hxxps://cdn[.]discordapp[.]com/attachments/1269659719065403463/1272541222548017193/MinecraftInstaller[.]msi?ex=66bb59de&is=66ba085e&hm=24f6d5a0a85dba9f07192e3324e855a51f34908cc31c7da7d27354d057955f79&

Resubmissions

12/08/2024, 13:06

240812-qb5qksscln 8

12/08/2024, 13:04

240812-qbfrfswelh 3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1269659719065403463/1272541222548017193/MinecraftInstaller.msi?ex=66bb59de&is=66ba085e&hm=24f6d5a0a85dba9f07192e3324e855a51f34908cc31c7da7d27354d057955f79&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2584	MinecraftLauncher.exe
4536	NativeUpdater.exe
4308	MinecraftLauncher.exe

Loads dropped DLL 5 IoCs

pid	Process
4572	MsiExec.exe
4300	MsiExec.exe
4300	MsiExec.exe
4608	MsiExec.exe
4572	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe	msiexec.exe
File created	C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe	MinecraftLauncher.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e57e5ad.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1C2.tmp	msiexec.exe
File created	C:\Windows\Installer\{6A960B34-5197-49DE-AC60-1177DFE24976}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF35C.tmp	msiexec.exe
File created	C:\Windows\Installer\e57e5ad.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6A960B34-5197-49DE-AC60-1177DFE24976}	msiexec.exe
File opened for modification	C:\Windows\Installer\{6A960B34-5197-49DE-AC60-1177DFE24976}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF1E3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF280.tmp	msiexec.exe
File created	C:\Windows\Installer\e57e5af.msi	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NativeUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftLauncher.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000e7a671f193ce7b7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000e7a671f10000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900e7a671f1000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1de7a671f1000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000e7a671f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679415928574129"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 25 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\ProductName = "Minecraft Launcher"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\PackageCode = "001099CBF912E7A4CB6D8BF85054747B"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Net	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\43B069A67915ED94CA061177FD2E9467	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\43B069A67915ED94CA061177FD2E9467\Complete	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\ProductIcon = "C:\\Windows\\Installer\\{6A960B34-5197-49DE-AC60-1177DFE24976}\\minecraft.ico"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\43B069A67915ED94CA061177FD2E9467	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\PackageName = "MinecraftInstaller.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Version = "33554432"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
3372	msiexec.exe
3372	msiexec.exe
3636	chrome.exe
3636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	4708	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4708	msiexec.exe
Token: SeSecurityPrivilege	3372	msiexec.exe
Token: SeCreateTokenPrivilege	4708	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4708	msiexec.exe
Token: SeLockMemoryPrivilege	4708	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4708	msiexec.exe
Token: SeMachineAccountPrivilege	4708	msiexec.exe
Token: SeTcbPrivilege	4708	msiexec.exe
Token: SeSecurityPrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe
Token: SeLoadDriverPrivilege	4708	msiexec.exe
Token: SeSystemProfilePrivilege	4708	msiexec.exe
Token: SeSystemtimePrivilege	4708	msiexec.exe
Token: SeProfSingleProcessPrivilege	4708	msiexec.exe
Token: SeIncBasePriorityPrivilege	4708	msiexec.exe
Token: SeCreatePagefilePrivilege	4708	msiexec.exe
Token: SeCreatePermanentPrivilege	4708	msiexec.exe
Token: SeBackupPrivilege	4708	msiexec.exe
Token: SeRestorePrivilege	4708	msiexec.exe
Token: SeShutdownPrivilege	4708	msiexec.exe
Token: SeDebugPrivilege	4708	msiexec.exe
Token: SeAuditPrivilege	4708	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4708	msiexec.exe
Token: SeChangeNotifyPrivilege	4708	msiexec.exe
Token: SeRemoteShutdownPrivilege	4708	msiexec.exe
Token: SeUndockPrivilege	4708	msiexec.exe
Token: SeSyncAgentPrivilege	4708	msiexec.exe
Token: SeEnableDelegationPrivilege	4708	msiexec.exe
Token: SeManageVolumePrivilege	4708	msiexec.exe
Token: SeImpersonatePrivilege	4708	msiexec.exe
Token: SeCreateGlobalPrivilege	4708	msiexec.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeCreatePagefilePrivilege	1308	chrome.exe
Token: SeCreateTokenPrivilege	4708	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4708	msiexec.exe
Token: SeLockMemoryPrivilege	4708	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4708	msiexec.exe
Token: SeMachineAccountPrivilege	4708	msiexec.exe
Token: SeTcbPrivilege	4708	msiexec.exe
Token: SeSecurityPrivilege	4708	msiexec.exe
Token: SeTakeOwnershipPrivilege	4708	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
4708	msiexec.exe
1308	chrome.exe
4708	msiexec.exe
2584	MinecraftLauncher.exe
4308	MinecraftLauncher.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
3636	chrome.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe
5632	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5632	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2728	1308	chrome.exe	84
PID 1308 wrote to memory of 2728	1308	chrome.exe	84
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 1056	1308	chrome.exe	85
PID 1308 wrote to memory of 2348	1308	chrome.exe	86
PID 1308 wrote to memory of 2348	1308	chrome.exe	86
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87
PID 1308 wrote to memory of 4960	1308	chrome.exe	87

