1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8

Analysis

max time kernel
1045s
max time network
1047s
platform
windows10_x64
resource
win10v20210408
submitted
28-09-2021 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftInstaller.msi
Size

2.5MB
MD5

22991d4ef03118107a943934d92319d1
SHA1

832ea164d844401f9eced5bf84d45ad4b273cf8c
SHA256

1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8
SHA512

79a87b895184188d987f9390f28c20ab4d999d953f9c3d3f92f9d0069a0dc6490c4ef69603e12b62554d809a08b97a79b12f98055b0ebc6a91d5215e3b95fd33

Score

8^/10

discovery

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

2 652 msiexec.exe
4 652 msiexec.exe
6 652 msiexec.exe

flow	pid	process
2	652	msiexec.exe
4	652	msiexec.exe
6	652	msiexec.exe

Executes dropped EXE 10 IoCs

Processes:

MinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
3624	MinecraftLauncher.exe
508	NativeUpdater.exe
3948	MinecraftLauncher.exe
824	MinecraftLauncher.exe
2216	MinecraftLauncher.exe
1824	MinecraftLauncher.exe
704	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4488	MinecraftLauncher.exe
4500	MinecraftLauncher.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe

Loads dropped DLL 31 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
1212	MsiExec.exe
4040	MsiExec.exe
4040	MsiExec.exe
1828	MsiExec.exe
1212	MsiExec.exe
3948	MinecraftLauncher.exe
3948	MinecraftLauncher.exe
3948	MinecraftLauncher.exe
824	MinecraftLauncher.exe
824	MinecraftLauncher.exe
824	MinecraftLauncher.exe
2216	MinecraftLauncher.exe
2216	MinecraftLauncher.exe
2216	MinecraftLauncher.exe
824	MinecraftLauncher.exe
824	MinecraftLauncher.exe
1824	MinecraftLauncher.exe
1824	MinecraftLauncher.exe
1824	MinecraftLauncher.exe
704	MinecraftLauncher.exe
704	MinecraftLauncher.exe
704	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4500	MinecraftLauncher.exe
4500	MinecraftLauncher.exe
4500	MinecraftLauncher.exe
4488	MinecraftLauncher.exe
4488	MinecraftLauncher.exe
4488	MinecraftLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe

Drops file in Program Files directory 64 IoCs

Processes:

MinecraftLauncher.exemsiexec.exe

description	ioc	process
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ro.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef_100_percent.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ca.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\en-GB.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\en-US.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\he.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\vi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\et.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fil.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\lt.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ru.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\de.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\id.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\pt-PT.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sk.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\kn.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ms.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sw.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ta.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\v8_context_snapshot.bin.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\da.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\gu.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\it.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\pl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\zh-CN.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef_200_percent.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\cs.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\mr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\nb.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fa.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ml.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\tr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\d3dcompiler_47.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\bg.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\snapshot_blob.bin.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe	msiexec.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef_extensions.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\libGLESv2.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\am.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ja.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\te.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\bn.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\es.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\hu.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ko.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\JavaCheck.jar.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ar.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\pt-BR.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\es-419.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\hi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\lv.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libEGL.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\hr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\nl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sv.pak	MinecraftLauncher.exe

Drops file in Windows directory 13 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSI1B4F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1CD7.tmp	msiexec.exe
File created	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File created	C:\Windows\Installer\21802.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{733C3ACB-432D-4880-B0E1-660000D7974D}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1B3E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI21AB.tmp	msiexec.exe
File created	C:\Windows\Installer\21804.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\21802.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

msiexec.exesvchost.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\16\52C64B7E	msiexec.exe

Modifies registry class 23 IoCs

Processes:

msiexec.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4\Complete	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductName = "Minecraft Launcher"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\PackageCode = "54FE00570550045418568622471E508D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductIcon = "C:\\Windows\\Installer\\{733C3ACB-432D-4880-B0E1-660000D7974D}\\minecraft.ico"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\PackageName = "MinecraftInstaller.msi"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Version = "16777216"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msiexec.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
2144	msiexec.exe
2144	msiexec.exe
824	MinecraftLauncher.exe
824	MinecraftLauncher.exe
2216	MinecraftLauncher.exe
2216	MinecraftLauncher.exe
1824	MinecraftLauncher.exe
1824	MinecraftLauncher.exe
704	MinecraftLauncher.exe
704	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4360	MinecraftLauncher.exe
4500	MinecraftLauncher.exe
4500	MinecraftLauncher.exe
4488	MinecraftLauncher.exe
4488	MinecraftLauncher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	652	msiexec.exe
Token: SeIncreaseQuotaPrivilege	652	msiexec.exe
Token: SeSecurityPrivilege	2144	msiexec.exe
Token: SeCreateTokenPrivilege	652	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	652	msiexec.exe
Token: SeLockMemoryPrivilege	652	msiexec.exe
Token: SeIncreaseQuotaPrivilege	652	msiexec.exe
Token: SeMachineAccountPrivilege	652	msiexec.exe
Token: SeTcbPrivilege	652	msiexec.exe
Token: SeSecurityPrivilege	652	msiexec.exe
Token: SeTakeOwnershipPrivilege	652	msiexec.exe
Token: SeLoadDriverPrivilege	652	msiexec.exe
Token: SeSystemProfilePrivilege	652	msiexec.exe
Token: SeSystemtimePrivilege	652	msiexec.exe
Token: SeProfSingleProcessPrivilege	652	msiexec.exe
Token: SeIncBasePriorityPrivilege	652	msiexec.exe
Token: SeCreatePagefilePrivilege	652	msiexec.exe
Token: SeCreatePermanentPrivilege	652	msiexec.exe
Token: SeBackupPrivilege	652	msiexec.exe
Token: SeRestorePrivilege	652	msiexec.exe
Token: SeShutdownPrivilege	652	msiexec.exe
Token: SeDebugPrivilege	652	msiexec.exe
Token: SeAuditPrivilege	652	msiexec.exe
Token: SeSystemEnvironmentPrivilege	652	msiexec.exe
Token: SeChangeNotifyPrivilege	652	msiexec.exe
Token: SeRemoteShutdownPrivilege	652	msiexec.exe
Token: SeUndockPrivilege	652	msiexec.exe
Token: SeSyncAgentPrivilege	652	msiexec.exe
Token: SeEnableDelegationPrivilege	652	msiexec.exe
Token: SeManageVolumePrivilege	652	msiexec.exe
Token: SeImpersonatePrivilege	652	msiexec.exe
Token: SeCreateGlobalPrivilege	652	msiexec.exe
Token: SeCreateTokenPrivilege	652	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	652	msiexec.exe
Token: SeLockMemoryPrivilege	652	msiexec.exe
Token: SeIncreaseQuotaPrivilege	652	msiexec.exe
Token: SeMachineAccountPrivilege	652	msiexec.exe
Token: SeTcbPrivilege	652	msiexec.exe
Token: SeSecurityPrivilege	652	msiexec.exe
Token: SeTakeOwnershipPrivilege	652	msiexec.exe
Token: SeLoadDriverPrivilege	652	msiexec.exe
Token: SeSystemProfilePrivilege	652	msiexec.exe
Token: SeSystemtimePrivilege	652	msiexec.exe
Token: SeProfSingleProcessPrivilege	652	msiexec.exe
Token: SeIncBasePriorityPrivilege	652	msiexec.exe
Token: SeCreatePagefilePrivilege	652	msiexec.exe
Token: SeCreatePermanentPrivilege	652	msiexec.exe
Token: SeBackupPrivilege	652	msiexec.exe
Token: SeRestorePrivilege	652	msiexec.exe
Token: SeShutdownPrivilege	652	msiexec.exe
Token: SeDebugPrivilege	652	msiexec.exe
Token: SeAuditPrivilege	652	msiexec.exe
Token: SeSystemEnvironmentPrivilege	652	msiexec.exe
Token: SeChangeNotifyPrivilege	652	msiexec.exe
Token: SeRemoteShutdownPrivilege	652	msiexec.exe
Token: SeUndockPrivilege	652	msiexec.exe
Token: SeSyncAgentPrivilege	652	msiexec.exe
Token: SeEnableDelegationPrivilege	652	msiexec.exe
Token: SeManageVolumePrivilege	652	msiexec.exe
Token: SeImpersonatePrivilege	652	msiexec.exe
Token: SeCreateGlobalPrivilege	652	msiexec.exe
Token: SeCreateTokenPrivilege	652	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	652	msiexec.exe
Token: SeLockMemoryPrivilege	652	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

