1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8

Analysis

max time kernel
1071s
max time network
1081s
platform
windows10_x64
resource
win10-en-20210920
submitted
28-09-2021 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftInstaller.msi
Size

2.5MB
MD5

22991d4ef03118107a943934d92319d1
SHA1

832ea164d844401f9eced5bf84d45ad4b273cf8c
SHA256

1d9f66794a5af4e409a6c6b32a14d674cc1ea96f69e2cf2acb3c7b997750d5f8
SHA512

79a87b895184188d987f9390f28c20ab4d999d953f9c3d3f92f9d0069a0dc6490c4ef69603e12b62554d809a08b97a79b12f98055b0ebc6a91d5215e3b95fd33

Score

8^/10

discovery

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

4 2332 msiexec.exe
6 2332 msiexec.exe
8 2332 msiexec.exe

flow	pid	process
4	2332	msiexec.exe
6	2332	msiexec.exe
8	2332	msiexec.exe

Executes dropped EXE 10 IoCs

Processes:

MinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
2160	MinecraftLauncher.exe
3164	NativeUpdater.exe
1632	MinecraftLauncher.exe
2012	MinecraftLauncher.exe
3780	MinecraftLauncher.exe
940	MinecraftLauncher.exe
1800	MinecraftLauncher.exe
4364	MinecraftLauncher.exe
4376	MinecraftLauncher.exe
4608	MinecraftLauncher.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe

Loads dropped DLL 31 IoCs

Processes:

MsiExec.exeMsiExec.exeMsiExec.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
2312	MsiExec.exe
3804	MsiExec.exe
3804	MsiExec.exe
3904	MsiExec.exe
2312	MsiExec.exe
1632	MinecraftLauncher.exe
1632	MinecraftLauncher.exe
1632	MinecraftLauncher.exe
2012	MinecraftLauncher.exe
2012	MinecraftLauncher.exe
2012	MinecraftLauncher.exe
3780	MinecraftLauncher.exe
3780	MinecraftLauncher.exe
3780	MinecraftLauncher.exe
2012	MinecraftLauncher.exe
2012	MinecraftLauncher.exe
940	MinecraftLauncher.exe
940	MinecraftLauncher.exe
940	MinecraftLauncher.exe
1800	MinecraftLauncher.exe
1800	MinecraftLauncher.exe
1800	MinecraftLauncher.exe
4376	MinecraftLauncher.exe
4376	MinecraftLauncher.exe
4376	MinecraftLauncher.exe
4364	MinecraftLauncher.exe
4364	MinecraftLauncher.exe
4364	MinecraftLauncher.exe
4608	MinecraftLauncher.exe
4608	MinecraftLauncher.exe
4608	MinecraftLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe

Drops file in Program Files directory 64 IoCs

Processes:

MinecraftLauncher.exemsiexec.exeMinecraftLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef_extensions.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\libGLESv2.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\vi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fil.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\uk.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\libEGL.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\de.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\es.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\id.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\snapshot_blob.bin.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef_100_percent.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\el.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\hi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ta.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\zh-TW.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sv.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\bg.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\en-US.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fa.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\pt-BR.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe	msiexec.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\he.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ro.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\te.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\cef_200_percent.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\cs.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\es-419.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ml.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\th.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\bn.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ja.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sk.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libEGL.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\mr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\nl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\pt-PT.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\JavaCheck.jar.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\da.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\et.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\hr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\d3dcompiler_47.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\en-GB.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\gu.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\hu.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\lt.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\nb.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\sw.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libGLESv2.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\v8_context_snapshot.bin.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ca.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\fr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\kn.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\lv.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\zh-CN.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\am.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft Launcher\game\locales\ar.pak	MinecraftLauncher.exe

Drops file in Windows directory 13 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{733C3ACB-432D-4880-B0E1-660000D7974D}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7707.tmp	msiexec.exe
File created	C:\Windows\Installer\374d5.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\374d3.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI76F6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI789E.tmp	msiexec.exe
File created	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\{733C3ACB-432D-4880-B0E1-660000D7974D}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7B4F.tmp	msiexec.exe
File created	C:\Windows\Installer\374d3.msi	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\FriendlyName	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Mfg	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

msiexec.exesvchost.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\16\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\17	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Modifies registry class 23 IoCs