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1269659719065403463/1272541222548017193/MinecraftInstaller.msi?ex=66bb59de&is=66ba085e&hm=24f6d5a0a85dba9f07192e3324e855a51f34908cc31c7da7d27354d057955f79&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffa50acc40,0x7fffa50acc4c,0x7fffa50acc58
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,3677126766137351180,7429135414009684955,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,3677126766137351180,7429135414009684955,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,3677126766137351180,7429135414009684955,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,3677126766137351180,7429135414009684955,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,3677126766137351180,7429135414009684955,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,3677126766137351180,7429135414009684955,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4332,i,3677126766137351180,7429135414009684955,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:2144
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\MinecraftInstaller.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4708

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3312

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3372
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 4A5577047F3509988A0A2622EE439B3E C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4572
- - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
    "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:2584
  - - C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
      tools\NativeUpdater.exe MinecraftLauncher.exe "C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4536
    - - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        MinecraftLauncher.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        
        PID:4308
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3796
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9C73B090749AC7659D2B84D194093778
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4300
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BCCCCFC705561F9FB337085717E31B42 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4608

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffa50acc40,0x7fffa50acc4c,0x7fffa50acc58
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1800,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5492
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff660b94698,0x7ff660b946a4,0x7ff660b946b0
    3⤵
    - Drops file in Program Files directory
    PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5196,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3284,i,10156620315620519569,1845205892532123106,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5480

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5620
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59649ac9-a5d0-4542-9405-c8650560c43c} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" gpu
    3⤵
    PID:5220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d519a05-8496-45b9-97d4-b8f53cd90638} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" socket
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 3036 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d22af3c4-2bb8-4bca-b86b-f9a938762451} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
    3⤵
    PID:6100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4040 -childID 2 -isForBrowser -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3861ad4-54d4-4074-b278-098d3096bee9} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
    3⤵
    PID:1212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4644 -prefMapHandle 4792 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ba43dbf-c085-432d-bf83-586988076798} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" utility
    3⤵
    PID:6396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 3 -isForBrowser -prefsHandle 5436 -prefMapHandle 5408 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14f58e63-e0b6-4c2f-92dd-d17c27050c50} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
    3⤵
    PID:6872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 4 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7feb898d-c262-4d3e-908c-31476a619ab3} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
    3⤵
    PID:6884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a12ecc-5973-497f-ac34-312285594a6a} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
    3⤵
    PID:6896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57e5ae.rbs

Filesize
8KB

MD5
1229b28a0d9160e24e847f56a4f74397

SHA1
0094e8ff4249c60bcd90558ab6241d29bccc5277

SHA256
e9bcdd0dbd267b515f57c6379291901bb61d4ed4c60bdc2d3c8f6a235c799503

SHA512
2808d0ee633ad4ce49b947273313844a641622a723cd678f137c67842f1f76700e7232c51d972fc6fed14fb8bab907d3c9b66d16bf1b38f9a614e61f0079a6ec

