1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8

Analysis

max time kernel
1039s
max time network
1043s
platform
windows11_x64
resource
win11
submitted
28-09-2021 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftInstaller.msi
Size

2.5MB
MD5

22991d4ef03118107a943934d92319d1
SHA1

832ea164d844401f9eced5bf84d45ad4b273cf8c
SHA256

1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8
SHA512

79a87b895184188d987f9390f28c20ab4d999d953f9c3d3f92f9d0069a0dc6490c4ef69603e12b62554d809a08b97a79b12f98055b0ebc6a91d5215e3b95fd33

Score

10^/10

discovery phishing

Malware Config

Signatures

Detected phishing page
phishing
Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

2 4936 msiexec.exe
3 4936 msiexec.exe
4 4936 msiexec.exe

flow	pid	process
2	4936	msiexec.exe
3	4936	msiexec.exe
4	4936	msiexec.exe

Executes dropped EXE 16 IoCs

Processes:

MinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exejavaw.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
3864	MinecraftLauncher.exe
1480	NativeUpdater.exe
4628	MinecraftLauncher.exe
1860	MinecraftLauncher.exe
4740	MinecraftLauncher.exe
4772	MinecraftLauncher.exe
2040	MinecraftLauncher.exe
1884	MinecraftLauncher.exe
2176	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
424	MinecraftLauncher.exe
4904	MinecraftLauncher.exe
1576	MinecraftLauncher.exe
2884	javaw.exe
580	MinecraftLauncher.exe
3340	MinecraftLauncher.exe

Loads dropped DLL 51 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exejavaw.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
4620	MsiExec.exe
3580	MsiExec.exe
3580	MsiExec.exe
4708	MsiExec.exe
4620	MsiExec.exe
4628	MinecraftLauncher.exe
4628	MinecraftLauncher.exe
4628	MinecraftLauncher.exe
1860	MinecraftLauncher.exe
1860	MinecraftLauncher.exe
1860	MinecraftLauncher.exe
4740	MinecraftLauncher.exe
4740	MinecraftLauncher.exe
4740	MinecraftLauncher.exe
1860	MinecraftLauncher.exe
1860	MinecraftLauncher.exe
4772	MinecraftLauncher.exe
4772	MinecraftLauncher.exe
4772	MinecraftLauncher.exe
2040	MinecraftLauncher.exe
2040	MinecraftLauncher.exe
2040	MinecraftLauncher.exe
2176	MinecraftLauncher.exe
2176	MinecraftLauncher.exe
2176	MinecraftLauncher.exe
1884	MinecraftLauncher.exe
1884	MinecraftLauncher.exe
1884	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
4904	MinecraftLauncher.exe
4904	MinecraftLauncher.exe
4904	MinecraftLauncher.exe
424	MinecraftLauncher.exe
424	MinecraftLauncher.exe
424	MinecraftLauncher.exe
2884	javaw.exe
2884	javaw.exe
2884	javaw.exe
2884	javaw.exe
2884	javaw.exe
2884	javaw.exe
2884	javaw.exe
2884	javaw.exe
3340	MinecraftLauncher.exe
3340	MinecraftLauncher.exe
3340	MinecraftLauncher.exe
580	MinecraftLauncher.exe
580	MinecraftLauncher.exe
580	MinecraftLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe

Drops file in System32 directory 3 IoCs

Processes:

javaw.exe

description	ioc	process
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	javaw.exe

Drops file in Program Files directory 64 IoCs

Processes:

MinecraftLauncher.exemsiexec.exe

description	ioc	process
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.sctp\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\j2gss.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\api-ms-win-crt-string-l1-1-0.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.security.sasl\LICENSE.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.xml\xerces.md	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\0075091c0b1f2809393c5b8b5921586bdd389b29	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha.space0	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\api-ms-win-crt-process-l1-1-0.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.base\public_suffix.md	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\server\jvm.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.nio.mapmode\LICENSE.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fi.pak	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\b8b19318dbb1d2b7d262527abd1468d099de3fb6	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\jaccesswalker.exe	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jdwp.agent\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.unsupported.desktop\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\5309ae6dd01de0090131ecc469e965f286186fa3	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\92db4d2a0cdc8680910fc434a1a637a5b87ed599	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\conf\security\policy\unlimited\default_local.policy.tmp	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\edceda72097d0e5a125dad5a6169df3a616e10f3	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\8d9def3750c18ddfc044d5568e3406d5d0fb9285	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\jrunscript.exe	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.security.jgss\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ms.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\vcruntime140.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\08f3a819b5229734d98d58291be4bfa0bec8f761	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\d7e25adf223e68d06276ae7666bbc96590dda442	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\24e7497426d27fe3c17774242883ccbed8f54b4d	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\d1a553e6cad4600020113fe2887f5deb0db588c8	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\142a2bb0084faa2a25d0028846921545f09d9ae9	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\lib\fontconfig.properties.src	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\f6f0c684b111fa3385d90bfd7c68b38ed18134c9	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\38e62646526bfe5e82059a37834235da7d6b9a23	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\conf\management\jmxremote.access	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\api-ms-win-core-processthreads-l1-1-1.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.internal.vm.compiler\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.jshell\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\38a7102055c17d7ce6bc4c2a948fd4d4fcd48e4c	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\e264da381c47993a93ba3c6189af1187f33cc08f	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.xml.crypto\santuario.md	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.attach\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\api-ms-win-core-libraryloader-l1-1-0.dll	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\8437c67b04a51953f612af8fb91bfffe5091acad	MinecraftLauncher.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\ee67275bc119c98191a09ff72f043872b05ab7fd	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\218da8b950714bf95d8cd5ba0148678607969c43	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.datatransfer\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\jimage.exe	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.javadoc\jqueryUI.md	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sw.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\45a07bb7b661aa1df85cc01b201eb99015540530	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.base\LICENSE	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.se\LICENSE.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\java.transaction.xa\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.zipfs\LICENSE.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\db484eb763831db19c089c9820a54cc875e4f624	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\ad2509631ed743c882999ac1200fd5fb8a593639	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\ccef8db2374d2d1e83a7e586438bfb1f56a3dce5	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe	msiexec.exe
File opened for modification	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64_staging\c239d2da15dac52b8b928c712bbb29a0bc18aae4	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.management.agent\ADDITIONAL_LICENSE_INFO.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\legal\jdk.internal.vm.ci\ASSEMBLY_EXCEPTION.tmp	MinecraftLauncher.exe

Drops file in Windows directory 20 IoCs

Processes:

msiexec.exejavaw.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DFDBF7385716E4C6CC.TMP	msiexec.exe
File created	C:\Windows\Installer\1822d.msi	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.51_none_25c0e06ad7789dba\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\Installer\MSI8868.tmp	msiexec.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.51_none_25c0e06ad7789dba\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.51_none_25c0e06ad7789dba\symbols\dll\ntdll.pdb	javaw.exe
File created	C:\Windows\Installer\1822b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI85E6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI850A.tmp	msiexec.exe
File created	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\1822b.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{733C3ACB-432D-4880-B0E1-660000D7974D}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF2662E475D2BA6ACA.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI84FA.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8466ACCBDDAFEA2A.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF8AB1899F06DBC530.TMP	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exevssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Capabilities	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Device Parameters\Partmgr	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&135b206d&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&135b206d&0&010000\CompatibleIDs	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

javaw.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe

Modifies data under HKEY_USERS 47 IoCs

Processes:

svchost.exesihclient.exemsiexec.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	sihclient.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\8\52C64B7E	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	sihclient.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\7	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\8	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	sihclient.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\7\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	sihclient.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	sihclient.exe

Modifies registry class 24 IoCs

Processes:

msiexec.exeMinecraftLauncher.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\PackageCode = "54FE00570550045418568622471E508D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\PackageName = "MinecraftInstaller.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4\Complete	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Version = "16777216"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductIcon = "C:\\Windows\\Installer\\{733C3ACB-432D-4880-B0E1-660000D7974D}\\minecraft.ico"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-257790753-2419383948-818201544-1000\{33D5B0A7-510A-4D8A-AC73-47A6B439C841}	MinecraftLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductName = "Minecraft Launcher"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

