hxxps://www[.]upload[.]ee/download/9618217/c6fa3b7bc1ee1bb2fbd0/Minecraft_Checker_by_xRisky[.]rar

Analysis

max time kernel
186s
max time network
179s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
22-09-2022 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/download/9618217/c6fa3b7bc1ee1bb2fbd0/Minecraft_Checker_by_xRisky.rar

Score

8^/10

agilenet

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Minecraft Checker by xRisky.exe

pid process

1620 Minecraft Checker by xRisky.exe

Loads dropped DLL 4 IoCs

Processes:

Minecraft Checker by xRisky.exe

pid	process
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/1620-162-0x00000000058B0000-0x0000000005C52000-memory.dmp	agile_net

Drops file in Program Files directory 6 IoCs

Processes:

chrome.exe

description	ioc	process
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Minecraft Checker by xRisky\YouTube.lnk	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Minecraft Checker by xRisky\xNet.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Minecraft Checker by xRisky\MetroSuite 2.0.dll	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Minecraft Checker by xRisky\Minecraft Checker by xRisky.exe	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Minecraft Checker by xRisky\Read before using.txt	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Minecraft Checker by xRisky\YouTube 2.lnk	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 31 IoCs

Processes:

Minecraft Checker by xRisky.exechrome.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	Minecraft Checker by xRisky.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Minecraft Checker by xRisky.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "4"	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Minecraft Checker by xRisky.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Minecraft Checker by xRisky.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Minecraft Checker by xRisky.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Minecraft Checker by xRisky.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Minecraft Checker by xRisky.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Minecraft Checker by xRisky.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Minecraft Checker by xRisky.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Minecraft Checker by xRisky.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeMinecraft Checker by xRisky.exe

pid	process
2092	chrome.exe
2092	chrome.exe
2712	chrome.exe
2712	chrome.exe
4452	chrome.exe
4452	chrome.exe
4536	chrome.exe
4536	chrome.exe
660	chrome.exe
660	chrome.exe
4328	chrome.exe
4328	chrome.exe
2248	chrome.exe
2248	chrome.exe
824	chrome.exe
824	chrome.exe
2712	chrome.exe
2712	chrome.exe
2496	chrome.exe
2496	chrome.exe
652	chrome.exe
652	chrome.exe
3160	chrome.exe
3160	chrome.exe
1644	chrome.exe
1644	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe
1620	Minecraft Checker by xRisky.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

3560 7zFM.exe

pid	process
3560	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

7zFM.exeMinecraft Checker by xRisky.exe

description	pid	process
Token: SeRestorePrivilege	3560	7zFM.exe
Token: 35	3560	7zFM.exe
Token: SeSecurityPrivilege	3560	7zFM.exe
Token: 33	1620	Minecraft Checker by xRisky.exe
Token: SeIncBasePriorityPrivilege	1620	Minecraft Checker by xRisky.exe
Token: SeDebugPrivilege	1620	Minecraft Checker by xRisky.exe
Token: 33	1620	Minecraft Checker by xRisky.exe
Token: SeIncBasePriorityPrivilege	1620	Minecraft Checker by xRisky.exe
Token: 33	1620	Minecraft Checker by xRisky.exe
Token: SeIncBasePriorityPrivilege	1620	Minecraft Checker by xRisky.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

chrome.exe7zFM.exe

pid	process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
3560	7zFM.exe
2712	chrome.exe
3560	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Minecraft Checker by xRisky.exe

pid process

1620 Minecraft Checker by xRisky.exe
1620 Minecraft Checker by xRisky.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2712 wrote to memory of 2752	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2752	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2144	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2092	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 2092	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe
PID 2712 wrote to memory of 4924	2712	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.upload.ee/download/9618217/c6fa3b7bc1ee1bb2fbd0/Minecraft_Checker_by_xRisky.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa44464f50,0x7ffa44464f60,0x7ffa44464f70
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1664 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1600 /prefetch:2
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 /prefetch:8
2⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4152 /prefetch:8
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6692 /prefetch:8
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6536 /prefetch:8
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6844 /prefetch:8
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6824 /prefetch:8
2⤵
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4384 /prefetch:8
2⤵
PID:164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=776 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6792 /prefetch:8
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=164 /prefetch:8
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:8
2⤵
- Drops file in Program Files directory
PID:4696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4572 /prefetch:8
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1340,13718344865711470243,14714710957182069824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5832 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338
1⤵
PID:320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3296

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Minecraft_Checker_by_xRisky.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3560