652 msiexec.exe
652 msiexec.exe

pid	process
652	msiexec.exe
652	msiexec.exe

Suspicious use of WriteProcessMemory 41 IoCs

Processes:

msiexec.exeMsiExec.exeMinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exe

description	pid	process	target process
PID 2144 wrote to memory of 1212	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 1212	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 1212	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 3544	2144	msiexec.exe	srtasks.exe
PID 2144 wrote to memory of 3544	2144	msiexec.exe	srtasks.exe
PID 2144 wrote to memory of 4040	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 4040	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 4040	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 1828	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 1828	2144	msiexec.exe	MsiExec.exe
PID 2144 wrote to memory of 1828	2144	msiexec.exe	MsiExec.exe
PID 1212 wrote to memory of 3624	1212	MsiExec.exe	MinecraftLauncher.exe
PID 1212 wrote to memory of 3624	1212	MsiExec.exe	MinecraftLauncher.exe
PID 1212 wrote to memory of 3624	1212	MsiExec.exe	MinecraftLauncher.exe
PID 3624 wrote to memory of 508	3624	MinecraftLauncher.exe	NativeUpdater.exe
PID 3624 wrote to memory of 508	3624	MinecraftLauncher.exe	NativeUpdater.exe
PID 3624 wrote to memory of 508	3624	MinecraftLauncher.exe	NativeUpdater.exe
PID 508 wrote to memory of 3948	508	NativeUpdater.exe	MinecraftLauncher.exe
PID 508 wrote to memory of 3948	508	NativeUpdater.exe	MinecraftLauncher.exe
PID 508 wrote to memory of 3948	508	NativeUpdater.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 824	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 824	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 824	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 2216	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 2216	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 2216	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 1824	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 1824	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 1824	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 704	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 704	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 704	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4360	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4360	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4360	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4488	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4488	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4488	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4500	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4500	3948	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 3948 wrote to memory of 4500	3948	MinecraftLauncher.exe	MinecraftLauncher.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:652

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2C5F02A568A30681550D34CD567D7589 C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1212
- - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
    "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3624
  - - C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
      tools\NativeUpdater.exe MinecraftLauncher.exe MinecraftLauncher.exe.tmp --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:508
    - - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        MinecraftLauncher.exe --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
        5⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:3948
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=2012,15651667644578736136,9766211296864612306,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2024 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:824
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,15651667644578736136,9766211296864612306,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2424 /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2216
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2012,15651667644578736136,9766211296864612306,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:1824
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2012,15651667644578736136,9766211296864612306,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:704
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=2012,15651667644578736136,9766211296864612306,131072 --enable-features=CastMediaRouteProvider --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADoACAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2384 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4360
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2012,15651667644578736136,9766211296864612306,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4488
      - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2012,15651667644578736136,9766211296864612306,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
        6⤵
        Executes dropped EXE
        Checks computer location settings
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4500
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3544
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D8D2F69DE96755CDE01D7E53F93CD794
  2⤵
  - Loads dropped DLL
  PID:4040
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1DF6F5EED5CF5C6C6E2EFCE0FC875481 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:1828

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3064

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:432

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe.tmp

MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef.pak

MD5
fa6c54291dcc13acc9dbec30923fe503

SHA1
8f157cc1ab1c18bf47305543b149604797cd6587

SHA256
455dd904ba68305f45682ae9c776a87cb2cb67bbe2d20e13cf97a812b68cf5f4

SHA512
135773297e6481f66d53a6a6bb887e0e0ba17ded9f76e2cef2db48a095a4c301eda84feb46f2a44425f4d34accd72765ee324d30a0692aa0c6d2c513166d51de

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_100_percent.pak

MD5
4cec40309dc9e4bf0f0cc915aeb6c9ac

SHA1
2da1b18943265f473f6b87b63132dbb2398ff487

SHA256
6267cb52b0ca5593cf402139e736eb4f1d6bc3f2eab4c6deb99934711050ef4f

SHA512
e684d4d735762e87c8556c164379f97f59b8b4077e2f4c49ae43610ca2a3994ad45839cf6edef4e741a4f1fb345413e4246fb5901dd52bd98c9a2f60866817c7