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

Filesize
3.0MB

MD5
11a4bcd0c92d0d973847450bbe46c6bb

SHA1
f1229f3027424d650a0de2d6999626585539b2de

SHA256
6cbf77ad3d9c53860a353c9580c49ac81e6d26c93394347371454df6cf3f2ab6

SHA512
e33ad661735437db39e1aafa2d6c167e96582e240e4fa4a5ecac829e5a693e471b16be6d911a7937628f0c210a71473800c081ea5c061fc0c7fa98662554d17a

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

Filesize
1.1MB

MD5
55bc64c641938f7cc3a8ae66006da2fc

SHA1
2635c35a18e3dd562f4ebc2bb18aa57c6a21a055

SHA256
480eb87aa849add7ff8fda5b32f0af46027d208a14c4642d9ce3c214ffc7ca52

SHA512
49404d80750aacf58ba72e26d3942354521d8695452dd1d4901b8abaf07beaa3b280b51734cd9ea4ac25fbe0b2ba53c831a7c5ba01e5993957ebcf4d2adba757

Download Submit
C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe

Filesize
3.0MB

MD5
2e4d3f821a5b6d37ef2ca11fb20e6979

SHA1
a526be7ad718af091bf47d726f141352ad8e5d27

SHA256
e4cac53d49c8a431ec233c3c0191d008c8279128d0ebbfae1f0e346e8145f4f1

SHA512
8bf2b7452b0c6aad442836385a82c9fb9e9be983065fffe7d52704dc9bbe2a393098492dd21c61124869eb1e81eb62f8519e381c1b4ab04738550479f761c434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
34d5f753bb13744c8dbc6fef1a6518f9

SHA1
c7c5d802e1ba258d9dbff7d1c526fbb4de903fcc

SHA256
8932393213556e7c6a68060d76c2b9ceb0cd10dd8b1c5846f15e0d5ccaeca10f

SHA512
ffdec2ef3bc47ad5c889af3d178e8478aafb7a08746e5bc3925ee1553535afe49f2ccc074b5724449f9cae71c5e86fe4dc2310602e20c486dc90fff038cc6e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f10f23717886695b9074d56100e8a075

SHA1
de8716a9bbf43e93d5df276dc0c8c0dc4baf8a08

SHA256
087d3673bfa5fb122d4766befe4e2e22c543ba797d3c8d726c3f19ef6c27e35f

SHA512
4926141763baaa64448781cb817e89f500081fde0d1ee8b1996ef0d796a4aaa875b8e90e47a112975e3be00d5e82c59e14b815a36e1edf447e477fb66ff015d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
de6c791672be264feac2ea1accd1553d

SHA1
f5b5dce3af9246699e7a1d8ad289906f7345cbb6

SHA256
7afb7976fbd9795dbfe4be53c35c523ec1877589891023f0abf385466c035aa3

SHA512
8f1fd0b78f90cd156511fc6cf53f320d2ef56cd21b8cd1ecc9b93fe1a7cd1d26139ee44632295fc57508b101a94c35a1a45d4374a7e4a8aac932e502fd6422ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
2158470d4113cf3bf4c6558cbf19e491

SHA1
adee35a8cf5dd7bac0baed2bf643a62f0a6c84d7

SHA256
7cc9026a4c7effa2859d6381a17c07ad6f8b9c1ec83bfe1aa7a6a3b743395c83

SHA512
f967cbedbb4f9fa5d8e1a0f49b65108549044d8e0a27850fad29923ec5947b652c2a0e168b4f4f6d87e51a1d3c8ab076e6e672a36c6da179a5195025d91f0cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03e36a3941d3db89_0

Filesize
374KB

MD5
ac5c6fe062096a618c3394f043d91f8a

SHA1
8d6635673bcda35add2ecd7ef76070a1d96783f5

SHA256
7396c5f8e56dba2c7680fba55a04d682be6d71b2eb4f0d58749f95666ad4476d

SHA512
4b9d2e46b95a61910a148f92560aaba620429ef4e4af248a4156e180a445008b981baf38cc1f5368603db761a9704f10983cec4c841ee9e8e43de7d7a82eb175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d1a60d94cb115fb_0