C:\Users\Admin\Desktop\Minecraft Checker by xRisky\Minecraft Checker by xRisky.exe
"C:\Users\Admin\Desktop\Minecraft Checker by xRisky\Minecraft Checker by xRisky.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1620

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Minecraft Checker by xRisky\MetroSuite 2.0.dll
Filesize
305KB

MD5
0d30a398cec0ff006b6ea2b52d11e744

SHA1
4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45

SHA256
8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654

SHA512
8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc

Download Submit
C:\Users\Admin\Desktop\Minecraft Checker by xRisky\Minecraft Checker by xRisky.exe
Filesize
2.5MB

MD5
5e437613c9ff5ebac652c1bcdfd3b09b

SHA1
68d0706818698a8abc16964e405b601076abea40

SHA256
aee7b1aa2aea4d68f2dec1b7d4d704640c202152bff530ca51e19add52d5b5fd

SHA512
9ad15bb1ddf44bf9ffe333af94847a512a76b58de337189e0748495c3f7a1f8c776a310d773412d299f73c89db72b9f7c68543d43137c5a1980ae8f3e2dffd9b

Download Submit
C:\Users\Admin\Desktop\Minecraft Checker by xRisky\Minecraft Checker by xRisky.exe
Filesize
2.5MB

MD5
5e437613c9ff5ebac652c1bcdfd3b09b

SHA1
68d0706818698a8abc16964e405b601076abea40

SHA256
aee7b1aa2aea4d68f2dec1b7d4d704640c202152bff530ca51e19add52d5b5fd

SHA512
9ad15bb1ddf44bf9ffe333af94847a512a76b58de337189e0748495c3f7a1f8c776a310d773412d299f73c89db72b9f7c68543d43137c5a1980ae8f3e2dffd9b

Download Submit
C:\Users\Admin\Desktop\Minecraft Checker by xRisky\Read before using.txt
Filesize
884B

MD5
6daebb9555014ea4ca81161fdf5955d9

SHA1
6eb61b194d6951eaede87452b3163aff7d44f6c6

SHA256
63c60f2a04a1f40d3784f7818a816d111e3a9522f526bcca891edc2bb5e774fc

SHA512
6cd0912e950f1f41142647d8a690a9a6a9bc59b97d031f45f4153902d42d33abe2afbd7355841b7ff60ea4f8389afe9a79a186c1ff525a6fe7fb903f16dd03f6

Download Submit
C:\Users\Admin\Desktop\Minecraft Checker by xRisky\YouTube 2.lnk
Filesize
1KB

MD5
deb42bbec322cd0b8319f788312e28c4

SHA1
073d20ea0feabd59943fefff0b3a2c5ff320e1bc

SHA256
b3bb48a747cc7078d4c4c5bd872a270b59f328ae90a85ef3d955b8a4892bff41

SHA512
c4a9bd358dd225459410bcbe75ded4f514b708ff3799b1b56da388718d178ef6e2966ba8970a0bda03a42d65dae27973709de360582478fb24532f9d8b800e5f

Download Submit
C:\Users\Admin\Desktop\Minecraft Checker by xRisky\YouTube.lnk
Filesize
1KB

MD5
c7056a1f92245eec9e5ca71f406c4811

SHA1
dfd0cf087771943aa92e7e88114e993234425d8b

SHA256
bde117478e44d3aa7d55122cf450f10b5af74cfb4ce82ae4fc6fb7dd414c2469

SHA512
640987725389f98a39892bdb03dbb59f316227b6611c488665f2d166bd8434b34b86ad1d784c9b750e9d57b031ea1c1522be37822111683e2e8762213cfefa2c

Download Submit
C:\Users\Admin\Desktop\Minecraft Checker by xRisky\xNet.dll
Filesize
104KB

MD5
158defd55a804aa8d4d67bfdf7a4af9c

SHA1
9dd41914fa181cb5225e593373f7dca062d7af0b

SHA256
6c7ec4cc31a2ce0b97703b7a42e3448e9b87d96dda12761ca24d8787ac27cff1

SHA512
e98062b3b035d7d87c3457621c5ffc0aefed490544739219c4f4cafc3e7de248f1cf91edb3564e49d406f9fcaf314838d33b2ddd7e3b1a1751e5819b9ab798d6

Download Submit
C:\Users\Admin\Downloads\Minecraft_Checker_by_xRisky.rar
Filesize
1.9MB

