094debc8103da696810a3c08e83bf62836abe405b1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9edecc2dca2c96edefdc21e90d37ea3d

SHA1
eead99279d2b119f2b00c46eecbb14df56d5dfab

SHA256
b4011a77d3a565c507ed1cdbe3b06fcf875a23a7b7701ff4afc7c9cb70370a96

SHA512
e7b8bd36ad1d6f5c4288a6449312c91ec030c4293c960c2b456bb5277e279aed7e4f3790ddde272393446ef167a5d1627a826cdb4447c7c494742595e83ba3df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3044edd736eebe958750be8bba1edc4d

SHA1
ed24fadd48d0338a76da166e339b75ab454dc681

SHA256
c05ef3cc718b2da8975006b85552de413643c9a8e7db43105064712788ee190f

SHA512
785cb8ffef197dce7ffc7140ae6afe36df44e0c9da5720f2af92c6b6f2db8787a0e440c466ef5c3121773ed9bc4a0c574e91193e95eb255202e8460da3c7d28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7dd5704044462e3963db80b7938eff2e

SHA1
0b1dd9cafd82f2974a87d9ab713da47bed50118e

SHA256
1703f12d4b59edf0ea644253f9b2cc63daa393312178e27958a4d67bf70545cc

SHA512
75bb738df54a0d24faef966292f18d80eeeafdcec86b2c83a557a78e17b12ce0c30cbe4851bb5e5df383074876cf5bdc0dd72b6bda796d5276b5d03280604a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
75a6859fa5fb5749b585295bc0b0c4ab

SHA1
45ce0f154a56d171c9583bae38a475c60ad05c25

SHA256
4dcdf7b2fb9a7623dcb535d4e8af6b3e91d8f798763c136470a6f9232f5c14cf

SHA512
e919cd46159c6918330d2360481e97e16dfea55210c19b1c3e469a53fc82e7006084acd07086ab64769e2e8b2134f76d8b056e3bd576b86ea794315044929768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ac6e1791439b6f844f1a856dbf1d5578

SHA1
cc3e2a25120933381123806bc6da619d33a4cd8d

SHA256
511ebeb87ff1e47cbf255d5e2608943c612d3483d9baec6d560b5b4631365511

SHA512
5ed533e205348ba54c135cb75f32e040aa5e765880cd83fad3d4a5cef2cc6d64c263d8d4d2b4b961ee897ab4f681215604db7ed160784a4847d00f5184713815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c998848735e9498ace77a5cad71a565

SHA1
62c4f4aa4c50b8cc196b27a81ae0117c24069160

SHA256
0d01b4418a2f3c25d0fe9ab66573942d90e167859089986bcedcfc1386bc9f56

SHA512
496d90d219596f7891a12a2eaf312d0feddf4b1003099b6e99dfc2dc63297ad4890a3366cda627d3aabaf0184a908b1ef3d7e672eb084c3dd66a970bd31b542a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bf5939926f839d7cb134b0ea18be9411

SHA1
04fb79bb8bb9ddd409a9ec960d9b307d4726608e

SHA256
f5495aa2ac609eb5a00425914da29568dab5eeac50d5f467128cac97f8009524

SHA512
2c22b89fee50fa4a4e01c19ea7d8e909adfc3e18fb630b51b3681de4a68f4363b74c0b3fe3b819b1f08a81507158f9d65c80aa1b2c33f3d756fb4bd3331432c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
962e34efba1a22afffd196b622925947

SHA1
4c1c64e3cfa080dba8f6bd09651f7acd6506a6ed

SHA256
5775118bfdb7f8355fe9c349d5eef6c9bdad40efe6f7426c253739fdcb0b9361

SHA512
c49040afd1ef8baa61eff5a183f9e2330f5dbdce3bb389bb08922e6b237cbb605c46ff5b4d9d1d2e53fa9cd6c671d863c789be7d52805a369199c69f0128d2f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d22cc02ebd79a05ada87f2108a5cc61

SHA1
a318077ca8f4c2f4e2742a582840dfabc70d382c

SHA256
b51bcd2c7676d90bb3f5c650eb609fc20554e8e7708f89fc2c994073daf46666

SHA512
4728a5fc8f0eb044aa2e46508c73bd314c1ddc3790d4dd4f91393fe62e7276ce9c1d129e873392233135a64342a452413dc7628fcaeaac0d1fb01edbb74254f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
75870eb54d75c58c206f7819b1de25a5