Processes:

msiexec.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductName = "Minecraft Launcher"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Version = "16777216"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\BCA3C337D23408840B1E6600007D79D4\Complete	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\PackageCode = "54FE00570550045418568622471E508D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\SourceList\PackageName = "MinecraftInstaller.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\BCA3C337D23408840B1E6600007D79D4\ProductIcon = "C:\\Windows\\Installer\\{733C3ACB-432D-4880-B0E1-660000D7974D}\\minecraft.ico"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msiexec.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exeMinecraftLauncher.exe

pid	process
3912	msiexec.exe
3912	msiexec.exe
2012	MinecraftLauncher.exe
2012	MinecraftLauncher.exe
3780	MinecraftLauncher.exe
3780	MinecraftLauncher.exe
940	MinecraftLauncher.exe
940	MinecraftLauncher.exe
1800	MinecraftLauncher.exe
1800	MinecraftLauncher.exe
4376	MinecraftLauncher.exe
4376	MinecraftLauncher.exe
4364	MinecraftLauncher.exe
4364	MinecraftLauncher.exe
4608	MinecraftLauncher.exe
4608	MinecraftLauncher.exe
4608	MinecraftLauncher.exe
4608	MinecraftLauncher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	2332	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2332	msiexec.exe
Token: SeSecurityPrivilege	3912	msiexec.exe
Token: SeCreateTokenPrivilege	2332	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2332	msiexec.exe
Token: SeLockMemoryPrivilege	2332	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2332	msiexec.exe
Token: SeMachineAccountPrivilege	2332	msiexec.exe
Token: SeTcbPrivilege	2332	msiexec.exe
Token: SeSecurityPrivilege	2332	msiexec.exe
Token: SeTakeOwnershipPrivilege	2332	msiexec.exe
Token: SeLoadDriverPrivilege	2332	msiexec.exe
Token: SeSystemProfilePrivilege	2332	msiexec.exe
Token: SeSystemtimePrivilege	2332	msiexec.exe
Token: SeProfSingleProcessPrivilege	2332	msiexec.exe
Token: SeIncBasePriorityPrivilege	2332	msiexec.exe
Token: SeCreatePagefilePrivilege	2332	msiexec.exe
Token: SeCreatePermanentPrivilege	2332	msiexec.exe
Token: SeBackupPrivilege	2332	msiexec.exe
Token: SeRestorePrivilege	2332	msiexec.exe
Token: SeShutdownPrivilege	2332	msiexec.exe
Token: SeDebugPrivilege	2332	msiexec.exe
Token: SeAuditPrivilege	2332	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2332	msiexec.exe
Token: SeChangeNotifyPrivilege	2332	msiexec.exe
Token: SeRemoteShutdownPrivilege	2332	msiexec.exe
Token: SeUndockPrivilege	2332	msiexec.exe
Token: SeSyncAgentPrivilege	2332	msiexec.exe
Token: SeEnableDelegationPrivilege	2332	msiexec.exe
Token: SeManageVolumePrivilege	2332	msiexec.exe
Token: SeImpersonatePrivilege	2332	msiexec.exe
Token: SeCreateGlobalPrivilege	2332	msiexec.exe
Token: SeCreateTokenPrivilege	2332	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2332	msiexec.exe
Token: SeLockMemoryPrivilege	2332	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2332	msiexec.exe
Token: SeMachineAccountPrivilege	2332	msiexec.exe
Token: SeTcbPrivilege	2332	msiexec.exe
Token: SeSecurityPrivilege	2332	msiexec.exe
Token: SeTakeOwnershipPrivilege	2332	msiexec.exe
Token: SeLoadDriverPrivilege	2332	msiexec.exe
Token: SeSystemProfilePrivilege	2332	msiexec.exe
Token: SeSystemtimePrivilege	2332	msiexec.exe
Token: SeProfSingleProcessPrivilege	2332	msiexec.exe
Token: SeIncBasePriorityPrivilege	2332	msiexec.exe
Token: SeCreatePagefilePrivilege	2332	msiexec.exe
Token: SeCreatePermanentPrivilege	2332	msiexec.exe
Token: SeBackupPrivilege	2332	msiexec.exe
Token: SeRestorePrivilege	2332	msiexec.exe
Token: SeShutdownPrivilege	2332	msiexec.exe
Token: SeDebugPrivilege	2332	msiexec.exe
Token: SeAuditPrivilege	2332	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2332	msiexec.exe
Token: SeChangeNotifyPrivilege	2332	msiexec.exe
Token: SeRemoteShutdownPrivilege	2332	msiexec.exe
Token: SeUndockPrivilege	2332	msiexec.exe
Token: SeSyncAgentPrivilege	2332	msiexec.exe
Token: SeEnableDelegationPrivilege	2332	msiexec.exe
Token: SeManageVolumePrivilege	2332	msiexec.exe
Token: SeImpersonatePrivilege	2332	msiexec.exe
Token: SeCreateGlobalPrivilege	2332	msiexec.exe
Token: SeCreateTokenPrivilege	2332	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2332	msiexec.exe
Token: SeLockMemoryPrivilege	2332	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