Filesize
289B

MD5
1007eff8c619cc6d59e0f5540b296c66

SHA1
8f1fcd3e4b91daa5f15c233daa1096b07082eb90

SHA256
171ef661216d9599eb38df2c38f463ceddb99af14d92716ddbdb35d3b2754c83

SHA512
ffd0c96665033c22b54bcf40d22421de2e70113940b48cb8378737e15006994e2ec815a840fa6067ef2b772750871278a68fa2b79b630a3898b887dd3e81d67b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e237266f0b2f76ea2f6e71daba8cfcb4

SHA1
bb8d4229c31c837dce9d89210ec028dda20f8623

SHA256
44ade43551dee7734b6749dfaa38124f78d8b960b4c47872869425798f8377c5

SHA512
42212ddc5a5a260a875cdcbab384b7392e605b7386a68e8e269ca55e1691a24a039c8f8f6f3cd4b5e6c502fb6fe56160660cd1caf1022dce6c691222925eb07f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
59dfa28097ea915522ec2c5042926e86

SHA1
c83a50ec51388b4571cbb4493bd5f27e23db7119

SHA256
658d1dc97794ec3b181d9ea3cf34268161d51ddfe2efa4df54a49223afec226b

SHA512
759535aa091e923ac10a9dc6e08f34d9dbbc0aa10301e389250c3e0a344d916aee3aed9028f8b6d8be1539ae0790e798e13f97e4b60cf5b721d19974f2648bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
b651668d3b25928b054dc5855d441eed

SHA1
fd3ec3f56f148b3f2174b1835e583fdc06f2167e

SHA256
36fcc81b4ac68570ee23cdd2a1fb1ddb77e079592e66a7077929bd12cb76b242

SHA512
843231b0f9d5552c4fb9fd94c149839981b441ea63003b890c4fef1c1adf2a30a60d257bf7fc83df645bac6640a7738cc2bb8f953f79261c5bb1fe3b8d34e62a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
8eb8c7b53dec679acb049cc380b11e68

SHA1
d5ab2021fb1d509090005746a778b4cebf899e3e

SHA256
dd141e4399225fb5d5100c9cbfb69a7add4b95613afe686c730323189a7274f3

SHA512
350e91167436a414d24c6079b8944b0885476e17d9ba6e8ff925d516f83f4db0e5b24ce8f9ef21f4e0cac688964d982c9bf51fcde4bee99461d8d54e09912aee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
03bd86ff8d632c03f9bf674ed34a2bef

SHA1
3d04e219bd1481778e1975ed64ded66132b85265

SHA256
216a4a589ed9ee9ecb380949503ab022d40381f320e378b945fb2331665da2f0

SHA512
04b118e43fbcf43dfde67f7e1a647d5f5f3f5ef06aabe95b6847047b9bc4f651a575985d070a0ab0eb6d9e2cdd6d60eca62f5b7764d4cc61a796c6faf4bc10b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
85830ab4a4408d1640f5cb95c7b830d0

SHA1
6666e4e27875cdb0cf8189449c9067bbc42b65b1

SHA256
c37f70ea54fe0bb0260ea24d3fe30edeaf156d11d3e2d1be93d386ee49af8568

SHA512
b6a0f5247ccd2f188a735c216b6970a5f30ae18873a4b195eedf313b37d5c2a880e53feac2dc1014acaf7431b746b0decf759635d674e27d10c9124b11822d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4d970add21fa37be460ee73f73c47763

SHA1
cb623b97a2acffb167346f1184f036dade3225ae

SHA256
f6068e5572901e54c764607c9fd0b610d2f4ce1c91e2ff24c600b037f8676b35

SHA512
3c2d798f9989c5f9b84a25b824cc9ccfb9933aaef9912842c3a159de0ef82f796acb0ae4fc5a651299731b7decf00107350ff58de747a952e63219a9388295e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7688e2042853720e87bae774b72d3eb6

SHA1
f9191c1d8c59c7172bd20f9f057fb05c819a9298

SHA256
38afba08f91abaf0a6c4f78b7a58fb6a80e5feee0a9d28d428bf7b568af9b6fa

SHA512
9d78867dc3990a86fb400cb05eb3af86ac6b9c44a8dab15d40d65463f12c0e42cbd185b96965da2101e32288aef6d5cda10a5402a5f42e49b2c84a35d60ec2b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6e8d7036972c11415be3b1118f61caa6

