688b5b5478ed0b53ff9ca7a7ce9290a865294b9476b68401f104a974cd14b742

Analysis

max time kernel
377s
max time network
379s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/02/2023, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftInstaller.msi
Size

2.2MB
MD5

16d3f94ba8d38a212ef92277404754ec
SHA1

eb9ab8cffb6aad1c1263bf224fc5bb700d16515f
SHA256

688b5b5478ed0b53ff9ca7a7ce9290a865294b9476b68401f104a974cd14b742
SHA512

6c34d6bbce7b0d5c2e0a995fe4585cf69d0964beabcc6381ed731f67738c7a154bc69f7a0dd76386ae44a1d54e0216abc95deead1983d35c8fca67dbe987f304
SSDEEP

24576:iM3SlUxz8F2xvXI+h9WxLUWeSKGEk1sMW9LTV7o+0+n/GvmWInE0WTM9AudAUYvt:tmP2xg+7oAsEk1sMyLT2+/Wmo0Wfb

Score

8^/10

upx

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

flow	pid	Process
5	4644	msiexec.exe
14	4644	msiexec.exe
16	4644	msiexec.exe
18	4644	msiexec.exe
53	4232	msiexec.exe
55	4232	msiexec.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	MinecraftLauncher.exe

Executes dropped EXE 12 IoCs

pid	Process
5032	MinecraftLauncher.exe
2136	NativeUpdater.exe
4188	MinecraftLauncher.exe
3624	NativeUpdater.exe
1624	MinecraftLauncher.exe
2604	MinecraftLauncher.exe
768	MinecraftLauncher.exe
3032	MinecraftLauncher.exe
4520	MinecraftLauncher.exe
4316	MinecraftLauncher.exe
3488	MinecraftLauncher.exe
4548	MinecraftLauncher.exe

Loads dropped DLL 31 IoCs

pid	Process
3988	MsiExec.exe
4888	MsiExec.exe
4888	MsiExec.exe
4224	MsiExec.exe
3988	MsiExec.exe
1624	MinecraftLauncher.exe
1624	MinecraftLauncher.exe
1624	MinecraftLauncher.exe
2604	MinecraftLauncher.exe
2604	MinecraftLauncher.exe
2604	MinecraftLauncher.exe
2604	MinecraftLauncher.exe
2604	MinecraftLauncher.exe
768	MinecraftLauncher.exe
768	MinecraftLauncher.exe
768	MinecraftLauncher.exe
4520	MinecraftLauncher.exe
4520	MinecraftLauncher.exe
4520	MinecraftLauncher.exe
3032	MinecraftLauncher.exe
3032	MinecraftLauncher.exe
3032	MinecraftLauncher.exe
4316	MinecraftLauncher.exe
4316	MinecraftLauncher.exe
4316	MinecraftLauncher.exe
3488	MinecraftLauncher.exe
3488	MinecraftLauncher.exe
3488	MinecraftLauncher.exe
4548	MinecraftLauncher.exe
4548	MinecraftLauncher.exe
4548	MinecraftLauncher.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000022e5f-144.dat	upx
behavioral2/files/0x0007000000022e5f-150.dat	upx
behavioral2/memory/5032-151-0x0000000000200000-0x0000000000526000-memory.dmp	upx
behavioral2/memory/5032-154-0x0000000000200000-0x0000000000526000-memory.dmp	upx