MD5
f8f91e2f53834e8ebec71d998acc20e3

SHA1
a92faca54da99c5ca1517a153c13f29c8f34da22

SHA256
baaed06d0d1547be55d27b4991ec4b04255844411d584622f1d5e19e11ca0daa

SHA512
f57fc7776fc68baf954f1960fb651d4e0645bdf4516002b27416229ffccae1655c9c2ad862cd3b0b8c3c4745e65c2e7fc84d1aeb44fdaf33bd5707207b97ef14

Download Submit
\??\pipe\crashpad_2712_ZRONFCTVRTLKNQNW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\Desktop\Minecraft Checker by xRisky\MetroSuite 2.0.dll
Filesize
305KB

MD5
0d30a398cec0ff006b6ea2b52d11e744

SHA1
4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45

SHA256
8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654

SHA512
8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc

Download Submit
\Users\Admin\Desktop\Minecraft Checker by xRisky\MetroSuite 2.0.dll
Filesize
305KB

MD5
0d30a398cec0ff006b6ea2b52d11e744

SHA1
4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45

SHA256
8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654

SHA512
8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc

Download Submit
\Users\Admin\Desktop\Minecraft Checker by xRisky\xNet.dll
Filesize
104KB

MD5
158defd55a804aa8d4d67bfdf7a4af9c

SHA1
9dd41914fa181cb5225e593373f7dca062d7af0b

SHA256
6c7ec4cc31a2ce0b97703b7a42e3448e9b87d96dda12761ca24d8787ac27cff1

SHA512
e98062b3b035d7d87c3457621c5ffc0aefed490544739219c4f4cafc3e7de248f1cf91edb3564e49d406f9fcaf314838d33b2ddd7e3b1a1751e5819b9ab798d6

Download Submit
\Users\Admin\Desktop\Minecraft Checker by xRisky\xNet.dll
Filesize
104KB

MD5
158defd55a804aa8d4d67bfdf7a4af9c

SHA1
9dd41914fa181cb5225e593373f7dca062d7af0b

SHA256
6c7ec4cc31a2ce0b97703b7a42e3448e9b87d96dda12761ca24d8787ac27cff1

SHA512
e98062b3b035d7d87c3457621c5ffc0aefed490544739219c4f4cafc3e7de248f1cf91edb3564e49d406f9fcaf314838d33b2ddd7e3b1a1751e5819b9ab798d6

Download Submit
memory/1620-159-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-167-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-130-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-131-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-132-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-133-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-134-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-135-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-136-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-137-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-138-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-139-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-140-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-141-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-142-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-143-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-144-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-145-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-146-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-147-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-148-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-149-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-150-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-151-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-152-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-153-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-154-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-155-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-156-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-157-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-158-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-128-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-160-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-161-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-162-0x00000000058B0000-0x0000000005C52000-memory.dmp

Filesize
3.6MB

Download
memory/1620-163-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-164-0x0000000005000000-0x000000000509C000-memory.dmp

Filesize
624KB

Download
memory/1620-165-0x00000000050A0000-0x0000000005132000-memory.dmp

Filesize
584KB

Download
memory/1620-166-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-129-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-168-0x00000000057B0000-0x00000000057D6000-memory.dmp

Filesize
152KB

Download
memory/1620-169-0x0000000007FD0000-0x00000000084CE000-memory.dmp

Filesize
5.0MB

Download
memory/1620-170-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-171-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-172-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-173-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-174-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-175-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-176-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-177-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-178-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-179-0x00000000058A0000-0x00000000058AA000-memory.dmp

Filesize
40KB

Download
memory/1620-180-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-127-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-184-0x0000000008580000-0x00000000085D4000-memory.dmp

Filesize
336KB

Download
memory/1620-126-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-124-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-123-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-122-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-188-0x0000000008560000-0x0000000008580000-memory.dmp

Filesize
128KB

Download
memory/1620-121-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-189-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-190-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-191-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-192-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-193-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-194-0x000000000515B000-0x000000000515F000-memory.dmp

Filesize
16KB

Download
memory/1620-195-0x0000000005C90000-0x0000000005CE6000-memory.dmp

Filesize
344KB

Download
memory/1620-196-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-197-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-198-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-206-0x0000000006D80000-0x0000000007D80000-memory.dmp

Filesize
16.0MB

Download
memory/1620-207-0x000000000515B000-0x000000000515F000-memory.dmp

Filesize
16KB

Download
memory/1620-222-0x0000000006D80000-0x0000000007D80000-memory.dmp

Filesize
16.0MB

Download
memory/1620-120-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-119-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-118-0x0000000077AD0000-0x0000000077C5E000-memory.dmp

Filesize
1.6MB

Download
memory/1620-268-0x000000000515B000-0x000000000515F000-memory.dmp

Filesize
16KB

Download