SHA1
dec0fc9e4ba01732261b5660ac646e66e69d4f24

SHA256
3e9e3bbea3ea27e9ac4052affcbbfa7d06b6276c56c96bab95170e49414c5286

SHA512
349cfed2deefd95128fe4e326a22a601773128629a4615f375c52e52a97b18c5a6fb72b3c76bbd5a63edf93c513dd809c437bebcdd6e001d6436a8471fd34e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa9d01622dde96b841c10fa12aaaa661

SHA1
63205e94ff242fba14cddb546ce301b8558af0d3

SHA256
6074f0fc34e5204d37de5bafdfdd19fd2e9b19a20471a8f4cd43aa1338fa1322

SHA512
c57890405ae2fc2e17f4257d82d8e9a0ac297136c4658df68b32892973ec05a9adb274d8be6e2694a8df2d141cdeffb9baa3c3f08ba917c060fb92201de9d8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
137c636684d1b2cd5ced3911cb2ca892

SHA1
2936aecc9f1999e137f701a9f9b68a944e92397d

SHA256
a73b6e0058ff178f2604a75e0b8a1da689745de47345c35c9f958c683935ce89

SHA512
cf04057de8d0a1634c6a62b1f4d97632d786bf41cbf4cd79f066d2803dd97b4fffccb905793a8f74e60159b1f7cf45a6665ca424d237904231442d14d97d250c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
65353b7805b494d8d6c5026c344f1e7a

SHA1
1ad9f4c7bd1824bd6768bca1cfb879e0c35fa5d7

SHA256
6100712f328d6872c18c950496aa554eebe49ffeb83c3a932c5cbc740935c53c

SHA512
e86152e97d931de68247b53192efa0a56dfbc9a836ac2e20af281484dd9b2b76de5f66b1e39866b9806fcd4db03392f322af6849391680023f4a8cf2d3710b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1be14dd072daf08aff746f7f20a404e

SHA1
b66ee22e283d49c65d9a02ee01cee6067b8ba108

SHA256
e5e9fd8ef7c90bcac28a222c8d43fac16fcdbbf657d0cc8d06a352757e4e1428

SHA512
cd94d268a0a652c624b9d63b9d0336ede05f9b1ade0f06b1a961e1f374daec9f11f6fdb162521cc44b2cea98171cbacb41829fe4ed7da087cdb977bf809f1d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
054a2c817e09f205c6a17d9c5d2d03bf

SHA1
8aa91cb47fdfe11c9b548d297bdbb2468c022d4f

SHA256
e015909f60551d1a99f64b9e3267c3eaf8ac361b61c1794ba70d4118f48e722e

SHA512
9af15cb19b895438aa2fe106b26897503a5f9541220fc2477d5af3968c1cc03a6eb1330064012e5fb86817be68fe8090b504e7c43d28472a6f50f98e58f48be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee7e64c0761b364fab4584a49d4a222c

SHA1
f6bd8b35e85e33f13551cb62dce98fc08872acb8

SHA256
11e1aeb84b97c808e7c61fd657923ed38b7543531dc06b19102fd4c5b8c02bb3

SHA512
bf42328b9003a10f2f486a6a56a6113ddbe0eb2c2584585cf6340975c3e0a78f88b49d5bdd25cacd2b40f6a7e4a0467e091f174223b503a03a2e142f81a691a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
29ba7a0c2f0df685cc68fd9bab8fd41e

SHA1
bb3c74079da8a44c4b0ad84dc7706f226415ff0d

SHA256
5eff204022d5303f7a71a047580765153666f93275fd244b7ff71678bdbaeeb4

SHA512
15b1ac5e4e31bdd523044d7a2cabfb5de9abad13812e99a93a81dc3522b5ab3a03d2a5c4e2fade83e5a763d4a28abf09e41825f0c542b5b566f653eb1db66461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
7c5b34d400c09aff6bf572b6f0b327dc