SHA1
9fbdec316a17bc4db07cbe7d22024d6f7c3a5eb0

SHA256
c0b9b1e5bbb36c3a53c3e78fbce73f2d606d0ac953858845689a0fce13de995f

SHA512
9a5e209b1c862c3ec100b41a4b5b794a5508c46b90a499dab531ce52894f6480e4bce446a7af3daf87ff61d9e9336fc85ec84d6a3fe006fa6765c1ad95d435e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6403ec7fd6d4fc191f4c18392809884

SHA1
e4daeaedcb42724bf0475e25d47df5fcec042359

SHA256
ec43c7eac61db4bb9d5ab3b1206fbdddb56e47dcf90136bda920d8095d806a32

SHA512
b2818c08a7f07f33e99f1eeff5af81bc97aaf242117be0410ee32b7ddc92c87cc0b544340ef631e5f3df8b34b35c4cd73aa3fc4ccb1fa6425f4a58e2bd14591d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
811c279e17f24325245f45d585d77cc3

SHA1
d0e79a080030e92301252a3a3d2bfd144d376576

SHA256
b2237004febb34e72487dec423b84f50be08288b6c2bb67acb47541c7131d95e

SHA512
1d5ee60042f3088a7c05d21a35cf5699f0013faa0114cc496cd4e807c953d53591d453e805184f6434632920848da53b51d95cddf34520ae60efd227cee749cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b2f776af892aa16a05b5d03abc500f3

SHA1
58891a7228c2d5f638803208038f2470924044e3

SHA256
7a64a831ec2665459af43ecd519c98086cde62902b45ce10cb00f86e5a0c575b

SHA512
12026e55e64a9abdb45d9a5292009dfe834cbd629c0babc77f476f331d0f1bdb59afef37fdfa4a3ab657eda09f1db52c2a15c4f440721be45381e0d1bcc39f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
793e7417e9facdfe480e51ad5f917ea2

SHA1
1e9da974dd7c58cf8a1c5a8103f38cccedcc6a72

SHA256
5fbba19df954bd59a0cefe22c6eb518de227d2badfd215be25358647cc242d11

SHA512
1a0d1234f0080edda8a965a9564a1702ba41080db2e3e03ee6eec1535485f8818d581285ec203de9971f3ece0f65876a1257c2e9b51625a3d9816ffff734e5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3df302126ba2af4d2939d6afc3f1c1cd

SHA1
2c285205b24957ed8a857362265cd578453a3692

SHA256
bc951031fa619840048a4e0e9fa9c508016083143b04a942b3845571e31c41ee

SHA512
c423a4039d8ac7755abdc8c88a648c6c4bf8ee1ef9e0f7bae337f74f539f0569bcafa3677908faa89ff9155633db41f6c08016dde74c611045c21269ac64324f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
218a4b33604c133783700e5b4b6fc5c9

SHA1
564647006a1c80174fb8461a52e91b8e545e11b4

SHA256
0a2638a59ed514662da0cf7c67f31fc6fec6f3f12d4bc977ff86c22dd13a73e3

SHA512
313f930a761e46ae529931be92e462f8dc65b64b7f8a514ba3a8a8f349af2f941d91f5409103ceaff67dcb614f71bfe72ed03438562587c9ba17e27932c62b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fbdaadd14fad657787ae4b879c9d4b2

SHA1
4d9d07d7b1a60aaaee7da8030cd35b70de05db9d

SHA256
f8b2713240ae055ab7e5d6f9ef5d7e7310359df0a240ccefa9533fe885a0db75

SHA512
6a37783cdfe58b1277f14ca2651e7c0cabe5a20ec4353beb00ed7424a454dde44361502166fc465d32e4e8599e177348d4b6e43e855f671629f48b2a34959411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7287ba002b79d53b586c7921ad330e2

SHA1
16c8cd753d4c2c829d259fb92635206f46f3f1ee

SHA256
b8abfcb3a27408c45fd8c097946cd3670d8df20ba40a73cd7cbb54b61e3d6d72

SHA512
45b793efbffaad9cfa2b25765245f3a7848e5316065881c50d08b4174df063bca6dfb02dd6c0ab152de02bca1b73cf56a740095862f8d9d545ff485e1f16a9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f3a42d0f438af6c8b4e7f2e872929340

SHA1
f394ec7f32aa0044f0278f26e06eeb33fdf5da50

SHA256
7bcb0861a76f9f69f468aa4f32ead1191ba06a47c7b90850e73810355dcc580f

SHA512
4cf9be516ac1ad2f06e8f22161d2c57a63214a5f932ae79474c2caf880acf168a3c236700c90bcbc318999acd62faeb83f47118eb945da4bb25a72899acf357d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
184KB