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Minecraft\nativelog.txt	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\ja.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\lt.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\swiftshader\libEGL.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\sr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\zh-CN.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe	msiexec.exe
File created	C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\da.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\et.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\fa.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\id.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\swiftshader\libGLESv2.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\v8_context_snapshot.bin.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\fil.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\gu.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\pt-PT.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\sv.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\te.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\tr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\ml.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\sl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\snapshot_blob.bin.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\cef_extensions.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\ar.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\ca.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\fi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\kn.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\tools\NativeUpdater.exe	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\JavaCheck.jar.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\de.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\ms.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\pt-BR.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\th.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\cef_100_percent.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\bn.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\hr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\hu.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\uk.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\zh-TW.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\libGLESv2.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\en-GB.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\fr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\hi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\icudtl.dat	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\am.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\d3dcompiler_47.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\libEGL.dll	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\nl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\cef.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\he.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\ko.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\mr.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\pl.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\vi.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\cef_200_percent.pak.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\bg.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\ru.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\sw.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\tmpLauncher.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\launcher.dll.tmp	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\cs.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\en-US.pak	MinecraftLauncher.exe
File created	C:\Program Files (x86)\Minecraft\game\locales\es-419.pak	MinecraftLauncher.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI7E2B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7E5B.tmp	msiexec.exe
File created	C:\Windows\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7E7B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico	msiexec.exe