msiexec.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
4156	msiexec.exe
4156	msiexec.exe
1860	MinecraftLauncher.exe
1860	MinecraftLauncher.exe
4740	MinecraftLauncher.exe
4740	MinecraftLauncher.exe
4772	MinecraftLauncher.exe
4772	MinecraftLauncher.exe
2040	MinecraftLauncher.exe
2040	MinecraftLauncher.exe
2176	MinecraftLauncher.exe
2176	MinecraftLauncher.exe
1884	MinecraftLauncher.exe
1884	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
4896	MinecraftLauncher.exe
4904	MinecraftLauncher.exe
4904	MinecraftLauncher.exe
424	MinecraftLauncher.exe
424	MinecraftLauncher.exe
3340	MinecraftLauncher.exe
3340	MinecraftLauncher.exe
580	MinecraftLauncher.exe
580	MinecraftLauncher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	4936	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4936	msiexec.exe
Token: SeSecurityPrivilege	4156	msiexec.exe
Token: SeCreateTokenPrivilege	4936	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4936	msiexec.exe
Token: SeLockMemoryPrivilege	4936	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4936	msiexec.exe
Token: SeMachineAccountPrivilege	4936	msiexec.exe
Token: SeTcbPrivilege	4936	msiexec.exe
Token: SeSecurityPrivilege	4936	msiexec.exe
Token: SeTakeOwnershipPrivilege	4936	msiexec.exe
Token: SeLoadDriverPrivilege	4936	msiexec.exe
Token: SeSystemProfilePrivilege	4936	msiexec.exe
Token: SeSystemtimePrivilege	4936	msiexec.exe
Token: SeProfSingleProcessPrivilege	4936	msiexec.exe
Token: SeIncBasePriorityPrivilege	4936	msiexec.exe
Token: SeCreatePagefilePrivilege	4936	msiexec.exe
Token: SeCreatePermanentPrivilege	4936	msiexec.exe
Token: SeBackupPrivilege	4936	msiexec.exe
Token: SeRestorePrivilege	4936	msiexec.exe
Token: SeShutdownPrivilege	4936	msiexec.exe
Token: SeDebugPrivilege	4936	msiexec.exe
Token: SeAuditPrivilege	4936	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4936	msiexec.exe
Token: SeChangeNotifyPrivilege	4936	msiexec.exe
Token: SeRemoteShutdownPrivilege	4936	msiexec.exe
Token: SeUndockPrivilege	4936	msiexec.exe
Token: SeSyncAgentPrivilege	4936	msiexec.exe
Token: SeEnableDelegationPrivilege	4936	msiexec.exe
Token: SeManageVolumePrivilege	4936	msiexec.exe
Token: SeImpersonatePrivilege	4936	msiexec.exe
Token: SeCreateGlobalPrivilege	4936	msiexec.exe
Token: SeCreateTokenPrivilege	4936	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4936	msiexec.exe
Token: SeLockMemoryPrivilege	4936	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4936	msiexec.exe
Token: SeMachineAccountPrivilege	4936	msiexec.exe
Token: SeTcbPrivilege	4936	msiexec.exe
Token: SeSecurityPrivilege	4936	msiexec.exe
Token: SeTakeOwnershipPrivilege	4936	msiexec.exe
Token: SeLoadDriverPrivilege	4936	msiexec.exe
Token: SeSystemProfilePrivilege	4936	msiexec.exe
Token: SeSystemtimePrivilege	4936	msiexec.exe
Token: SeProfSingleProcessPrivilege	4936	msiexec.exe
Token: SeIncBasePriorityPrivilege	4936	msiexec.exe
Token: SeCreatePagefilePrivilege	4936	msiexec.exe
Token: SeCreatePermanentPrivilege	4936	msiexec.exe
Token: SeBackupPrivilege	4936	msiexec.exe
Token: SeRestorePrivilege	4936	msiexec.exe
Token: SeShutdownPrivilege	4936	msiexec.exe
Token: SeDebugPrivilege	4936	msiexec.exe
Token: SeAuditPrivilege	4936	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4936	msiexec.exe
Token: SeChangeNotifyPrivilege	4936	msiexec.exe
Token: SeRemoteShutdownPrivilege	4936	msiexec.exe
Token: SeUndockPrivilege	4936	msiexec.exe
Token: SeSyncAgentPrivilege	4936	msiexec.exe
Token: SeEnableDelegationPrivilege	4936	msiexec.exe
Token: SeManageVolumePrivilege	4936	msiexec.exe
Token: SeImpersonatePrivilege	4936	msiexec.exe
Token: SeCreateGlobalPrivilege	4936	msiexec.exe
Token: SeCreateTokenPrivilege	4936	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4936	msiexec.exe
Token: SeLockMemoryPrivilege	4936	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

