Analysis
-
max time kernel
518s -
max time network
519s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
14/09/2024, 03:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sirensdomain.itch.io/housechores
Resource
win11-20240802-en
General
-
Target
https://sirensdomain.itch.io/housechores
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language House Chores - Beta 0.19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language House Chores - Beta 0.19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language House Chores - Beta 0.19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language House Chores - Beta 0.19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language House Chores - Beta 0.19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language House Chores - Beta 0.19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language House Chores - Beta 0.19.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{9C588170-DF51-4A40-948A-A06BC115F165} House Chores - Beta 0.19.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\House Chores - Beta 0.19.zip:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 3132 msedge.exe 3132 msedge.exe 2124 msedge.exe 2124 msedge.exe 3616 identity_helper.exe 3616 identity_helper.exe 872 msedge.exe 872 msedge.exe 256 msedge.exe 256 msedge.exe 256 msedge.exe 256 msedge.exe 5032 msedge.exe 5032 msedge.exe 1928 House Chores - Beta 0.19.exe 1928 House Chores - Beta 0.19.exe 4436 House Chores - Beta 0.19.exe 4436 House Chores - Beta 0.19.exe 3752 House Chores - Beta 0.19.exe 3752 House Chores - Beta 0.19.exe 4436 House Chores - Beta 0.19.exe 4436 House Chores - Beta 0.19.exe 2408 House Chores - Beta 0.19.exe 2408 House Chores - Beta 0.19.exe 1900 House Chores - Beta 0.19.exe 1900 House Chores - Beta 0.19.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4580 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4580 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe 2124 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2124 wrote to memory of 2084 2124 msedge.exe 78 PID 2124 wrote to memory of 2084 2124 msedge.exe 78 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 1484 2124 msedge.exe 79 PID 2124 wrote to memory of 3132 2124 msedge.exe 80 PID 2124 wrote to memory of 3132 2124 msedge.exe 80 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81 PID 2124 wrote to memory of 4548 2124 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sirensdomain.itch.io/housechores1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4ba23cb8,0x7ffb4ba23cc8,0x7ffb4ba23cd82⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:22⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2500 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5032
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4348
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1944
-
C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4436 -
C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\nwjs\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" --annotation=plat=Win32 --annotation=prod= --annotation=ver= --initial-client-data=0x2d8,0x2dc,0x2e0,0x2d4,0x2e4,0x752fd0e0,0x752fd0f0,0x752fd0fc2⤵
- System Location Discovery: System Language Discovery
PID:1712 -
C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\nwjs\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod= --annotation=ver= --initial-client-data=0x1c4,0x1c8,0x1cc,0x1bc,0x1d0,0x79d820,0x79d830,0x79d83c3⤵
- System Location Discovery: System Language Discovery
PID:4052
-
-
-
C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=gpu-process --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --gpu-preferences=KAAAAAAAAAAABwCAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor=Microsoft --gpu-driver-version=10.0.22000.1 --gpu-driver-date=6-21-2006 --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --service-request-channel-token=417B4F98CC3B4B333808DB748682F47D --mojo-platform-channel-handle=1720 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1928
