1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8

Analysis

max time kernel
1025s
max time network
1049s
platform
windows7_x64
resource
win7-en-20210920
submitted
28-09-2021 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftInstaller.msi
Size

2.5MB
MD5

22991d4ef03118107a943934d92319d1
SHA1

832ea164d844401f9eced5bf84d45ad4b273cf8c
SHA256

1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8
SHA512

79a87b895184188d987f9390f28c20ab4d999d953f9c3d3f92f9d0069a0dc6490c4ef69603e12b62554d809a08b97a79b12f98055b0ebc6a91d5215e3b95fd33

Score

10^/10

discovery phishing

Malware Config

Signatures

Detected phishing page
phishing
Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

2 1544 msiexec.exe
4 1544 msiexec.exe
6 1544 msiexec.exe

flow	pid	process
2	1544	msiexec.exe
4	1544	msiexec.exe
6	1544	msiexec.exe

Executes dropped EXE 16 IoCs

Processes:

MinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exejavaw.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
1828	MinecraftLauncher.exe
1324	NativeUpdater.exe
636	MinecraftLauncher.exe
1032	MinecraftLauncher.exe
1532	MinecraftLauncher.exe
1644	MinecraftLauncher.exe
1856	MinecraftLauncher.exe
2108	MinecraftLauncher.exe
2232	MinecraftLauncher.exe
2244	MinecraftLauncher.exe
2508	MinecraftLauncher.exe
2520	MinecraftLauncher.exe
2700	MinecraftLauncher.exe
2984	javaw.exe
2120	MinecraftLauncher.exe
540	MinecraftLauncher.exe

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exejavaw.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	javaw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe

Loads dropped DLL 64 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exeMinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exejavaw.exe

pid	process
1440	MsiExec.exe
1768	MsiExec.exe
1768	MsiExec.exe
1776	MsiExec.exe
1440	MsiExec.exe
1440	MsiExec.exe
1828	MinecraftLauncher.exe
1324	NativeUpdater.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
1032	MinecraftLauncher.exe
1032	MinecraftLauncher.exe
1032	MinecraftLauncher.exe
1532	MinecraftLauncher.exe
1532	MinecraftLauncher.exe
1532	MinecraftLauncher.exe
636	MinecraftLauncher.exe
1032	MinecraftLauncher.exe
1032	MinecraftLauncher.exe
1856	MinecraftLauncher.exe
1644	MinecraftLauncher.exe
1644	MinecraftLauncher.exe
1644	MinecraftLauncher.exe
1856	MinecraftLauncher.exe
1856	MinecraftLauncher.exe
636	MinecraftLauncher.exe
2108	MinecraftLauncher.exe
2108	MinecraftLauncher.exe
2108	MinecraftLauncher.exe
2108	MinecraftLauncher.exe
2108	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
2244	MinecraftLauncher.exe
2244	MinecraftLauncher.exe
2244	MinecraftLauncher.exe
2232	MinecraftLauncher.exe
2232	MinecraftLauncher.exe
2232	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
2520	MinecraftLauncher.exe
2508	MinecraftLauncher.exe
2508	MinecraftLauncher.exe
2508	MinecraftLauncher.exe
2520	MinecraftLauncher.exe
2520	MinecraftLauncher.exe
636	MinecraftLauncher.exe
2700	MinecraftLauncher.exe
2700	MinecraftLauncher.exe
2700	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
2984	javaw.exe
2984	javaw.exe
2984	javaw.exe
2984	javaw.exe
2984	javaw.exe
2984	javaw.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe

Drops file in Program Files directory 64 IoCs

Processes:

MinecraftLauncher.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\9474dc5d0723ca972c8e2243dfb69fbe207deed0	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\fede04724bdd280dae2c3ce04db0fe5f6e54988d	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\4b31963d981c07a7ab2a0d1a706067c539c55ec5	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.crypto.ec\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.management.jfr\LICENSE.tmp	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\be4a00642ec82465bc7b3d0cc07d4e8df72094e8	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\de116ed5de1ffaa900732709e5e4eef921ead63c	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.sql.rowset\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.internal.vm.compiler.management\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\lib\jrt-fs.jar.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef_100_percent.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\ee67275bc119c98191a09ff72f043872b05ab7fd	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\048479da07514ca882538b6ae4d9464e0cf8114b	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.internal.ed\LICENSE.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.desktop\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\3b503195aaa6b80ceb0daabd12c0785ab423daf6	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\207db9568afd273e864b05c87282987e7e81d0ba	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\jimage.dll	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\51bdb85ef60c19d90f3b36c739b6f920742e2bd1	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\67c15e05a398b4ce6409d530a058f7e1b2208c20	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\fc3bed0e9b640daac5c5336badebb3a55e89dfd5	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\3b84c1615ff23d436a8632694cd21be6c57a3555	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\c5d4b52bfa2401ddb4ea6cca794227c0e527a751	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\jaotc.exe	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\tr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\45a07bb7b661aa1df85cc01b201eb99015540530	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\342b15c5d3e34ab4ac0b9904b95d0d5b074447b7	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jdeps\LICENSE.tmp	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\a4fb972c240d89131ee9e16b845cd302e0ecb05f	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\j2pcsc.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\.version	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\51bdb85ef60c19d90f3b36c739b6f920742e2bd1	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\fede04724bdd280dae2c3ce04db0fe5f6e54988d	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\c239d2da15dac52b8b928c712bbb29a0bc18aae4	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\996b9b95a658016493e6ae1d800ca8d20c4b0347	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\04b194236bb2786e958dd9cec9fc36a38a5aab89	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\prefs.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.management.rmi\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jconsole\LICENSE.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\34456cd55176f08ef7549abf66a1b9850ae36e79	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\bb67e1232a536a4d1ae63370bd1a9b5431335e77	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.internal.opt\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\c6f408538d1335b99a10c3984de1c3467bb9b7f5	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\jawt.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\conf\management\management.properties	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jconsole\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\152366ac38e8630d7d59b301778cca2994adfe46	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\891aebc39ef0b2d195bbc4de0d0e5372116233a5	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\bc0c8cc28a1398b71d83281118e44c2e6e529607	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\conf\security\policy\limited\default_local.policy	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jdwp.agent\LICENSE.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\f3f974d3f6245c50804dcc47173aa29d4d7f0e2c	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\5fb4e3202e38d1d48bdc378869c5ed3919363997	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jcmd\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\e264da381c47993a93ba3c6189af1187f33cc08f	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.crypto.cryptoki\pkcs11wrapper.md	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.naming\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\e06709c42b71a441e3494c29ca4c369bb6f44c78	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\7c65dbad9f68cd767d870293daef88031431e30e	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\api-ms-win-core-libraryloader-l1-1-0.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.httpserver\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jlink\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\493a162758a47a46aa44bafe2da994e01df1569e	MinecraftLauncher.exe

Drops file in Windows directory 15 IoCs

Processes:

DrvInst.exemsiexec.exe

description	ioc	process
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIC38E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC39F.tmp	msiexec.exe
File created	C:\Windows\Installer\3c100.msi	msiexec.exe
File created	C:\Windows\Installer\3c0fd.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC641.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\3c0fd.msi	msiexec.exe
File created	C:\Windows\Installer\3c0fe.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC47A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\3c0fe.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

javaw.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe

Modifies data under HKEY_USERS 46 IoCs

Processes:

DrvInst.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe

Modifies registry class 23 IoCs

Processes:

msiexec.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductName = "Minecraft Launcher"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\PackageName = "MinecraftInstaller.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\PackageCode = "54FE00570550045418568622471E508D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Version = "16777216"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductIcon = "C:\\Windows\\Installer\\{733C3ACB-432D-4880-B0E1-660000D7974D}\\minecraft.ico"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4\Complete	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4	msiexec.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

msiexec.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
764	msiexec.exe
764	msiexec.exe
1032	MinecraftLauncher.exe
1532	MinecraftLauncher.exe
1644	MinecraftLauncher.exe
2108	MinecraftLauncher.exe
2244	MinecraftLauncher.exe
2232	MinecraftLauncher.exe
2508	MinecraftLauncher.exe
2520	MinecraftLauncher.exe
2700	MinecraftLauncher.exe
636	MinecraftLauncher.exe
636	MinecraftLauncher.exe
2120	MinecraftLauncher.exe
540	MinecraftLauncher.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msiexec.exe

pid process

1544 msiexec.exe

pid	process
1544	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1544	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	764	msiexec.exe
Token: SeTakeOwnershipPrivilege	764	msiexec.exe
Token: SeSecurityPrivilege	764	msiexec.exe
Token: SeCreateTokenPrivilege	1544	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1544	msiexec.exe
Token: SeLockMemoryPrivilege	1544	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1544	msiexec.exe
Token: SeMachineAccountPrivilege	1544	msiexec.exe
Token: SeTcbPrivilege	1544	msiexec.exe
Token: SeSecurityPrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeLoadDriverPrivilege	1544	msiexec.exe
Token: SeSystemProfilePrivilege	1544	msiexec.exe
Token: SeSystemtimePrivilege	1544	msiexec.exe
Token: SeProfSingleProcessPrivilege	1544	msiexec.exe
Token: SeIncBasePriorityPrivilege	1544	msiexec.exe
Token: SeCreatePagefilePrivilege	1544	msiexec.exe
Token: SeCreatePermanentPrivilege	1544	msiexec.exe
Token: SeBackupPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeShutdownPrivilege	1544	msiexec.exe
Token: SeDebugPrivilege	1544	msiexec.exe
Token: SeAuditPrivilege	1544	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1544	msiexec.exe
Token: SeChangeNotifyPrivilege	1544	msiexec.exe
Token: SeRemoteShutdownPrivilege	1544	msiexec.exe
Token: SeUndockPrivilege	1544	msiexec.exe
Token: SeSyncAgentPrivilege	1544	msiexec.exe
Token: SeEnableDelegationPrivilege	1544	msiexec.exe
Token: SeManageVolumePrivilege	1544	msiexec.exe
Token: SeImpersonatePrivilege	1544	msiexec.exe
Token: SeCreateGlobalPrivilege	1544	msiexec.exe
Token: SeCreateTokenPrivilege	1544	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1544	msiexec.exe
Token: SeLockMemoryPrivilege	1544	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1544	msiexec.exe
Token: SeMachineAccountPrivilege	1544	msiexec.exe
Token: SeTcbPrivilege	1544	msiexec.exe
Token: SeSecurityPrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeLoadDriverPrivilege	1544	msiexec.exe
Token: SeSystemProfilePrivilege	1544	msiexec.exe
Token: SeSystemtimePrivilege	1544	msiexec.exe
Token: SeProfSingleProcessPrivilege	1544	msiexec.exe
Token: SeIncBasePriorityPrivilege	1544	msiexec.exe
Token: SeCreatePagefilePrivilege	1544	msiexec.exe
Token: SeCreatePermanentPrivilege	1544	msiexec.exe
Token: SeBackupPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeShutdownPrivilege	1544	msiexec.exe
Token: SeDebugPrivilege	1544	msiexec.exe
Token: SeAuditPrivilege	1544	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1544	msiexec.exe
Token: SeChangeNotifyPrivilege	1544	msiexec.exe
Token: SeRemoteShutdownPrivilege	1544	msiexec.exe
Token: SeUndockPrivilege	1544	msiexec.exe
Token: SeSyncAgentPrivilege	1544	msiexec.exe
Token: SeEnableDelegationPrivilege	1544	msiexec.exe
Token: SeManageVolumePrivilege	1544	msiexec.exe
Token: SeImpersonatePrivilege	1544	msiexec.exe
Token: SeCreateGlobalPrivilege	1544	msiexec.exe
Token: SeCreateTokenPrivilege	1544	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