4936 msiexec.exe
4936 msiexec.exe

pid	process
4936	msiexec.exe
4936	msiexec.exe

Suspicious use of WriteProcessMemory 58 IoCs

Processes:

msiexec.exeMsiExec.exeMinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exe

description	pid	process	target process
PID 4156 wrote to memory of 4620	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 4620	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 4620	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 1320	4156	msiexec.exe	srtasks.exe
PID 4156 wrote to memory of 1320	4156	msiexec.exe	srtasks.exe
PID 4156 wrote to memory of 3580	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 3580	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 3580	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 4708	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 4708	4156	msiexec.exe	MsiExec.exe
PID 4156 wrote to memory of 4708	4156	msiexec.exe	MsiExec.exe
PID 4620 wrote to memory of 3864	4620	MsiExec.exe	MinecraftLauncher.exe
PID 4620 wrote to memory of 3864	4620	MsiExec.exe	MinecraftLauncher.exe
PID 4620 wrote to memory of 3864	4620	MsiExec.exe	MinecraftLauncher.exe
PID 3864 wrote to memory of 1480	3864	MinecraftLauncher.exe	NativeUpdater.exe
PID 3864 wrote to memory of 1480	3864	MinecraftLauncher.exe	NativeUpdater.exe
PID 3864 wrote to memory of 1480	3864	MinecraftLauncher.exe	NativeUpdater.exe
PID 1480 wrote to memory of 4628	1480	NativeUpdater.exe	MinecraftLauncher.exe
PID 1480 wrote to memory of 4628	1480	NativeUpdater.exe	MinecraftLauncher.exe
PID 1480 wrote to memory of 4628	1480	NativeUpdater.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1860	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1860	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1860	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4740	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4740	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4740	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4772	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4772	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4772	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 2040	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 2040	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 2040	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1884	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1884	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1884	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 2176	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 2176	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 2176	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4896	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4896	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4896	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 424	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 424	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 424	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4904	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4904	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 4904	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1576	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1576	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 1576	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 2884	4628	MinecraftLauncher.exe	javaw.exe
PID 4628 wrote to memory of 2884	4628	MinecraftLauncher.exe	javaw.exe
PID 4628 wrote to memory of 580	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 580	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 580	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 3340	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 3340	4628	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 4628 wrote to memory of 3340	4628	MinecraftLauncher.exe	MinecraftLauncher.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4936

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4156

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 652FA5A3049FDE900C700BDDD117743D C
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4620

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3864

C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
tools\NativeUpdater.exe MinecraftLauncher.exe MinecraftLauncher.exe.tmp --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1480

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MinecraftLauncher.exe --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4628

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2140 /prefetch:2
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1860

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2596 /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4740

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4772

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2040

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1884

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2176

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADoACAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2516 /prefetch:2
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4896

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:424

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4904

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
6⤵
- Executes dropped EXE
PID:1576

C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
"C:\Program Files (x86)\Minecraft Launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe" -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump "-Dos.name=Windows 10" -Dos.version=10.0 -Xss1M -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\bin\313a-2104-dd64-db1b -Dminecraft.launcher.brand=minecraft-launcher -Dminecraft.launcher.version=2.2.5519 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.5\blocklist-1.0.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.1.6\patchy-2.1.6.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\5.7.5\oshi-core-5.7.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.8.0\jna-5.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.8.0\jna-platform-5.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\1.8.0-beta4\slf4j-api-1.8.0-beta4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j18-impl\2.14.1\log4j-slf4j18-impl-2.14.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\66.1\icu4j-66.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\javabridge\1.1.23\javabridge-1.1.23.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.3\jopt-simple-5.0.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-all\4.1.25.Final\netty-all-4.1.25.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\21.0\guava-21.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.5\commons-lang3-3.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.5\commons-io-2.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.10\commons-codec-1.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5\jinput-2.0.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0\jutils-1.0.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.0.18\brigadier-1.0.18.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\4.0.26\datafixerupper-4.0.26.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.8.0\gson-2.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\2.3.31\authlib-2.3.31.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.8.1\commons-compress-1.8.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.2.1\fastutil-8.2.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.14.1\log4j-api-2.14.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.14.1\log4j-core-2.14.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.2.2\lwjgl-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.2.2\lwjgl-jemalloc-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.2.2\lwjgl-openal-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.2.2\lwjgl-opengl-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.2.2\lwjgl-glfw-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.2.2\lwjgl-stb-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.2.2\lwjgl-tinyfd-3.2.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.11.3\text2speech-1.11.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.17.1\1.17.1.jar -Xmx2G -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Dlog4j.configurationFile=C:\Users\Admin\AppData\Roaming\.minecraft\assets\log_configs\client-1.12.xml net.minecraft.client.main.Main --username Krevetak260 --version 1.17.1 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 1.17 --uuid 9fc5ad47653b4c218c7a934312aaf85a --accessToken eyJhbGciOiJIUzI1NiJ9.eyJ4dWlkIjoiMjUzNTQxMjU2ODUwMjgyOSIsInN1YiI6IjY4MjljNzhjLTk4YjYtNGVkOC04ZTk3LWIwM2NjM2VkMDgwNSIsIm5iZiI6MTYzMjg0MjYzNywiYXV0aCI6IlhCT1giLCJyb2xlcyI6W10sImlzcyI6ImF1dGhlbnRpY2F0aW9uIiwiZXhwIjoxNjMyOTI5MDM3LCJpYXQiOjE2MzI4NDI2MzcsInBsYXRmb3JtIjoiVU5LTk9XTiIsInl1aWQiOiI5NmFiMDNiYzJlZDhjNTQ0NzAzNDJkNTI1YTMwYjE3NCJ9.zVh9uY2QaYhyIUbxStixve-UAUERiDeqXUDzCwqMV-I --userType msa --versionType release
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
PID:2884