File created	C:\Windows\Installer\e5772af.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7D5E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7F85.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5772af.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7D7E.tmp	msiexec.exe
File created	C:\Windows\Installer\e5772b3.msi	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000b9e60d2ecf4958f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000b9e60d20000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809000b9e60d2000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000b9e60d200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000b9e60d200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20	msiexec.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\SourceList\PackageName = "MinecraftInstaller.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\PackageCode = "11DD2E2DBFC479F469BE0CF06C9B9C50"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\ProductIcon = "C:\\Windows\\Installer\\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\\minecraft.ico"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\ProductName = "Minecraft"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\Version = "16777219"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5F77101306DD19B4FB2B5B9726B7169C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5F77101306DD19B4FB2B5B9726B7169C\3ACB61C11CBE6F946832F8FB9BCC8C27	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3ACB61C11CBE6F946832F8FB9BCC8C27	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3ACB61C11CBE6F946832F8FB9BCC8C27\ProductFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2386679933-1492765628-3466841596-1000\{4BE58F11-B908-4C77-9010-24B00B2F153B}	MinecraftLauncher.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4232	msiexec.exe
4232	msiexec.exe
2604	MinecraftLauncher.exe
2604	MinecraftLauncher.exe
768	MinecraftLauncher.exe
768	MinecraftLauncher.exe
4520	MinecraftLauncher.exe
4520	MinecraftLauncher.exe
3032	MinecraftLauncher.exe
3032	MinecraftLauncher.exe
4316	MinecraftLauncher.exe
4316	MinecraftLauncher.exe
3488	MinecraftLauncher.exe
3488	MinecraftLauncher.exe
4548	MinecraftLauncher.exe
4548	MinecraftLauncher.exe
4548	MinecraftLauncher.exe
4548	MinecraftLauncher.exe
3128	chrome.exe
3128	chrome.exe
3208	chrome.exe
3208	chrome.exe
4368	chrome.exe
4368	chrome.exe
4424	chrome.exe
4424	chrome.exe
748	chrome.exe
748	chrome.exe
2592	chrome.exe
2592	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4644	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4644	msiexec.exe
Token: SeSecurityPrivilege	4232	msiexec.exe
Token: SeCreateTokenPrivilege	4644	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4644	msiexec.exe
Token: SeLockMemoryPrivilege	4644	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4644	msiexec.exe
Token: SeMachineAccountPrivilege	4644	msiexec.exe
Token: SeTcbPrivilege	4644	msiexec.exe
Token: SeSecurityPrivilege	4644	msiexec.exe
Token: SeTakeOwnershipPrivilege	4644	msiexec.exe
Token: SeLoadDriverPrivilege	4644	msiexec.exe
Token: SeSystemProfilePrivilege	4644	msiexec.exe
Token: SeSystemtimePrivilege	4644	msiexec.exe
Token: SeProfSingleProcessPrivilege	4644	msiexec.exe
Token: SeIncBasePriorityPrivilege	4644	msiexec.exe
Token: SeCreatePagefilePrivilege	4644	msiexec.exe
Token: SeCreatePermanentPrivilege	4644	msiexec.exe
Token: SeBackupPrivilege	4644	msiexec.exe
Token: SeRestorePrivilege	4644	msiexec.exe
Token: SeShutdownPrivilege	4644	msiexec.exe
Token: SeDebugPrivilege	4644	msiexec.exe
Token: SeAuditPrivilege	4644	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4644	msiexec.exe
Token: SeChangeNotifyPrivilege	4644	msiexec.exe
Token: SeRemoteShutdownPrivilege	4644	msiexec.exe
Token: SeUndockPrivilege	4644	msiexec.exe
Token: SeSyncAgentPrivilege	4644	msiexec.exe
Token: SeEnableDelegationPrivilege	4644	msiexec.exe
Token: SeManageVolumePrivilege	4644	msiexec.exe
Token: SeImpersonatePrivilege	4644	msiexec.exe
Token: SeCreateGlobalPrivilege	4644	msiexec.exe
Token: SeCreateTokenPrivilege	4644	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4644	msiexec.exe
Token: SeLockMemoryPrivilege	4644	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4644	msiexec.exe
Token: SeMachineAccountPrivilege	4644	msiexec.exe
Token: SeTcbPrivilege	4644	msiexec.exe
Token: SeSecurityPrivilege	4644	msiexec.exe
Token: SeTakeOwnershipPrivilege	4644	msiexec.exe