1544 msiexec.exe
1544 msiexec.exe

pid	process
1544	msiexec.exe
1544	msiexec.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msiexec.exeMsiExec.exeMinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exe

description	pid	process	target process
PID 764 wrote to memory of 1440	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1440	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1440	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1440	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1440	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1440	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1440	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1768	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1768	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1768	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1768	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1768	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1768	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1768	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1776	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1776	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1776	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1776	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1776	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1776	764	msiexec.exe	MsiExec.exe
PID 764 wrote to memory of 1776	764	msiexec.exe	MsiExec.exe
PID 1440 wrote to memory of 1828	1440	MsiExec.exe	MinecraftLauncher.exe
PID 1440 wrote to memory of 1828	1440	MsiExec.exe	MinecraftLauncher.exe
PID 1440 wrote to memory of 1828	1440	MsiExec.exe	MinecraftLauncher.exe
PID 1440 wrote to memory of 1828	1440	MsiExec.exe	MinecraftLauncher.exe
PID 1440 wrote to memory of 1828	1440	MsiExec.exe	MinecraftLauncher.exe
PID 1440 wrote to memory of 1828	1440	MsiExec.exe	MinecraftLauncher.exe
PID 1440 wrote to memory of 1828	1440	MsiExec.exe	MinecraftLauncher.exe
PID 1828 wrote to memory of 1324	1828	MinecraftLauncher.exe	NativeUpdater.exe
PID 1828 wrote to memory of 1324	1828	MinecraftLauncher.exe	NativeUpdater.exe
PID 1828 wrote to memory of 1324	1828	MinecraftLauncher.exe	NativeUpdater.exe
PID 1828 wrote to memory of 1324	1828	MinecraftLauncher.exe	NativeUpdater.exe
PID 1828 wrote to memory of 1324	1828	MinecraftLauncher.exe	NativeUpdater.exe
PID 1828 wrote to memory of 1324	1828	MinecraftLauncher.exe	NativeUpdater.exe
PID 1828 wrote to memory of 1324	1828	MinecraftLauncher.exe	NativeUpdater.exe
PID 1324 wrote to memory of 636	1324	NativeUpdater.exe	MinecraftLauncher.exe
PID 1324 wrote to memory of 636	1324	NativeUpdater.exe	MinecraftLauncher.exe
PID 1324 wrote to memory of 636	1324	NativeUpdater.exe	MinecraftLauncher.exe
PID 1324 wrote to memory of 636	1324	NativeUpdater.exe	MinecraftLauncher.exe
PID 1324 wrote to memory of 636	1324	NativeUpdater.exe	MinecraftLauncher.exe
PID 1324 wrote to memory of 636	1324	NativeUpdater.exe	MinecraftLauncher.exe
PID 1324 wrote to memory of 636	1324	NativeUpdater.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1032	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1032	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1032	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1032	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1032	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1032	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1032	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1532	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1532	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1532	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1532	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1532	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1532	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1532	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1644	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1644	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1644	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1644	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1644	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1644	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1644	636	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 636 wrote to memory of 1856	636	MinecraftLauncher.exe	MinecraftLauncher.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1544