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:580

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2096,6849824902265141202,15283738233892815563,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3340

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:5
2⤵
PID:1320

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 6FD64BEF298BE2B58B0EF1FE84D5B2A1
2⤵
- Loads dropped DLL
PID:3580

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B82A88E2D1BC4AD3119702185ED37E07 E Global\MSI0000
2⤵
- Loads dropped DLL
PID:4708

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv 92GwURs0+UOTl7UTHcO7Cw.0.2
1⤵
- Modifies data under HKEY_USERS
PID:3912

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3860

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3560

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Modifies data under HKEY_USERS
PID:2152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:2552

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe.tmp
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef.pak
MD5
fa6c54291dcc13acc9dbec30923fe503

SHA1
8f157cc1ab1c18bf47305543b149604797cd6587

SHA256
455dd904ba68305f45682ae9c776a87cb2cb67bbe2d20e13cf97a812b68cf5f4

SHA512
135773297e6481f66d53a6a6bb887e0e0ba17ded9f76e2cef2db48a095a4c301eda84feb46f2a44425f4d34accd72765ee324d30a0692aa0c6d2c513166d51de

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_100_percent.pak
MD5
4cec40309dc9e4bf0f0cc915aeb6c9ac

SHA1
2da1b18943265f473f6b87b63132dbb2398ff487

SHA256
6267cb52b0ca5593cf402139e736eb4f1d6bc3f2eab4c6deb99934711050ef4f

SHA512
e684d4d735762e87c8556c164379f97f59b8b4077e2f4c49ae43610ca2a3994ad45839cf6edef4e741a4f1fb345413e4246fb5901dd52bd98c9a2f60866817c7

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_200_percent.pak
MD5
50a6d9ab74ebfaeda5baa28997149977

SHA1
1ad557cecf3d54a5fbe471ceab189d344fef347c

SHA256
c8f7697bdb4aa19722b975dd2126baf8c2edb5c0a58e2d64a6fefa4cbb8335ec

SHA512
31647191b432f82ff24a41a16abb77512bed2f3105791079d795304452e2bff89f618202023fd133cdc79f80d02647093edebca9e43c19cbd4d2bed4c8d35180

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_extensions.pak
MD5
c294094045246da46492204f2920d74f

SHA1
229367ac0be0a2da9d6338cba6f45c07f790140c

SHA256
8e8882c3d420231e1ddd1329e259cd8dc38fe392727aa74cfa4df57125d4cfb3

SHA512
03543e3c436a8b42b3f5bb942de468b4898172720ddef5597535b81347581ae0c89bf91e6bef3b91c796ca5bd393a865b2fa53ba70b2fda6578c640b14ab92cd

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat
MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\locales\en-US.pak
MD5
16a6914c9637812257e28b2cc4e6d809

SHA1
82212a642c90b51b8f67e517ee8782da841b658f

SHA256
8fe734f556d97e7c07d02e839a16565f7db88ca7091ca3903a9b153a68aaaf72

SHA512
6efbab68c8b036fd73951295a5f65718003deea46db838f6f263133452e09be45ce006246850facbb1922766f42c2ce1796722cecfcc8495921a7bcd9402a446