Token: SeLoadDriverPrivilege	4644	msiexec.exe
Token: SeSystemProfilePrivilege	4644	msiexec.exe
Token: SeSystemtimePrivilege	4644	msiexec.exe
Token: SeProfSingleProcessPrivilege	4644	msiexec.exe
Token: SeIncBasePriorityPrivilege	4644	msiexec.exe
Token: SeCreatePagefilePrivilege	4644	msiexec.exe
Token: SeCreatePermanentPrivilege	4644	msiexec.exe
Token: SeBackupPrivilege	4644	msiexec.exe
Token: SeRestorePrivilege	4644	msiexec.exe
Token: SeShutdownPrivilege	4644	msiexec.exe
Token: SeDebugPrivilege	4644	msiexec.exe
Token: SeAuditPrivilege	4644	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4644	msiexec.exe
Token: SeChangeNotifyPrivilege	4644	msiexec.exe
Token: SeRemoteShutdownPrivilege	4644	msiexec.exe
Token: SeUndockPrivilege	4644	msiexec.exe
Token: SeSyncAgentPrivilege	4644	msiexec.exe
Token: SeEnableDelegationPrivilege	4644	msiexec.exe
Token: SeManageVolumePrivilege	4644	msiexec.exe
Token: SeImpersonatePrivilege	4644	msiexec.exe
Token: SeCreateGlobalPrivilege	4644	msiexec.exe
Token: SeCreateTokenPrivilege	4644	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4644	msiexec.exe
Token: SeLockMemoryPrivilege	4644	msiexec.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4644	msiexec.exe
4644	msiexec.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 3988	4232	msiexec.exe	85
PID 4232 wrote to memory of 3988	4232	msiexec.exe	85
PID 4232 wrote to memory of 3988	4232	msiexec.exe	85
PID 4232 wrote to memory of 904	4232	msiexec.exe	97
PID 4232 wrote to memory of 904	4232	msiexec.exe	97
PID 4232 wrote to memory of 4888	4232	msiexec.exe	99
PID 4232 wrote to memory of 4888	4232	msiexec.exe	99
PID 4232 wrote to memory of 4888	4232	msiexec.exe	99
PID 4232 wrote to memory of 4224	4232	msiexec.exe	100
PID 4232 wrote to memory of 4224	4232	msiexec.exe	100
PID 4232 wrote to memory of 4224	4232	msiexec.exe	100
PID 3988 wrote to memory of 5032	3988	MsiExec.exe	102
PID 3988 wrote to memory of 5032	3988	MsiExec.exe	102
PID 3988 wrote to memory of 5032	3988	MsiExec.exe	102
PID 5032 wrote to memory of 2136	5032	MinecraftLauncher.exe	103
PID 5032 wrote to memory of 2136	5032	MinecraftLauncher.exe	103
PID 5032 wrote to memory of 2136	5032	MinecraftLauncher.exe	103
PID 2136 wrote to memory of 4188	2136	NativeUpdater.exe	105
PID 2136 wrote to memory of 4188	2136	NativeUpdater.exe	105
PID 2136 wrote to memory of 4188	2136	NativeUpdater.exe	105
PID 4188 wrote to memory of 3624	4188	MinecraftLauncher.exe	106
PID 4188 wrote to memory of 3624	4188	MinecraftLauncher.exe	106
PID 4188 wrote to memory of 3624	4188	MinecraftLauncher.exe	106
PID 3624 wrote to memory of 1624	3624	NativeUpdater.exe	108
PID 3624 wrote to memory of 1624	3624	NativeUpdater.exe	108
PID 3624 wrote to memory of 1624	3624	NativeUpdater.exe	108
PID 1624 wrote to memory of 2604	1624	MinecraftLauncher.exe	111
PID 1624 wrote to memory of 2604	1624	MinecraftLauncher.exe	111
PID 1624 wrote to memory of 2604	1624	MinecraftLauncher.exe	111
PID 1624 wrote to memory of 768	1624	MinecraftLauncher.exe	113
PID 1624 wrote to memory of 768	1624	MinecraftLauncher.exe	113
PID 1624 wrote to memory of 768	1624	MinecraftLauncher.exe	113
PID 1624 wrote to memory of 3032	1624	MinecraftLauncher.exe	114
PID 1624 wrote to memory of 3032	1624	MinecraftLauncher.exe	114
PID 1624 wrote to memory of 3032	1624	MinecraftLauncher.exe	114
PID 1624 wrote to memory of 4520	1624	MinecraftLauncher.exe	115
PID 1624 wrote to memory of 4520	1624	MinecraftLauncher.exe	115
PID 1624 wrote to memory of 4520	1624	MinecraftLauncher.exe	115
PID 1624 wrote to memory of 4316	1624	MinecraftLauncher.exe	116
PID 1624 wrote to memory of 4316	1624	MinecraftLauncher.exe	116
PID 1624 wrote to memory of 4316	1624	MinecraftLauncher.exe	116
PID 1624 wrote to memory of 3488	1624	MinecraftLauncher.exe	117
PID 1624 wrote to memory of 3488	1624	MinecraftLauncher.exe	117
PID 1624 wrote to memory of 3488	1624	MinecraftLauncher.exe	117
PID 1624 wrote to memory of 4548	1624	MinecraftLauncher.exe	119
PID 1624 wrote to memory of 4548	1624	MinecraftLauncher.exe	119
PID 1624 wrote to memory of 4548	1624	MinecraftLauncher.exe	119
PID 3208 wrote to memory of 1928	3208	chrome.exe	121
PID 3208 wrote to memory of 1928	3208	chrome.exe	121
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122
PID 3208 wrote to memory of 4476	3208	chrome.exe	122