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 24C0F34233C0C746F4152EDDA726A58E C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1440
- - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
    "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1828
  - - C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
      tools\NativeUpdater.exe MinecraftLauncher.exe MinecraftLauncher.exe.tmp --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1324
    - - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        MinecraftLauncher.exe --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
        5⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:636
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=1548 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1032
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=1816 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1532
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1644
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        
        PID:1856
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=1548 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2108
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2232
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2244
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2508
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2520
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2700
      - C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe" -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Xss1M -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\bin\4496-6372-8e4d-9e01 -Dminecraft.launcher.brand=minecraft-launcher -Dminecraft.launcher.version=2.2.5519 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.5\blocklist-1.0.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.1.6\patchy-2.1.6.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\5.7.5\oshi-core-5.7.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.8.0\jna-5.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.8.0\jna-platform-5.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\1.8.0-beta4\slf4j-api-1.8.0-beta4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j18-impl\2.14.1\log4j-slf4j18-impl-2.14.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\66.1\icu4j-66.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\javabridge\1.1.23\javabridge-1.1.23.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.3\jopt-simple-5.0.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-all\4.1.25.Final\netty-all-4.1.25.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\21.0\guava-21.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.5\commons-io-2.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.10\commons-codec-1.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5\jinput-2.0.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0\jutils-1.0.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.0.18\brigadier-1.0.18.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\4.0.26\datafixerupper-4.0.26.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.8.0\gson-2.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\2.3.31\authlib-2.3.31.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.8.1\commons-compress-1.8.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.2.1\fastutil-8.2.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.14.1\log4j-api-2.14.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.14.1\log4j-core-2.14.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.2.2\lwjgl-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.2.2\lwjgl-jemalloc-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.2.2\lwjgl-openal-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.2.2\lwjgl-opengl-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.2.2\lwjgl-glfw-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.2.2\lwjgl-stb-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.2.2\lwjgl-tinyfd-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.11.3\text2speech-1.11.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.17.1\1.17.1.jar -Xmx2G -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Dlog4j.configurationFile=C:\Users\Admin\AppData\Roaming\.minecraft\assets\log_configs\client-1.12.xml net.minecraft.client.main.Main --username Krevetak260 --version 1.17.1 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 1.17 --uuid 9fc5ad47653b4c218c7a934312aaf85a --accessToken eyJhbGciOiJIUzI1NiJ9.eyJ4dWlkIjoiMjUzNTQxMjU2ODUwMjgyOSIsInN1YiI6IjY4MjljNzhjLTk4YjYtNGVkOC04ZTk3LWIwM2NjM2VkMDgwNSIsIm5iZiI6MTYzMjg0MjEzMSwiYXV0aCI6IlhCT1giLCJyb2xlcyI6W10sImlzcyI6ImF1dGhlbnRpY2F0aW9uIiwiZXhwIjoxNjMyOTI4NTMxLCJpYXQiOjE2MzI4NDIxMzEsInBsYXRmb3JtIjoiVU5LTk9XTiIsInl1aWQiOiI5NmFiMDNiYzJlZDhjNTQ0NzAzNDJkNTI1YTMwYjE3NCJ9.JkCTN4E0T5sEyP9c1YJTJgy1zTZFSiWGRqnIJ_HaIVs --userType msa --versionType release
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Checks processor information in registry
        
        PID:2984
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2120
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1540,10417463771944548745,4511327797065759213,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:540
      - C:\Windows\SysWOW64\NOTEPAD.EXE
        
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\.minecraft\hs_err_pid2984.log
        6⤵
        
        PID:548
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 81D02E324E512952D3DCE1637C24FC04
  2⤵
  - Loads dropped DLL
  PID:1768
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 82E81BE99C765491D5897C0DD0DFCAA4 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:1776

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1124

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot13" "" "" "66d15495b" "0000000000000000" "0000000000000550" "0000000000000570"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe.tmp

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef.pak

MD5
fa6c54291dcc13acc9dbec30923fe503

SHA1
8f157cc1ab1c18bf47305543b149604797cd6587

SHA256
455dd904ba68305f45682ae9c776a87cb2cb67bbe2d20e13cf97a812b68cf5f4

SHA512
135773297e6481f66d53a6a6bb887e0e0ba17ded9f76e2cef2db48a095a4c301eda84feb46f2a44425f4d34accd72765ee324d30a0692aa0c6d2c513166d51de

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_100_percent.pak

MD5
4cec40309dc9e4bf0f0cc915aeb6c9ac

SHA1
2da1b18943265f473f6b87b63132dbb2398ff487

SHA256
6267cb52b0ca5593cf402139e736eb4f1d6bc3f2eab4c6deb99934711050ef4f

SHA512
e684d4d735762e87c8556c164379f97f59b8b4077e2f4c49ae43610ca2a3994ad45839cf6edef4e741a4f1fb345413e4246fb5901dd52bd98c9a2f60866817c7