2332 msiexec.exe
2332 msiexec.exe

pid	process
2332	msiexec.exe
2332	msiexec.exe

Suspicious use of WriteProcessMemory 41 IoCs

Processes:

msiexec.exeMsiExec.exeMinecraftLauncher.exeNativeUpdater.exeMinecraftLauncher.exe

description	pid	process	target process
PID 3912 wrote to memory of 2312	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 2312	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 2312	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 2616	3912	msiexec.exe	srtasks.exe
PID 3912 wrote to memory of 2616	3912	msiexec.exe	srtasks.exe
PID 3912 wrote to memory of 3804	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 3804	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 3804	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 3904	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 3904	3912	msiexec.exe	MsiExec.exe
PID 3912 wrote to memory of 3904	3912	msiexec.exe	MsiExec.exe
PID 2312 wrote to memory of 2160	2312	MsiExec.exe	MinecraftLauncher.exe
PID 2312 wrote to memory of 2160	2312	MsiExec.exe	MinecraftLauncher.exe
PID 2312 wrote to memory of 2160	2312	MsiExec.exe	MinecraftLauncher.exe
PID 2160 wrote to memory of 3164	2160	MinecraftLauncher.exe	NativeUpdater.exe
PID 2160 wrote to memory of 3164	2160	MinecraftLauncher.exe	NativeUpdater.exe
PID 2160 wrote to memory of 3164	2160	MinecraftLauncher.exe	NativeUpdater.exe
PID 3164 wrote to memory of 1632	3164	NativeUpdater.exe	MinecraftLauncher.exe
PID 3164 wrote to memory of 1632	3164	NativeUpdater.exe	MinecraftLauncher.exe
PID 3164 wrote to memory of 1632	3164	NativeUpdater.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 2012	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 2012	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 2012	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 3780	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 3780	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 3780	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 940	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 940	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 940	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 1800	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 1800	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 1800	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4364	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4364	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4364	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4376	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4376	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4376	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4608	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4608	1632	MinecraftLauncher.exe	MinecraftLauncher.exe
PID 1632 wrote to memory of 4608	1632	MinecraftLauncher.exe	MinecraftLauncher.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2332

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3912

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DCB65113D1EEB9FAD9B0104D42DB8719 C
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2312

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2160

C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
tools\NativeUpdater.exe MinecraftLauncher.exe MinecraftLauncher.exe.tmp --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3164

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MinecraftLauncher.exe --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
5⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1632

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=1968,12941687129750051912,13663657921082113541,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2096 /prefetch:2
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2012

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,12941687129750051912,13663657921082113541,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2424 /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3780