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4644

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B888F9AAF0AB5F2447E30EF65DE66F02 C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3988
- - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
    "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:5032
  - - C:\Program Files (x86)\Minecraft\tools\NativeUpdater.exe
      "tools\NativeUpdater.exe" "MinecraftLauncher.exe" "tmpLauncher.tmp"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2136
    - - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        MinecraftLauncher.exe
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:4188
      - C:\Program Files (x86)\Minecraft\tools\NativeUpdater.exe
        
        tools\NativeUpdater.exe MinecraftLauncher.exe MinecraftLauncher.exe.tmp --nativeLauncherVersion 659 --nativeLauncherVersion 659
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3624
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        MinecraftLauncher.exe --nativeLauncherVersion 659 --nativeLauncherVersion 659
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=2196,16138132651829722197,13459325435067563399,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2200 /prefetch:2
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2604
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16138132651829722197,13459325435067563399,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2680 /prefetch:8
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:768
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2196,16138132651829722197,13459325435067563399,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3032
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2196,16138132651829722197,13459325435067563399,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4520
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2196,16138132651829722197,13459325435067563399,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4316
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2196,16138132651829722197,13459325435067563399,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3488
        
        C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
        
        "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe" --type=gpu-process --field-trial-handle=2196,16138132651829722197,13459325435067563399,131072 --enable-features=CastMediaRouteProvider --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=MAAAAAAAAADoACAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=3236 /prefetch:2
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:4548
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:904
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 06723F24210F6E97C263464D5A8E52CA
  2⤵
  - Loads dropped DLL
  PID:4888
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding AB216A92726199D6F1E2B46F106A0CD0 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:4224

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3644

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}
1⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff85ffe4f50,0x7ff85ffe4f60,0x7ff85ffe4f70
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,8210725481302213844,2577464292821412498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
2.2MB

MD5
2e4a57736ccdf6cad214e2d1dc0d4dc2

SHA1
71b9304d2f927b24be7ec4a47f626c64d3da187c

SHA256
161113bdbde0f5c27b238805bba97d1eeabfba25dcadf3b0bda5035022303c18

SHA512
535f37029ac89e5d4dd078eea917c153a058abf5ef854ef74351356244431484a6e7da9fc8b1a1a19fc2584c8b2e534ec466f098bf3d8b50cfb718c1dd960085

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
1.2MB

MD5
9cf260dc7e123428c10e43053e52446f

SHA1
175f2b59d63d17f580f664c195ca8bb82666d0eb

SHA256
40d5474244a702ed702cf0d594aca8295ee0c70046e786cead4d15b2f5dd03cd

SHA512
c6950bd62f81b8e0b1be396f31bbe8f6cfc0013c81b4c3d2269b1dfa8c3af1d7151c0bf12ba5e776be544885fd568f1d7e2aa92572da1440876c5ff1410f412c

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe

Filesize
1.2MB

MD5
9cf260dc7e123428c10e43053e52446f

SHA1
175f2b59d63d17f580f664c195ca8bb82666d0eb

SHA256
40d5474244a702ed702cf0d594aca8295ee0c70046e786cead4d15b2f5dd03cd

SHA512
c6950bd62f81b8e0b1be396f31bbe8f6cfc0013c81b4c3d2269b1dfa8c3af1d7151c0bf12ba5e776be544885fd568f1d7e2aa92572da1440876c5ff1410f412c

Download Submit
C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe.tmp

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft\game\cef.pak

Filesize
1.9MB

MD5
fa6c54291dcc13acc9dbec30923fe503

SHA1
8f157cc1ab1c18bf47305543b149604797cd6587

SHA256
455dd904ba68305f45682ae9c776a87cb2cb67bbe2d20e13cf97a812b68cf5f4

SHA512
135773297e6481f66d53a6a6bb887e0e0ba17ded9f76e2cef2db48a095a4c301eda84feb46f2a44425f4d34accd72765ee324d30a0692aa0c6d2c513166d51de

Download Submit
C:\Program Files (x86)\Minecraft\game\cef_100_percent.pak

Filesize
261KB

MD5
4cec40309dc9e4bf0f0cc915aeb6c9ac

SHA1
2da1b18943265f473f6b87b63132dbb2398ff487

SHA256
6267cb52b0ca5593cf402139e736eb4f1d6bc3f2eab4c6deb99934711050ef4f

SHA512
e684d4d735762e87c8556c164379f97f59b8b4077e2f4c49ae43610ca2a3994ad45839cf6edef4e741a4f1fb345413e4246fb5901dd52bd98c9a2f60866817c7