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libEGL.dll
MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libGLESv2.dll
MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libegl.dll
MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libglesv2.dll
MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\v8_context_snapshot.bin
MD5
cdeec3342ce88d4de5426032a6bf6a53

SHA1
b36ec3c3b20a7a06ff282d696f12b51904b073a4

SHA256
ca88a3c7034da1de52d35823fba0fe80ba5376ab70cdc1841e6aaf25c1f5dd6e

SHA512
54874cd76589124b750fdae90be75e1acf374566d56352c15dbbee98c095aad0e56db142952a808b08e4817bf5f8e176ffdc4ff79110d8661ee4f7ede16b2ea9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
0ca1a3373000ec3e9898d9d3884bf0e8

SHA1
93570f5dd35d040527d80a4b552ab280f25b659a

SHA256
9344542d82e287df60fb7f843e60bd2184bbe8ae6fbcc34cf6616bbd8d08eebd

SHA512
1a5358470a4c8c29c4e64a2fbc25592884ef378421ab6f2e45107b777236246ef12710507b10f55c9c352003f70808e526f29c46e3f41fa4efbf80cad469590a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40
MD5
b66ec24d3d8ac8f5cbcec82696ba1d74

SHA1
6e3451d0e859ccab9049f5c87f7068c6161b9b03

SHA256
7923fdcbf0085fa6a9492562b9f055a5816dcd75c1aeb28bc9b033c5c679f522

SHA512
dfdb276ff87c3e82fb66e23b8518764926444d0aba50d074c4a875ceb500a76e8b52d443ecd0bd1b436839ce194f5851d5e1fa099198b0f4a19054c73316abbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
447f5edd06ac2d76269511ef1f1918fe

SHA1
421dd6285dc1c63bb17b0d15499040b461ccf127

SHA256
16f56e500e937f1608fda7d1788d421607c41ceaddcd1b1f2c5234fbcb0c507b

SHA512
618ebcfa7605e2c46b8e6f98bc5ec0cc8f4ce5e453f09133a2f675f250f098cf5b952c9258d604b4b6ada66bd30fedbb48ef89f4bd5df55be1f503a9093fbd9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40
MD5
f3f985f57ca3b33f106afb7b6bc99402

SHA1
adfd40d18cf3714f67f91f958edc633e05b50f70

SHA256
0bcb0a5eb9a16d4dfd50955b749a129c570a54a2ae981fcc7dbea633a5d01a34

SHA512
a5f717e61b8ae259aac2426768ffef1f0f7a24df1629335584d2152554ac4abfc3c7f0233c36e6821123399d4b66b87f99efd6027aefce3cd0f1548bb6c2a72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBC99.tmp
MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBC99.tmp
MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID3B7.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID3B7.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt
MD5
e4b59c100b65d87ab92e12eddd0ac165

SHA1
c6f8da7bce9a2152f050d1e0af3489b999144e2a

SHA256
f214830334dcb1c5c71825b75e7dead5e8556c5e33471766201749dcec650c5b

SHA512
251db3364229580655dee9420eb7c1d30b4a36254159b03640ef44f9e54b223a8768d8a6700ae63268839e42828745e10c528f90bcc03e1abd87ec245b3e79b4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt
MD5
a6dda77a91497d25d6de5e38428f2f8d

SHA1
35f475a25858108b2bd37557cf6a7f08cdae99aa

SHA256
e2929b51b8aced688a78bd008068aeb0a5f211cc22abb694e730398949fc906e

SHA512
e68b6c34aed17f3e23d9a4aae0394244229fc92793e01b328248cb11596107e3d88648d002517eec082e6a531db2cf56e84e54f3da09936161b2bbd24a85ac0d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json
MD5
270ade77b4358d215f30e625a2b172f6

SHA1
c407dcca0525ba0bb9d9c5d63ac78f7aa03ae03a

SHA256
7afa6b9dacfb8d546c8f9c386601999232fa9aa6bcc9879503ab2433e053c3c5

SHA512
af56d5ec7d603284db4fe340f5f5fc00c48b0e3d065660cb3d40088e6c4c35675cb7eaa6504803a11120d49e40d7aeb0f5321aacef79e5b074369722056bcd62

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json
MD5
896c3e3292104fa261235405f57e2858