SHA1
15d2bd594155da2a280f5c0d8f993dd02a1f61f1

SHA256
cb1341aacd25ddf2d747a18a30a140ac972bd920bb0f4562a363b001a158da0a

SHA512
a36e75e8c12bccea909ea83b8f9cc6e7b68d52ec2f85dd6d59b714a007cb5ff22644a43bac27d54844e428a9ffe7e6b3979b04d0af3ab9697015ca916629f0fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
04321a0f25bb13af01933cc0c6bd575b

SHA1
f3872df82fab4e44e810edb289aa26b4fa07a321

SHA256
2296fbf73150e96f25c0a8f447338fe0b65a74a04bbd4e7afd68d693e502c7ec

SHA512
1237d5a567f9dc7cc9667254420e56765967190492aea1b1a66df6c34bc769739e73059c19889f8d4d9a962cad9a3ec450846b65ee7b8e3ac24c49531b60f4ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
5682635a7ec27a8ab18020310c3b10ee

SHA1
48f4338d7d2635e6e9b5997b3b912c684313ed5b

SHA256
d22f7a3e4f880152254b53966fcf56b340fd2457d3956730e5a256b099835277

SHA512
e05e924dd3ae2d810737f7048ef6982be24536712a1eba3ca02d4b81e2f3f225a3967ceab8ad7e9056fcbc2727d7e7e19cf6e19a8e74902f2c82a3b14520bde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
ad78b036f43289501fe04a3b245a1762

SHA1
7a8fe91fe6b054a7f4c2bcf7e2b8b0a2a3b732f9

SHA256
5cb3094bf017c16ff45d2ce8367adb6bcd6eb22c434ee72d21305a6f41fcfc87

SHA512
91decf40bfdf9afe5b704392fce179a30ef752aa2bcb3b704167794f72cb9f819022d52500ac7010686cfbdd16e25a0e675477d249382923b009f7052af46489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
958f520489d92f05756f969e7a92184d

SHA1
2c25c430870eb67d47a8ee76ea855303f2cea805

SHA256
be21bc70a4c6f0284ac437ab586dc6208a18e34a6e8c09b6036c14c6a892719f

SHA512
bd868ca5efcbb0b2ec3ffb826b649ff7391add1888583ac207aa5b0406f0899814c893e1f76045e1cd5efcf0b3afb4286722121d8fb750df938ec42efed9dc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b836a8d3-edc9-451e-b0ac-f173a7de3fa5.tmp

Filesize
649B

MD5
b314ca8638b0c63054b4f878beaaecd3

SHA1
2f70ca6fb76a4657d736e6dd2c6780748ae6653a

SHA256
84c54d6b3c08141c547782bef269198a9c74c44f9aaa17331c0a1e940c4564e1

SHA512
ad0af96e4a4e2e020cdb53e252df195fe94fe7c1f7e29852aba8443a04fb832ea9c3cfea6392da760f0116d77698c2fa56be75c681f554ee338eade5397b92f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
88bfd5848fcd294bc4ad2ae6615e1faf

SHA1
05ff9d7697ebb28c9b16294d7cfac9702259b91e

SHA256
9057992abd088637822e8678e2f996897119feb431b455732a2c0e25a6c0f88d

SHA512
6fb5835f95666eb3def833117cd92108f157b732b08ed98c38afa10666e9580b3f15ed0bcb42f0ab3b4c148d8f55e55795df0fb2109e5db09b04ee5d80c1d5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
be5a6e220ffce4e7d8c7667dfe088952

SHA1
c84fc0b54d787f7fd253811767ded68ce54df93b

SHA256
66746b142ec226ce6109d9b52cefd5b115513a1024d4f277e5d0f975a0efac7e

SHA512
8a96ec37439703c863582231e1aa9029267fc6901f030e54ccd65ef52c273bd49a98055828ea758d87e74adc6b363e3760552ab5add4bbed14dc5c5a9500fdd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
2407bd614daca344311f98bfaf6d7042