MD5
95a4221c687008f359006fbcd88f90fb

SHA1
5b58743064e95e103e2df74fdbc834dca33ee411

SHA256
c3107d3ecdddd0cb300d1bb74f060d19cb3ce3d098cca93a799ee48999bfc79e

SHA512
cb591cedad8d6b1820fbf634db68fd195d6e098f54c181b1e2e7724679dd462edd78d6edb62613fcb03032f990bdc7263d8be3a84c86d9306bd115a3368fe96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
184KB

MD5
08e5030923c9e01c4d6f569ced59834e

SHA1
172e93fe02b84a309dc8b65bdfcade86b042fed3

SHA256
c878bedc95d22b851a40180ac8651766847e7af8fdfd75827de5d9ff6a09f04d

SHA512
e6eed69b13e23c42d28cf3378bf6633c9933a1231689920497fef43f40b26ee5c0833567b2fc3a406d98e9520fc4c15683b28d5ee068e98671d69c11bfc0f83e

Download Submit
C:\Users\Admin\Downloads\Launcher-0.6.14.zip.crdownload

Filesize
2.6MB

MD5
ab78881ab9814eb58afcdbd1ce6ccc90

SHA1
beb024bc98a3c33fc94f220fea6b6737e8e3a5ec

SHA256
4fd4b5cc3281036c2cec07ac01d1dbd43b3446804d2587b76efb837ca2f7054d

SHA512
01d0243a248959febfa942a2ab7f1557c42e59d4fc2f3d3865ad9d97998b85042c0cfa91abf0445bf26d38f5fefd1b8722ca3cdb373d17e45a3daa5fef103c0a

Download Submit
C:\Users\Admin\Downloads\Launcher-0.6.14.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_924_CNRNKEGYKMKXPTRY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/468-758-0x00000265B36D0000-0x00000265B36D1000-memory.dmp

Filesize
4KB

Download
memory/1120-747-0x0000019623F70000-0x0000019623F71000-memory.dmp

Filesize
4KB

Download
memory/1416-753-0x00000210E8670000-0x00000210E8671000-memory.dmp

Filesize
4KB

Download
memory/1948-779-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/1948-796-0x0000000067740000-0x000000006779F000-memory.dmp

Filesize
380KB

Download
memory/1948-776-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1948-787-0x00000000001F0000-0x00000000001FC000-memory.dmp

Filesize
48KB

Download
memory/1948-785-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/1948-793-0x000000006E840000-0x000000006E852000-memory.dmp

Filesize
72KB

Download
memory/1948-797-0x0000000066AC0000-0x0000000066AD0000-memory.dmp

Filesize
64KB

Download
memory/1948-777-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/1948-795-0x0000000061B00000-0x0000000061B10000-memory.dmp

Filesize
64KB

Download
memory/1948-794-0x00000000626C0000-0x0000000062706000-memory.dmp

Filesize
280KB

Download
memory/1948-792-0x000000006C600000-0x000000006C615000-memory.dmp

Filesize
84KB

Download
memory/1948-790-0x0000000004D50000-0x0000000004F62000-memory.dmp

Filesize
2.1MB

Download
memory/1948-778-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1948-788-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/1948-784-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/1948-783-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/1948-782-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/1948-781-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/1948-780-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/1948-722-0x0000000006170000-0x0000000006181000-memory.dmp

Filesize
68KB

Download
memory/1948-789-0x000000006E600000-0x000000006E674000-memory.dmp

Filesize
464KB

Download
memory/1948-706-0x0000000004D50000-0x0000000004F62000-memory.dmp

Filesize
2.1MB

Download
memory/1948-694-0x0000000001500000-0x0000000001A75000-memory.dmp

Filesize
5.5MB

Download
memory/1948-775-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1948-774-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1948-791-0x0000000006170000-0x0000000006181000-memory.dmp

Filesize
68KB

Download
memory/1948-786-0x0000000001500000-0x0000000001A75000-memory.dmp

Filesize
5.5MB

Download
memory/1948-773-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/1948-699-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/1948-820-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/1948-833-0x0000000001500000-0x0000000001A75000-memory.dmp

Filesize
5.5MB

Download
memory/1948-837-0x0000000004D50000-0x0000000004F62000-memory.dmp

Filesize
2.1MB

Download
memory/1948-830-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/1948-828-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/1948-827-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/1948-825-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/1948-821-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1948-696-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/1948-697-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/1948-698-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/1948-695-0x0000000001500000-0x0000000001A75000-memory.dmp

Filesize
5.5MB

Download
memory/2120-771-0x0000027D4E9A0000-0x0000027D4E9A1000-memory.dmp

Filesize
4KB

Download