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_200_percent.pak

MD5
50a6d9ab74ebfaeda5baa28997149977

SHA1
1ad557cecf3d54a5fbe471ceab189d344fef347c

SHA256
c8f7697bdb4aa19722b975dd2126baf8c2edb5c0a58e2d64a6fefa4cbb8335ec

SHA512
31647191b432f82ff24a41a16abb77512bed2f3105791079d795304452e2bff89f618202023fd133cdc79f80d02647093edebca9e43c19cbd4d2bed4c8d35180

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_extensions.pak

MD5
c294094045246da46492204f2920d74f

SHA1
229367ac0be0a2da9d6338cba6f45c07f790140c

SHA256
8e8882c3d420231e1ddd1329e259cd8dc38fe392727aa74cfa4df57125d4cfb3

SHA512
03543e3c436a8b42b3f5bb942de468b4898172720ddef5597535b81347581ae0c89bf91e6bef3b91c796ca5bd393a865b2fa53ba70b2fda6578c640b14ab92cd

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat

MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\locales\en-US.pak

MD5
16a6914c9637812257e28b2cc4e6d809

SHA1
82212a642c90b51b8f67e517ee8782da841b658f

SHA256
8fe734f556d97e7c07d02e839a16565f7db88ca7091ca3903a9b153a68aaaf72

SHA512
6efbab68c8b036fd73951295a5f65718003deea46db838f6f263133452e09be45ce006246850facbb1922766f42c2ce1796722cecfcc8495921a7bcd9402a446

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libegl.dll

MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libglesv2.dll

MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\v8_context_snapshot.bin

MD5
cdeec3342ce88d4de5426032a6bf6a53

SHA1
b36ec3c3b20a7a06ff282d696f12b51904b073a4

SHA256
ca88a3c7034da1de52d35823fba0fe80ba5376ab70cdc1841e6aaf25c1f5dd6e

SHA512
54874cd76589124b750fdae90be75e1acf374566d56352c15dbbee98c095aad0e56db142952a808b08e4817bf5f8e176ffdc4ff79110d8661ee4f7ede16b2ea9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5
0ca1a3373000ec3e9898d9d3884bf0e8

SHA1
93570f5dd35d040527d80a4b552ab280f25b659a

SHA256
9344542d82e287df60fb7f843e60bd2184bbe8ae6fbcc34cf6616bbd8d08eebd

SHA512
1a5358470a4c8c29c4e64a2fbc25592884ef378421ab6f2e45107b777236246ef12710507b10f55c9c352003f70808e526f29c46e3f41fa4efbf80cad469590a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40

MD5
b66ec24d3d8ac8f5cbcec82696ba1d74

SHA1
6e3451d0e859ccab9049f5c87f7068c6161b9b03

SHA256
7923fdcbf0085fa6a9492562b9f055a5816dcd75c1aeb28bc9b033c5c679f522

SHA512
dfdb276ff87c3e82fb66e23b8518764926444d0aba50d074c4a875ceb500a76e8b52d443ecd0bd1b436839ce194f5851d5e1fa099198b0f4a19054c73316abbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5
5a766a197d048722c02bc65813f3edba

SHA1
690af1a75b68f4919e6586a66931f924273ba8c3

SHA256
aadfb37909718ab117a890914abe3927202049c2d79824fa2fc043dbba396595

SHA512
4e9255bfbda073014ce2995d80b8132216c3eb69fab2cdfe67ddbd5fe6390fa5c31bec5f65aa22a39de217bc55845e52a0033977f69f57f93a982bbe47f73b5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40

MD5
d6be123efe95404dff4fccf899a4a2bb

SHA1
853633339e1d03907804dd119ff9c8b08217251a

SHA256
a3c6845257db611720e62754f6c1579a1eaa01d5cfd662b78a07f237e4305b0b

SHA512
e17d6f7ed8e352c30d0d30c0f4258b0ad9405159c49af2cf6ecf12e4d115b084934b1b378273ba33f74420d6c9c1c5175c035b4bc2067859765c7b129a4f2290

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8004.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB7C2.tmp

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt

MD5
68b6ed486e2a0b305a6fd28e943d6d86

SHA1
74dade9e6152cc61b72ae314a17f6ff45945e0d4

SHA256
f1e289884db89e0fd03fd54ce4333bedb01692b6dd1525c387f088de5c97e2ba

SHA512
83ea0fb1eaba3834d95a80f67845ab3e35b5ac6f9c9b7863b08681ad49596c42437583d4934251dcc4a7c31b8be2b989c4103aac620741b597bddcc59914646d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt

MD5
516bf02c46934ecd7265b3659d7d2c3a

SHA1
41c508a1da0d77f3387b89e4f892ae65e7b7d382

SHA256
ba6c867a12493486bb4e2f0557edf8be050921a8bc185cf8d02a5f97a96a907c

SHA512
5dfb694eeb516aa5d17add3326583d0e5d19a118ea5713d7a6066007f125524efc7837db75f14fc47eb44fe1597b632e503d635c64482af9fb692ec1d47986f9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

MD5
1d0151f8dac50828651dbb18864a7863

SHA1
c372c2357b2ebfbf0a6036f1fcc54abee0259913

SHA256
4c636f489600957ca94ce2503422b9b5ae6ac28aff4026872238154e2bacdc74

SHA512
86722be19cbd459c5e75b33573b4127792d095143a7460febb444a3b0b8477efa6404f62c7adeae1e6fe73e5ff20d0706198ff70ee6194ae7da79f66f2295e93

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

MD5
270ade77b4358d215f30e625a2b172f6

SHA1
c407dcca0525ba0bb9d9c5d63ac78f7aa03ae03a

SHA256
7afa6b9dacfb8d546c8f9c386601999232fa9aa6bcc9879503ab2433e053c3c5

SHA512
af56d5ec7d603284db4fe340f5f5fc00c48b0e3d065660cb3d40088e6c4c35675cb7eaa6504803a11120d49e40d7aeb0f5321aacef79e5b074369722056bcd62

Download Submit
C:\Windows\Installer\MSI1B4F.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI1CD7.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI21AB.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5
996ff7ab4e1a0945a7915f293112ff72

SHA1
bd59bf4f61314f19c0a841795d8d5f0af72b2052

SHA256
fe03a72f349548f494ed53ac12f4f017f91c71740ce1b26b0e73d90ab9e8213b

SHA512
7774c9277a7dbbb7112bc37cd804f6f3e4db1e7493a411dc486a1085fa437fd38da3b3da6ef7a27e99366f205cb0a3934ba58bbb5509688fcf2da0ac7654bd0e

Download Submit
\??\Volume{d05cfc4a-0000-0000-0000-500600000000}\System Volume Information\SPP\OnlineMetadataCache\{f4f6764e-ab26-4b03-9b74-95d9beb47d78}_OnDiskSnapshotProp

MD5
449cc47ca890a11f8c36b4d8c549b495

SHA1
14986a257ec5241882e1a427af242483711dbf0b

SHA256
57b056b6aafaf2e37ceb31f4a61c92ba638f39b6d4acae0a95dfbd3e2910a79b

SHA512
1e9a87e5e6ae5df4a648661de2c76872ac81032d005cc8bc7a6fe7a981e11d37185b20281d0703c743158c97a5f59ff67b329e22b82f584a144673c139eefb87

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\swiftshader\libEGL.dll

MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
\Program Files (x86)\Minecraft Launcher\game\swiftshader\libGLESv2.dll

MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
\Users\Admin\AppData\Local\Temp\MSI8004.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB7C2.tmp

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
\Windows\Installer\MSI1B4F.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSI1CD7.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSI21AB.tmp

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
memory/508-147-0x0000000000000000-mapping.dmp

Download
memory/704-176-0x0000000000000000-mapping.dmp

Download
memory/824-157-0x0000000000000000-mapping.dmp

Download
memory/1212-118-0x0000000000000000-mapping.dmp

Download
memory/1824-175-0x0000000000000000-mapping.dmp

Download
memory/1828-137-0x0000000000000000-mapping.dmp

Download
memory/2216-159-0x0000000000000000-mapping.dmp

Download
memory/3544-123-0x0000000000000000-mapping.dmp

Download
memory/3624-145-0x0000000000000000-mapping.dmp

Download
memory/3948-151-0x0000000000000000-mapping.dmp

Download
memory/4040-128-0x0000000000000000-mapping.dmp

Download
memory/4360-193-0x0000000000000000-mapping.dmp

Download
memory/4488-199-0x0000000000000000-mapping.dmp

Download
memory/4500-200-0x0000000000000000-mapping.dmp

Download