SHA1
af299447078619537ce4ada829d3e07bb29801df

SHA256
db6e584c539aed64813049079fd4ec3bb4a40841c708948143df0bbdc3434b38

SHA512
5cd0632fefde93ddabbf82557a93a8145a3dd3e173ce42ae17dc840d7583d57209832c01c9579782d27fbf8c74a276508997d278fb9d07cb57431c939e5c4ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
93e8d148b7a1abe60dcecf50d42444d2

SHA1
30fb644f58fb438e86f1656defca85fd7d437d33

SHA256
8b108ab7ad031d9f2ea83c9dc29ddc764efba334591804427604bba23b02bc72

SHA512
603e0f0e8bf2f16ea6336d3a766dfe9ef8425cf6c2a89c67b8c154438b0445019d799db5d7a43b7e8894ec2d0f331213b3a9868960b5b4f5c356928a2d639d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
9bb369e54faeb7e8daca73ad0fed7cea

SHA1
a78da89b0b973a9d55478bc90dd9d89a0fe1f494

SHA256
c1e6687175c082ddddbbfd06395b839c8733510447fc043270514f691262d86a

SHA512
e67db865656678782b9812a7c0d99a21098ee8eaa30d7bc4e9bbf58498988bcf7a1e8ba0541f861c089ca3cc0a8e44acf769a4f321cecf80dfe4f310aa434772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
82ecdc912ee08ea88a68a48675c4b10d

SHA1
fd63ccc7723770e5b257ead5644f4b264a9286d7

SHA256
1fb9792528194ecac904fae182fc5778838fdc85c188d7b80ea9b01bb99e8554

SHA512
563afa457215ed1fb1730614d843731f0dc9e386729cca59f8f24f2477eb6072cb196361d0d2b36e33ef22cf9e57223f758a48b2c407761322d1237d29a7fd60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3f3fa2de772b128658865d223833799d

SHA1
cf5d98d1bc1b846fcf45bd6ef0ade0d6502c0c0c

SHA256
a6db2a2f6ff3e8e1c9e46b4a19117307490e0089cb905dd410c0a363176dd4fe

SHA512
3cc3445970d7e4162362de7dc3443da7b458e1ec8e4e51a70534f2d00fd89fe4a9f02dfe6d4f4f479d298a757e03af90b902136daf944db4ea480d6b658caf95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6fee78dd9361df0c1eb3429a2792a6f7

SHA1
678d997e2a989b00e4dea8d244e44bda2ad041bf

SHA256
977b4d081003558abb1251d6f0ad6d7cd5c2b4454b806796484eca4a94382964

SHA512
c2d98f0835686574e6ee59a1170bf4117a92369552567871edde204776f911f573a821cf85439a221970f4c446876e3de50bbe6495aa9b35f3c0f7dbf780072d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB3CF.tmp

Filesize
87KB

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launch_attempts.json

Filesize
71B

MD5
3c8f1aa44ef45d232b3e3f91fecfecde

SHA1
7b17533a092ffc20159ba76155bd4e820863713c

SHA256
374db94dffc312b4637619ab79ce0cdecf93601944107e2efeebdfd3517d89eb

SHA512
ec2946bdb8348d00119f7e40438f866f96215073d80a50f0d120ba7923290fc5fd3e149b085551ac601cc84c24bd5f356d0f232aa83191fac5d775c72e218c36

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt

Filesize
9KB

MD5
9cc473c40d84f6cfed8ae2ac9e270144

SHA1
841ecb55935f0560bc00af9e086d1f9ad5302f3b

SHA256
e355f2cf6b7572e09803153c87919794a58fdfc9c0aa93ff1ddb980d710ca9fb

SHA512
759f251b68e7690af8cda84fdb32ec55f71226ef2a6bdd8143c80ecd92a576ac14f298fc9b179bd9b9944e5c5bb2f6533e3922ab6a32649cf952a72483a50a64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6f021e949bbc5e0e822dc7357cc9d268

SHA1
680f9935f4b0fea9a763e906f55bb95d4fa79e0b

SHA256
d27c73697bf4fac8d132be96d9fca25a9d90472ce2c814684232dbc61e537ae9

SHA512
d66954e2b0caf04a161a4dc5b8beb3265276ec4d305929be6761417c7baea04b7c0c9a4aacbc5645450f1ea0e9ecd92007fc92b7baafd0ac8bbde4b8981c9f02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\243cfb78-f663-43f6-add7-72ca2e2c2784