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1968,12941687129750051912,13663657921082113541,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
6⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:940

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1968,12941687129750051912,13663657921082113541,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
6⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1800

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1968,12941687129750051912,13663657921082113541,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
6⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4364

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=1968,12941687129750051912,13663657921082113541,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
6⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4376

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=1968,12941687129750051912,13663657921082113541,131072 --enable-features=CastMediaRouteProvider --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --gpu-preferences=MAAAAAAAAADoACAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=1676 /prefetch:2
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4608

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:2616

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AD3A8572D7C901708E6E54561DA73441
2⤵
- Loads dropped DLL
PID:3804

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 71A5326D81A07B3EB396D37F0607DD44 E Global\MSI0000
2⤵
- Loads dropped DLL
PID:3904

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:320

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3528

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
0501b8eb39f00dcaa3c89ccec2fbde17

SHA1
cb7b82a5d02a2b5ea9c16b5083015c832b556405

SHA256
161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

SHA512
4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe.tmp
MD5
aab5d0e50301bd8f6abb6960b3d43db3

SHA1
3a85acccf7a030b1290af1c818f5b70fd3d7dd80

SHA256
b8b9e359cd829d2fe4b54c78352545a0c3b6a6a98f3fa6d097d4c5b73424a3f4

SHA512
a2b8134199e3cbacfea001d13dbff8b3f8a95e0d5784275fbcabe412f35a7a81c3d912e35a3a7d20fe92405f18a8c978750316d9dac11a4f9b19420ca26162b9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef.pak
MD5
fa6c54291dcc13acc9dbec30923fe503

SHA1
8f157cc1ab1c18bf47305543b149604797cd6587

SHA256
455dd904ba68305f45682ae9c776a87cb2cb67bbe2d20e13cf97a812b68cf5f4

SHA512
135773297e6481f66d53a6a6bb887e0e0ba17ded9f76e2cef2db48a095a4c301eda84feb46f2a44425f4d34accd72765ee324d30a0692aa0c6d2c513166d51de

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_100_percent.pak
MD5
4cec40309dc9e4bf0f0cc915aeb6c9ac

SHA1
2da1b18943265f473f6b87b63132dbb2398ff487

SHA256
6267cb52b0ca5593cf402139e736eb4f1d6bc3f2eab4c6deb99934711050ef4f

SHA512
e684d4d735762e87c8556c164379f97f59b8b4077e2f4c49ae43610ca2a3994ad45839cf6edef4e741a4f1fb345413e4246fb5901dd52bd98c9a2f60866817c7

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_200_percent.pak
MD5
50a6d9ab74ebfaeda5baa28997149977

SHA1
1ad557cecf3d54a5fbe471ceab189d344fef347c

SHA256
c8f7697bdb4aa19722b975dd2126baf8c2edb5c0a58e2d64a6fefa4cbb8335ec

SHA512
31647191b432f82ff24a41a16abb77512bed2f3105791079d795304452e2bff89f618202023fd133cdc79f80d02647093edebca9e43c19cbd4d2bed4c8d35180

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\cef_extensions.pak
MD5
c294094045246da46492204f2920d74f

SHA1
229367ac0be0a2da9d6338cba6f45c07f790140c

SHA256
8e8882c3d420231e1ddd1329e259cd8dc38fe392727aa74cfa4df57125d4cfb3

SHA512
03543e3c436a8b42b3f5bb942de468b4898172720ddef5597535b81347581ae0c89bf91e6bef3b91c796ca5bd393a865b2fa53ba70b2fda6578c640b14ab92cd

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat
MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\locales\en-US.pak
MD5
16a6914c9637812257e28b2cc4e6d809

SHA1
82212a642c90b51b8f67e517ee8782da841b658f

SHA256
8fe734f556d97e7c07d02e839a16565f7db88ca7091ca3903a9b153a68aaaf72

SHA512
6efbab68c8b036fd73951295a5f65718003deea46db838f6f263133452e09be45ce006246850facbb1922766f42c2ce1796722cecfcc8495921a7bcd9402a446