-
-
C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=renderer --js-flags=--expose-gc --no-sandbox --no-zygote --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --service-pipe-token=E02CBECE0C4B710F384032B8445221AA --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-checker-imaging --enable-compositor-image-animations --service-request-channel-token=E02CBECE0C4B710F384032B8445221AA --renderer-client-id=3 --mojo-platform-channel-handle=2180 /prefetch:12⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3752
-
-
C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=utility --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --lang=en-US --no-sandbox --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --service-request-channel-token=045CA1FFA245B234373AEE8A93E40FDC --mojo-platform-channel-handle=2716 /prefetch:82⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2408
-
-
C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=utility --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --service-request-channel-token=9A0E2421BE210A2A6BFDC2071EAF8789 --mojo-platform-channel-handle=3756 /prefetch:82⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1900
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D01⤵
- Suspicious use of AdjustPrivilegeToken
PID:4580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5302c3de891ef3a75b81a269db4e1cf22
SHA15401eb5166da78256771e8e0281ca2d1f471c76f
SHA2561d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58
SHA512da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33
-
Filesize
152B
MD5c9efc5ba989271670c86d3d3dd581b39
SHA13ad714bcf6bac85e368b8ba379540698d038084f
SHA256c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3
SHA512c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD5de9b8fffd92c9cefc78e253b64b87a7a
SHA1b33130f8284362f30c3c145415ca91acb58ef0f2
SHA256bf249bc4eaccc79b98c1a8a8d67dd238e495f2379b10a070530e8e0fd3269d73
SHA512a8e942a325d463e762e99033147c77744a45c7297de6e3c1524a2ef71fc8e1d0517bab5dd0c1209af4bf857c6122ef49d1c01e9f98e9d344cbf981c235f1bb30
-
Filesize
825B
MD5287e81adb7625ab81aa5c5505e9f5f0b
SHA14f2ba40fc4c976318c8d698d8cf42146e501f267
SHA2568620653654508953d3559845b0a2ad76ab88258dc1be64b34cae8965d7d0627c
SHA5122036b74ea1a5673b882d96a5fa0b7d1d15e218223a2c6b5ecdeedc9de27f2398d1e7870533dbc84dd7ad687aabf99b682692be19cc691e8865322ac1afb7109a
-
Filesize
5KB
MD597c30570d5071e8cf896576e66d0f34b
SHA1e46e9564c90f0c9594b8c3ea4d6fdd6b6ee6510d
SHA256265e9a1e992aae7228081da65df4d85c4c496ec5dfa429282e0a3e0f452b4372
SHA512fc5454fc8d812e8d8b4b5f7bccaed9001ac200e37e8315e01147fca209248a670eaa69ceab97c2373bd07c9cb8b7b876c7069371790af727525bad8ad2258eb0
-
Filesize
6KB
MD52e849a19877c3ffddc7b10a274f5e36c
SHA1562f0a0f3eb768bc1b6bed99a297eb016332eb40
SHA256018537165c331c629716833f2fb0b329c9485c6e44a7c6e27bdeb103016a84cd
SHA5128a0fdc878de9f1649dada1c704b1292269a9f0eec5fbba9d79264e1fb91fa0d80aa8c00905e6a1588e3de9a09f25b447360b59314d1bf4f0d21e01283c1de99d
-
Filesize
6KB
MD50b18fd38a5bab1cc1c46d16c2d478805
SHA148f6492f7ed936070f8e58b337998206e7d33b1f
SHA256e7437225537389a7a8aedd2904f64f004ff49e6173914445fdd1c1d3a2f0ade9
SHA512ba1d6330166fbc12d582912da4c20e48c8348392b7fcf3ef791635b1d300f553df80be89bab0a31da9fe86f46acd7ca2ff5cb91c526446a33745bda23f86a033
-
Filesize
6KB
MD598539841766cec425daaff1d1330e533
SHA1d35f7e11c6813823481973370696c1b6217acd52
SHA256f812b9c7e37be0e3611e5c5370fd7ed33608dcf0eed9ee55a585cd9ae207b618
SHA5120ca2c779e3b0987482450bdc3be03531323aa47975fa384fb82f97fec5b374f23b97d8f68466664542d2f6a4c52aa01bb54bb2c405e438a56ca88b18112129f6
-
Filesize
6KB
MD545f5b92209c917953be4c638e4eb45f0
SHA10f5bca979e398aeba3524d6501a682486734c0fe
SHA256637a98843df321e5f98696d894109db3c9fc416679e7f08a59ae17b1af146ef9