Filesize
671B

MD5
9676e3d284a8542caec378aa5f25b05b

SHA1
73138770df9821569f633bfba859f50632023eb3

SHA256
02c75c3ef63338dd73457f60b0eda488cfcfa440cabc99d31ffc37219ff09c06

SHA512
583944f2d7fc29a53a4e246bb50d2723f697ea0a4c8718f76a218790cdaea0307ccbbd8e98e2c1fafdf6b13506308ae366aeb5cb0a3d7d0eeec30d26ccc570e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\ad1d228c-aa7f-4fb0-91fc-b009cbbbbe5d

Filesize
982B

MD5
f0932bf20afdb7c72febd27cd1150ee1

SHA1
cd1c8b53e725c2f9cf22275118e31a70efdfd6a4

SHA256
bf96acd46515a71c410b92c7852000da878534fa3d5d078f47ea59926c817e60

SHA512
09c11bd1a80503a4a8f6eeaca75face4c6f107f7b445fbff210d46efc037f31e8dbcd151e2720d80086292a749082a3a8c98732227072519e1c4a96eb4427698

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\e13e2424-db97-461b-a368-1abb51da2c7a

Filesize
26KB

MD5
2d4c5c9256a270eadc4ce136f5fdce56

SHA1
61931685bf841118d87f724a75856e6fb203bf88

SHA256
8e3c668512b06a9aa8722881bf6fdbddae62686a1d227670fe3606622bd6708b

SHA512
0be928434eee9e54eed67faa5c33c746b1d6ca08de38ada09c570683e534bc829f54f2e882ff90ed474c95e5bb4390cf08be065d1f5f1065bf89595163f8f461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
2538a487b8f8927e34ba340ce00bcd70

SHA1
d7f46d04d6da24b348cb23014da72da84246dcc9

SHA256
300f96ad7dc5c86e33979b0998f29ec2247199d2567fff4987e7161cb42c2e8a

SHA512
f13b364ed149bbad4be720d107c02852e4e380d04616aa9860fa410dbdb2f124c6de35bd0150fe492853aa649bd72a3b620ab5c86875d3d7ba3820cfd15d0094

Download Submit
C:\Users\Admin\Downloads\MinecraftInstaller.msi

Filesize
2.1MB

MD5
02d7f8e22149e154487f2fdddfcec8c5

SHA1
390019b5f2c24f14dd398ab4ba8bef0183a923af

SHA256
d9618862a64da8a5c86f2c9cde65b48ab92ff8bbc14d5f3c7946539a44e2db17

SHA512
140d1b9c320e29eca7e9ad2ed0c75004d2421f612a6cafb593d168856fa918ed7bc607ddcebc042a3a26a3e819785d9cea4ef1a298ad1f13dd4181c5b5b3e2cb

Download Submit
C:\Windows\Installer\MSIF1E3.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.7MB

MD5
31e1eab2e092dc5078b6ed3130797d31

SHA1
bc563ce9486d7fca0459b01e25aac475652f255a

SHA256
f93babc3f3295e8ede1e4d781dd85013e211ac34691f9b2dd4ce5aa1039282fd

SHA512
940c8e1af4885b9b2c657a0a9242e2b3b1c5d3dc922f29f62884357d243cf3ceefc2407917192e025014c2903803f6a558a7b8935946478be2455cd7c665e30e

Download Submit
\??\Volume{f171a6e7-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{bed9a8bf-a08d-4ab2-bf4e-bf4470dab52a}_OnDiskSnapshotProp

Filesize
6KB

MD5
d3d267035f14eb9ec61d2274e1ed0425

SHA1
50afbe474dc96eb1143dc0d6e0db08fff2924d64

SHA256
516fd59903e6d829f772907813d5dd4d55133305a27dd4456d1065ca4ced31dd

SHA512
e74570d1bca2daf6710aca1b4b365ba10e103954bf40043dcff7d578b55d8aaaf5faff26bc7e6c5d5d675efd99b778a272264004d9f8dabe061557bebb291a41

Download Submit