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_200_percent.pak

MD5
50a6d9ab74ebfaeda5baa28997149977

SHA1
1ad557cecf3d54a5fbe471ceab189d344fef347c

SHA256
c8f7697bdb4aa19722b975dd2126baf8c2edb5c0a58e2d64a6fefa4cbb8335ec

SHA512
31647191b432f82ff24a41a16abb77512bed2f3105791079d795304452e2bff89f618202023fd133cdc79f80d02647093edebca9e43c19cbd4d2bed4c8d35180

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_extensions.pak

MD5
c294094045246da46492204f2920d74f

SHA1
229367ac0be0a2da9d6338cba6f45c07f790140c

SHA256
8e8882c3d420231e1ddd1329e259cd8dc38fe392727aa74cfa4df57125d4cfb3

SHA512
03543e3c436a8b42b3f5bb942de468b4898172720ddef5597535b81347581ae0c89bf91e6bef3b91c796ca5bd393a865b2fa53ba70b2fda6578c640b14ab92cd

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat

MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libegl.dll

MD5
e646266652e470489b912c39d4bbfacf

SHA1
fb5af43ba527f0b03f6e5db0dba870df7acecf77

SHA256
e2b31cbbbd97c2d098a44acd5e1c84e092f4bf4c535fe6ebc3703a78387c03a9

SHA512
fe5ca9d6dc63ca6982702072aa34ada2d43c3c781e1fac09e324b17b3ed05bb8d203c3c08c0fe4aaf8985781933a8a3f2cd8e4928b0fe567c46a8da46f481b3f

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libglesv2.dll

MD5
79d62a3663c1963c90ed84045e0450ac

SHA1
cd3b444ec31e78c7bef960f91548de1e1f2ae487

SHA256
896cd68e51fb5c4937717e350b911d5dd18dc285f466fb712ccb0578fff1365e

SHA512
2da35a7db00ad3c22de448abfe3eb4425088b51db0f093dcfb0e934edee40567ebc8cd1bf0768bb1a43a397a49ce5d388edf2427fcc09eb48033b8baea918520

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\locales\en-US.pak

MD5
16a6914c9637812257e28b2cc4e6d809

SHA1
82212a642c90b51b8f67e517ee8782da841b658f

SHA256
8fe734f556d97e7c07d02e839a16565f7db88ca7091ca3903a9b153a68aaaf72

SHA512
6efbab68c8b036fd73951295a5f65718003deea46db838f6f263133452e09be45ce006246850facbb1922766f42c2ce1796722cecfcc8495921a7bcd9402a446

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\v8_context_snapshot.bin

MD5
cdeec3342ce88d4de5426032a6bf6a53

SHA1
b36ec3c3b20a7a06ff282d696f12b51904b073a4

SHA256
ca88a3c7034da1de52d35823fba0fe80ba5376ab70cdc1841e6aaf25c1f5dd6e

SHA512
54874cd76589124b750fdae90be75e1acf374566d56352c15dbbee98c095aad0e56db142952a808b08e4817bf5f8e176ffdc4ff79110d8661ee4f7ede16b2ea9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5
0ca1a3373000ec3e9898d9d3884bf0e8

SHA1
93570f5dd35d040527d80a4b552ab280f25b659a

SHA256
9344542d82e287df60fb7f843e60bd2184bbe8ae6fbcc34cf6616bbd8d08eebd

SHA512
1a5358470a4c8c29c4e64a2fbc25592884ef378421ab6f2e45107b777236246ef12710507b10f55c9c352003f70808e526f29c46e3f41fa4efbf80cad469590a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40