SHA51272ca0f866d1b66e5a0dfbc89dfc77280a065a29189dd4fd6395b87bb8020d44a1ec0ead694eaef7385529f6c70c0d80d66816310aac018a81370dce8294ceb6b
-
Filesize
370B
MD59aa181331d49a06395460e6e238469c2
SHA10eb528decc7da99d2a2d79c717f5da28c85f19f1
SHA256cd1942695a53025113baac92fd12a2edec4c655512957e3109372109e314e147
SHA5121c548596e68a8a431d3d7d5261daa5e697bb7e227bc97b2c0ecf88336f2e197c1e177babe3e02bcc835c68974c00273ffd7ea30dd6cf917bc229e21cfa2c8273
-
Filesize
203B
MD5a83dbf5f1f19ee923fe6ebde2b7ab802
SHA19ae0e526e907a80d9fb052a113d6750523ff9a12
SHA25648f185e9e3ceb347611a8297a8b2ade07992ace0dc7e01719e63efaf99160c90
SHA512e3e5c5c2ecd40639da172a4a7615bdd11f1cdff85243d3360af9975fd1ff1ca38a0e6c4882bd463ffc27919236b2a1969d87f18e735dd3ecee18c5723959fcc9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD583293461b5dfcd048142fda5e53e82ce
SHA178be070e027eddb5918075aa867d75103c6ce427
SHA2567830e5d892eb30cf6b58e1b260b0e43aae0e953198450c859b7c90892fdaae58
SHA5128f75e17ff82f30f6f3569167b20ff24c41f4ec893fb8ee4275064417a0cf2496caa8aba0dfb872889f933771a109aa72dbfed934ee85b7df6eb37d25e27fbd9b
-
Filesize
11KB
MD566f3f6948a4295b33a1dabd4c4cfdae3
SHA127da75b9be00e7f414e88a618062229139f7a88d
SHA2569a51aead040d91b5997f3d21708d5a5c7b2e541fac8d83e6114e43685176d217
SHA5120a9dea29d1805ccdd220decfb0b64e57bc7f54e94794cce6256927b2c1ee8d564f3788453b83d8a317c02e70a3e5c816a5b90b3357994e7941a936eb28773e9e
-
Filesize
10KB
MD5d3b25deccf1cca26251850ae9acaab28
SHA12f88a7a336ef1e77867e4750da330c157b88ad2e
SHA2568f6e383e9debcb8104b897603c49933e0c406dee406adb11c2e935dda157cd01
SHA5125761fa19aacf868f723d3f043658a0bd655c5903deffffb4500eaeb77f0f37575d2735a174d3c000bdc4722a5a55838ee58fdc1af654453d477c78f1af7beade
-
Filesize
1KB
MD5e71c81fc3cd64ca057345463dc461057
SHA18e909415e6d4f384573247c8e635459c764ce6a7
SHA256d802abab0f39fcb702f07899cf19ee0b6069a659407d1ceabd11bca61415275e
SHA512badbaa76ba55580bcd5104b53b716769f973f4f87edc482dd7655dec6178a6481109646b4e303254484e7d88c885de3f1e7af953da19722cb6e005e388cfc6ae
-
Filesize
3KB
MD595c0cfc51f4659c09ecd8d07de55ec35
SHA11ba98d62fe124f5efd13e5487cfc3f19684593b9
SHA25686d73f215905e9fbc9ad4e4da39245f698c49167f3e2dddfb8a17138fde75acb
SHA51263e62606b8a1186d3187f1afe5d7a45c9aec5948a02fdfbb16c2895ab714cf65a1032db7649e81e5e76085792bc7194fba6c409c0ce51b3976ffa84d81553376
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
1KB
MD5a4383bcc6e00d2964f80858ecca87da8
SHA16fa5b8437018ea1def8add7e57616515b9bc4d2c
SHA256a120c60a2d0df5243b4e17c37676237e9e6db195e4d2b3bb3e2817bdcfd64a51
SHA51266977ee81283a8d5c1c0550d1407f66656f41d5381dabfcb0f6f51409f6865f66b2afa77304e843fc39bc51b722fa90220745432cce1edaff6f826c31fd36e57
-
Filesize
1KB
MD5e29467f34054e02b2b32cd86f762195c
SHA176b748dcdbc2d2165b41708e36127197e25ec691
SHA256ad53e8b5c11aaeea159d9eed1f6390b581841257c715293c4133944d0405ab97
SHA512c8d49cbcc4ad8963bca34537cc97e1fd3dd70f4bc981a33f3a4b5e9b40b343ca22b60c91914bfe6ee0952c426b71696c1b9e8033340aed29f034c4725f8b4215
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD57ec11c2be7d2780a416db8375c47412b
SHA1a6bf581bafbaefee3379bf2eb3f2c425e56c8e6b
SHA256bb976230fce3b575c4e172c30eed4a80809837d09e53af287c465e5e174ed38b
SHA512d7ada18c06909a4b46c2460a2d401722040e28edb863b10fc699d932520def519a8184da4d30c35c7f89a618b56b28fa421850cb53046fc808e1aa7f2761dfa1
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
1KB
MD5ca4a5aedc6f73c84ea38922513dbf38e
SHA1826771b5383a111564e1f4f7f21c31a1d0d15378
SHA256a66031982ce5697f68391ccba3198f7d22ad9ba612942f42f6ab414051815e69
SHA5123963fd70b1d6ccdb0cd8e663b9ef9c466e3437526f7471411c693535af4106baf43fd0935cdd391413508bcc13db81c898b38f05b84db9c6ec91bb2085e34f46
-
Filesize
40B
MD517814e7b9c3ec50beb9239fccabd79c6
SHA15b32ac6e45de7cedbb48cc83ca9dce77c63ea611
SHA25664e32e27756d2183c74ff222bce13dee539fbc9c43912ec1a9aca244ceaaa0ac
SHA512b0f8e00740cdf5a4aa210d80fa764f92695a6c10d96b0b4930201822cdfa227fafd956f7497bfb3132816a7702198c580001ef02f4371ad811b4ae8d6135d9e6
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98