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libegl.dll
MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libglesv2.dll
MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Program Files (x86)\Minecraft Launcher\game\v8_context_snapshot.bin
MD5
cdeec3342ce88d4de5426032a6bf6a53

SHA1
b36ec3c3b20a7a06ff282d696f12b51904b073a4

SHA256
ca88a3c7034da1de52d35823fba0fe80ba5376ab70cdc1841e6aaf25c1f5dd6e

SHA512
54874cd76589124b750fdae90be75e1acf374566d56352c15dbbee98c095aad0e56db142952a808b08e4817bf5f8e176ffdc4ff79110d8661ee4f7ede16b2ea9

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
0ca1a3373000ec3e9898d9d3884bf0e8

SHA1
93570f5dd35d040527d80a4b552ab280f25b659a

SHA256
9344542d82e287df60fb7f843e60bd2184bbe8ae6fbcc34cf6616bbd8d08eebd

SHA512
1a5358470a4c8c29c4e64a2fbc25592884ef378421ab6f2e45107b777236246ef12710507b10f55c9c352003f70808e526f29c46e3f41fa4efbf80cad469590a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40
MD5
b66ec24d3d8ac8f5cbcec82696ba1d74

SHA1
6e3451d0e859ccab9049f5c87f7068c6161b9b03

SHA256
7923fdcbf0085fa6a9492562b9f055a5816dcd75c1aeb28bc9b033c5c679f522

SHA512
dfdb276ff87c3e82fb66e23b8518764926444d0aba50d074c4a875ceb500a76e8b52d443ecd0bd1b436839ce194f5851d5e1fa099198b0f4a19054c73316abbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5
MD5
9ef75fb3a4c6585b6fc9fab72d87dec6

SHA1
29235c9cdba4c52f2ce0adfb8ae5adc80e25df1f

SHA256
791f7a01d9c207d8e483c2cc076080e43b8e3a838809079a879ae85926b417d2

SHA512
581f3ac5d9e13cfcef31eaee14dea74201ea1e5ffd4681e57afed0a45c4222654a26ce315456d1c67c7271c5b24890103d118f7a9e6bc5910032545752f46acd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_6BE73709C7F4D409D3FEEFF27BA07C40
MD5
ac5b1c9fa2d2b2c572576d5c885dda78

SHA1
f56fb7eb15f7804dcfcd4a9521dfbb35d3cbf229

SHA256
f6dab528d30a7d0527333234d051c5ac59faed274289827102bf0b24a2a9af1c

SHA512
ef1fc791113f307d9fe30b438b14ec76cc3c636ce8681fbd2b3be12ca75a1e0366150601fc234cdfaf23a166abafe8ee33358f945b7eeff0cfd2df3d9b669f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID20.tmp
MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID265.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt
MD5
4f51ea0dc8ed429de353a43b36ea1258

SHA1
73499fe5a97fd453ab661caca4cf00e2b4214de3

SHA256
27ba2e9e4437466b34d90cda927ca39a9a9350d73538eaef6aa4ec5b8289467b

SHA512
72fceb2077e0a0f23e44f0547a832ce08fb1fa5c1aaed8b8c2e334d3dd4215db1699804fd6fe7a0fd2a03e76186d43d937c6dda886aa3b0bfbb80e3abff0c707

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt
MD5
6637417995a147bd5f31194c5c2a16e3

SHA1
9a3c3169d2b5ef9cc02be0c2325a82af15d06cbd

SHA256
1c9feb57906dfbd4fd7d75dc1cb701b2cb3956759635cfc9a578353f9698a464

SHA512
416e50fc3cb9135e7a825205c11a0f33c3c7078abd01cb351c738553101757696f5ea0b0d4b94ad8dd4e593e7af3368750c784e78a38a272afb3925b00602ffd

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json
MD5
270ade77b4358d215f30e625a2b172f6