MD5
b66ec24d3d8ac8f5cbcec82696ba1d74

SHA1
6e3451d0e859ccab9049f5c87f7068c6161b9b03

SHA256
7923fdcbf0085fa6a9492562b9f055a5816dcd75c1aeb28bc9b033c5c679f522

SHA512
dfdb276ff87c3e82fb66e23b8518764926444d0aba50d074c4a875ceb500a76e8b52d443ecd0bd1b436839ce194f5851d5e1fa099198b0f4a19054c73316abbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5
ab5c36d10261c173c5896f3478cdc6b7

SHA1
87ac53810ad125663519e944bc87ded3979cbee4

SHA256
f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9

SHA512
e83e4eae44e7a9cbcd267dbfc25a7f4f68b50591e3bbe267324b1f813c9220d565b284994ded5f7d2d371d50e1ebfa647176ec8de9716f754c6b5785c6e897fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5
59afef62edf68ffa23374792c22c44c9

SHA1
816b18b1e74c5a63b2960bad43e5894dc337f203

SHA256
8bdc449503ec2881eb198498142c5e161a08deabd7c58d1d6f2d1277197e1d6a

SHA512
4b67e6647322dcdd869532dd6bbe7c736a89d814c0e587059be64e633c1791e7709a690046eeaa0a23830330d47af56d42a308957c78117b304842e22c8111ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40

MD5
a0f3f29946711cf9bfe999c9b7a5fecd

SHA1
1485fce2a1211e8f3a96a6d03020440aa6acc88c

SHA256
af71ad4a2e2f5843c49a381c06f8afefc0b8a1fe222130a1cb043ebc37802d89

SHA512
b08f3e6dc81c364b5751b08c12bec2bbf13a649d7e2affb7d342d69031934139da85b182c36fa4fb5deb8e97480a56f0d7f1b818457bfa5833d5222ccd9a525f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5
ce5059a9dcf8fa1bc8bacaf583c3044a

SHA1
baa810ab535673e93aa3e3ee6498bea1f591a9e3

SHA256
b4f781d0e977f13f8d1b29c5d62913fe5597c4c1f2044c41d2a8d990178140df

SHA512
432af922b56957dd76496f78d2a3a0b79158a9b57dc73ead3f1db80ec1f1e3db30acafad652ec58e2cbc1db0fc9857dcd18dec049926bd6a9dec3343e1fe6b2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI2072.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI63E6.tmp

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt

MD5
e4d57ce7e44b3fbad3eb7b195c0d0412

SHA1
f9f7d09882919cf51f0236ba5f77efd0313ee46f

SHA256
9adb1d2f0c2fa6f594449e1cff01e8925f1880ba62e335085502911b3194b808

SHA512
605daaffcd162b442d2a8234757f1a2ddc1e84999e7035dd14deb42ade4f3f83321b92e12e13cc4ed6121763e993ddd5ca7787852f3f16dfb3195142b8b96857

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt

MD5
eae9d274bebf387d4a7b3ea892db1667

SHA1
31d512c328d48156d10d8df3a38c3f6a6237de31

SHA256
5d1665dcf4a35885739df5bbd1291aa09ecd9e58675dadd3ff3bc117c65558fa

SHA512
2dac539da301f425735ca1cacd4f508a82a0ab749a26d894d949683a0134cb7eb6e14718b10519e37e589bae2e48ec328406a00f098579ed34ca2e91954bda95

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

MD5
270ade77b4358d215f30e625a2b172f6

SHA1
c407dcca0525ba0bb9d9c5d63ac78f7aa03ae03a

SHA256
7afa6b9dacfb8d546c8f9c386601999232fa9aa6bcc9879503ab2433e053c3c5

SHA512
af56d5ec7d603284db4fe340f5f5fc00c48b0e3d065660cb3d40088e6c4c35675cb7eaa6504803a11120d49e40d7aeb0f5321aacef79e5b074369722056bcd62

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

MD5
aff478a90ab00259399a1704977ea5a0

SHA1
ff5b159937c26d00997bde5497e67535e7e32349

SHA256
24f77453907a46d8bf7309bc6f0efb2aaa7eb060772d9bd47f7bea61cb01810d

SHA512
fcdd92d08933481fcbebd298bb5738abcfc3246c80738c7b28adf488a24c0bf42659ccafabdce6328314ecc2b2317dec745e663c31ecc1283693eac104276b3c