SHA1
c5eb1aa48d7853c001f3d0830f90d8e88d81d952

SHA256
b4dc3d6e932af77beb7e361d855aaf8257823c4668e3ff4a0ea17aad04f106b6

SHA512
108dd012497dda60d0be8a95bef61ac5cbce860641e6e907d1fb77f178f682e28a39fc18f3f8e03e7a399274889ae6fd359592bb284c400378c854cd8338bb55

Download Submit
C:\Windows\Installer\MSI850A.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI850A.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI85E6.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI85E6.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI8868.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI8868.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\System Volume Information\SPP\metadata-2
MD5
0cd086394fc35d5bf2013cea329c6e5e

SHA1
0af5f491f8939ba172dd129fc1bddbdd0b691d11

SHA256
d4efb83ed8ce8d59c89a00cf24911fafcf0eeacbf7829833271e4404bcfa2f1f

SHA512
d477d01ef643289e63273fb983a4e55297e59959086c172bd50fed9ff26197120a8a873b98321fd5a06689aa4abaaf4ba5ed75b869a903413e2408cb09a4d3af

Download Submit
\??\Volume{fa642b31-0000-0000-0000-500600000000}\System Volume Information\SPP\OnlineMetadataCache\{16752f2f-714c-4a8b-a5bd-b68d6619d5f0}_OnDiskSnapshotProp
MD5
5a1773fdbedbc07f40b7813f2588e6a0

SHA1
418dfbaed3b6ccd21ad9a4a7f8af90d5176812dc

SHA256
b0a3ebc68f9c5d9505d85d0916aea3ce9ec23e017028bd8aced66f5a58d5c2fc

SHA512
3a984401fc53f81b1aa06e2509da2387b1adae7d01087db60b8d64afed032a8cb6dc344ff873f13ed279517c8bde6d637ab4c2db36f43c5745f2b6a1abd2a8df

Download Submit
memory/424-243-0x0000000000000000-mapping.dmp

Download
memory/580-248-0x0000000000000000-mapping.dmp

Download
memory/1320-155-0x0000000000000000-mapping.dmp

Download
memory/1480-182-0x0000000000000000-mapping.dmp

Download
memory/1576-245-0x0000000000000000-mapping.dmp

Download
memory/1860-192-0x0000000000000000-mapping.dmp

Download
memory/1884-228-0x0000000000000000-mapping.dmp

Download
memory/2040-198-0x0000000000000000-mapping.dmp

Download
memory/2152-180-0x00000185D4BA0000-0x00000185D4BB0000-memory.dmp

Filesize
64KB

Download
memory/2152-239-0x00000185D4DC0000-0x00000185D4DC1000-memory.dmp

Filesize
4KB

Download
memory/2152-241-0x00000185D4CA0000-0x00000185D4CA1000-memory.dmp

Filesize
4KB

Download
memory/2152-240-0x00000185D4DC0000-0x00000185D4DC4000-memory.dmp

Filesize
16KB

Download
memory/2152-181-0x00000185D4DA0000-0x00000185D4DA4000-memory.dmp

Filesize
16KB

Download
memory/2152-238-0x00000185D4DD0000-0x00000185D4DD4000-memory.dmp

Filesize
16KB

Download
memory/2152-179-0x00000185D4960000-0x00000185D4970000-memory.dmp

Filesize
64KB

Download
memory/2152-237-0x00000185D7250000-0x00000185D7251000-memory.dmp

Filesize
4KB

Download
memory/2152-236-0x00000185D7290000-0x00000185D7294000-memory.dmp

Filesize
16KB

Download
memory/2176-230-0x0000000000000000-mapping.dmp

Download
memory/2884-246-0x0000000000000000-mapping.dmp

Download
memory/3340-249-0x0000000000000000-mapping.dmp

Download
memory/3580-160-0x0000000000000000-mapping.dmp

Download
memory/3864-177-0x0000000000000000-mapping.dmp

Download
memory/4620-150-0x0000000000000000-mapping.dmp

Download
memory/4628-186-0x0000000000000000-mapping.dmp

Download
memory/4708-167-0x0000000000000000-mapping.dmp

Download
memory/4740-194-0x0000000000000000-mapping.dmp

Download
memory/4772-196-0x0000000000000000-mapping.dmp

Download
memory/4896-242-0x0000000000000000-mapping.dmp

Download
memory/4904-244-0x0000000000000000-mapping.dmp

Download