SHA1
c407dcca0525ba0bb9d9c5d63ac78f7aa03ae03a

SHA256
7afa6b9dacfb8d546c8f9c386601999232fa9aa6bcc9879503ab2433e053c3c5

SHA512
af56d5ec7d603284db4fe340f5f5fc00c48b0e3d065660cb3d40088e6c4c35675cb7eaa6504803a11120d49e40d7aeb0f5321aacef79e5b074369722056bcd62

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json
MD5
5c88a1ece0d96b0f725945cd9f49bafc

SHA1
7d5fb8e4ceb2d3587de0fef6c5accd7e1340fe25

SHA256
d1b93595ca1fec62bef20654c3cfd5dd3b472f88102be3c5a9ed1581cf1f8159

SHA512
8300460caeedee51438ccadb51102babaa386b99e7a8679ff8895571af7f57a78b8ece6f0b625aaa9ad78d3c98b9c63d87965568ffb2230b9be77c871cc1804a

Download Submit
C:\Windows\Installer\MSI7707.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI789E.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI7B4F.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
MD5
19d72420253942b8cc8951bad91bec3f

SHA1
f0312e5857fb11810d0866409cb980af5267e715

SHA256
9ea981a916b31d69c6ec9bcde917e6f0b022507d8bc6a5ecc9c2c3d8d178df92

SHA512
11d98487f7d418b5957cec67a8765a7d51488bf3f8b6e1d26578b91941807894c59e969458c9975b032c70ab43fa6c56d7928e63509ad3958ed331959afe8995

Download Submit
\??\Volume{5ad12640-0000-0000-0000-500600000000}\System Volume Information\SPP\OnlineMetadataCache\{1c16cbf9-eff8-46d5-b926-7f8e3dd1af3c}_OnDiskSnapshotProp
MD5
048f78c861a840f858f1f6330b14a500

SHA1
fe1cbf7b28f2e899594cf9c4219b2a34b3b30d3c

SHA256
3bcc3da454cbf89e9d31ad389d02a9fd27022908b46ef09bb34382474c5f2675

SHA512
779fedc28131806aecbc142fb565646b6b5b50258c9c6b7e38061ef80644441e1748cffab960139e587ebde9eb3323ec069febdca158dae8b3e271a725e54b06

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll
MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\launcher.dll
MD5
323e27ec26420b47db8dfcd87e8fd17d

SHA1
24285f69a54937132a550862e376b391fbc3f609

SHA256
d9d6c1041e4a436e8a9481e3c9415400848f025f404cf754114acd00cb1d62d4

SHA512
6ac015b046b57435dac1afcad0e6fbdafaf83e903752a04c6354a57eca400e955398fc248e10e13c847089043bf97376965e635f7ed11b34f2698fc817fd90c8

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\libcef.dll
MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
\Program Files (x86)\Minecraft Launcher\game\swiftshader\libEGL.dll
MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
\Program Files (x86)\Minecraft Launcher\game\swiftshader\libGLESv2.dll
MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
\Users\Admin\AppData\Local\Temp\MSID20.tmp
MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
\Users\Admin\AppData\Local\Temp\MSID265.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSI7707.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSI789E.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSI7B4F.tmp
MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
memory/940-162-0x0000000000000000-mapping.dmp

Download
memory/1632-152-0x0000000000000000-mapping.dmp

Download
memory/1800-163-0x0000000000000000-mapping.dmp

Download
memory/2012-158-0x0000000000000000-mapping.dmp

Download
memory/2160-146-0x0000000000000000-mapping.dmp

Download
memory/2312-119-0x0000000000000000-mapping.dmp

Download
memory/2616-124-0x0000000000000000-mapping.dmp

Download
memory/3164-148-0x0000000000000000-mapping.dmp

Download
memory/3780-160-0x0000000000000000-mapping.dmp

Download
memory/3804-129-0x0000000000000000-mapping.dmp

Download
memory/3904-136-0x0000000000000000-mapping.dmp

Download
memory/4364-194-0x0000000000000000-mapping.dmp

Download
memory/4376-195-0x0000000000000000-mapping.dmp

Download
memory/4608-202-0x0000000000000000-mapping.dmp

Download