Download Submit
C:\Windows\Installer\MSIC39F.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSIC47A.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSIC641.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\??\PIPE\wkssvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libEGL.dll

MD5
e646266652e470489b912c39d4bbfacf

SHA1
fb5af43ba527f0b03f6e5db0dba870df7acecf77

SHA256
e2b31cbbbd97c2d098a44acd5e1c84e092f4bf4c535fe6ebc3703a78387c03a9

SHA512
fe5ca9d6dc63ca6982702072aa34ada2d43c3c781e1fac09e324b17b3ed05bb8d203c3c08c0fe4aaf8985781933a8a3f2cd8e4928b0fe567c46a8da46f481b3f

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libGLESv2.dll

MD5
79d62a3663c1963c90ed84045e0450ac

SHA1
cd3b444ec31e78c7bef960f91548de1e1f2ae487

SHA256
896cd68e51fb5c4937717e350b911d5dd18dc285f466fb712ccb0578fff1365e

SHA512
2da35a7db00ad3c22de448abfe3eb4425088b51db0f093dcfb0e934edee40567ebc8cd1bf0768bb1a43a397a49ce5d388edf2427fcc09eb48033b8baea918520

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
\Users\Admin\AppData\Local\Temp\MSI2072.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Users\Admin\AppData\Local\Temp\MSI63E6.tmp

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
\Windows\Installer\MSIC39F.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSIC47A.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSIC641.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
memory/540-159-0x0000000000000000-mapping.dmp

Download
memory/548-164-0x0000000000000000-mapping.dmp

Download
memory/636-102-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/636-88-0x0000000000000000-mapping.dmp

Download
memory/1032-97-0x0000000000000000-mapping.dmp

Download
memory/1324-83-0x0000000000000000-mapping.dmp

Download
memory/1440-55-0x0000000000000000-mapping.dmp

Download
memory/1440-56-0x00000000751D1000-0x00000000751D3000-memory.dmp

Filesize
8KB

Download
memory/1532-101-0x0000000000000000-mapping.dmp

Download
memory/1544-53-0x000007FEFBA11000-0x000007FEFBA13000-memory.dmp

Filesize
8KB

Download
memory/1644-124-0x0000000000000000-mapping.dmp

Download
memory/1768-65-0x0000000000000000-mapping.dmp

Download
memory/1776-71-0x0000000000000000-mapping.dmp

Download
memory/1828-79-0x0000000000000000-mapping.dmp

Download
memory/1856-128-0x0000000000000000-mapping.dmp

Download
memory/2108-139-0x0000000000000000-mapping.dmp

Download
memory/2120-157-0x0000000000000000-mapping.dmp

Download
memory/2232-141-0x0000000000000000-mapping.dmp

Download
memory/2244-142-0x0000000000000000-mapping.dmp

Download
memory/2508-145-0x0000000000000000-mapping.dmp

Download
memory/2520-146-0x0000000000000000-mapping.dmp

Download
memory/2700-149-0x0000000000000000-mapping.dmp

Download
memory/2984-151-0x0000000000000000-mapping.dmp

Download
memory/2984-154-0x0000000006130000-0x00000000063A0000-memory.dmp

Filesize
2.4MB

Download
memory/2984-155-0x00000000066C0000-0x0000000006930000-memory.dmp

Filesize
2.4MB

Download
memory/2984-156-0x000000000DBF0000-0x000000000DE60000-memory.dmp

Filesize
2.4MB

Download
memory/2984-160-0x0000000006940000-0x0000000006950000-memory.dmp

Filesize
64KB

Download
memory/2984-158-0x0000000006930000-0x0000000006940000-memory.dmp

Filesize
64KB

Download
memory/2984-163-0x0000000006950000-0x0000000006960000-memory.dmp

Filesize
64KB

Download