Download Submit
C:\Program Files (x86)\Minecraft\game\cef_200_percent.pak

Filesize
412KB

MD5
50a6d9ab74ebfaeda5baa28997149977

SHA1
1ad557cecf3d54a5fbe471ceab189d344fef347c

SHA256
c8f7697bdb4aa19722b975dd2126baf8c2edb5c0a58e2d64a6fefa4cbb8335ec

SHA512
31647191b432f82ff24a41a16abb77512bed2f3105791079d795304452e2bff89f618202023fd133cdc79f80d02647093edebca9e43c19cbd4d2bed4c8d35180

Download Submit
C:\Program Files (x86)\Minecraft\game\cef_extensions.pak

Filesize
1.2MB

MD5
c294094045246da46492204f2920d74f

SHA1
229367ac0be0a2da9d6338cba6f45c07f790140c

SHA256
8e8882c3d420231e1ddd1329e259cd8dc38fe392727aa74cfa4df57125d4cfb3

SHA512
03543e3c436a8b42b3f5bb942de468b4898172720ddef5597535b81347581ae0c89bf91e6bef3b91c796ca5bd393a865b2fa53ba70b2fda6578c640b14ab92cd

Download Submit
C:\Program Files (x86)\Minecraft\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Program Files (x86)\Minecraft\game\icudtl.dat

Filesize
10.0MB

MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Program Files (x86)\Minecraft\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Program Files (x86)\Minecraft\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Program Files (x86)\Minecraft\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Program Files (x86)\Minecraft\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Program Files (x86)\Minecraft\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Program Files (x86)\Minecraft\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Program Files (x86)\Minecraft\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Program Files (x86)\Minecraft\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Program Files (x86)\Minecraft\game\locales\en-US.pak

Filesize
225KB

MD5
16a6914c9637812257e28b2cc4e6d809

SHA1
82212a642c90b51b8f67e517ee8782da841b658f

SHA256
8fe734f556d97e7c07d02e839a16565f7db88ca7091ca3903a9b153a68aaaf72

SHA512
6efbab68c8b036fd73951295a5f65718003deea46db838f6f263133452e09be45ce006246850facbb1922766f42c2ce1796722cecfcc8495921a7bcd9402a446

Download Submit
C:\Program Files (x86)\Minecraft\game\swiftshader\libEGL.dll

Filesize
334KB

MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Program Files (x86)\Minecraft\game\swiftshader\libGLESv2.dll

Filesize
2.3MB

MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Program Files (x86)\Minecraft\game\swiftshader\libegl.dll

Filesize
334KB

MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Program Files (x86)\Minecraft\game\swiftshader\libglesv2.dll

Filesize
2.3MB

MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Program Files (x86)\Minecraft\game\v8_context_snapshot.bin

Filesize
167KB

MD5
cdeec3342ce88d4de5426032a6bf6a53

SHA1
b36ec3c3b20a7a06ff282d696f12b51904b073a4

SHA256
ca88a3c7034da1de52d35823fba0fe80ba5376ab70cdc1841e6aaf25c1f5dd6e

SHA512
54874cd76589124b750fdae90be75e1acf374566d56352c15dbbee98c095aad0e56db142952a808b08e4817bf5f8e176ffdc4ff79110d8661ee4f7ede16b2ea9

Download Submit
C:\Program Files (x86)\Minecraft\tmpLauncher.tmp

Filesize
2.2MB

MD5
2e4a57736ccdf6cad214e2d1dc0d4dc2

SHA1
71b9304d2f927b24be7ec4a47f626c64d3da187c

SHA256
161113bdbde0f5c27b238805bba97d1eeabfba25dcadf3b0bda5035022303c18

SHA512
535f37029ac89e5d4dd078eea917c153a058abf5ef854ef74351356244431484a6e7da9fc8b1a1a19fc2584c8b2e534ec466f098bf3d8b50cfb718c1dd960085

Download Submit
C:\Program Files (x86)\Minecraft\tools\NativeUpdater.exe

Filesize
99KB

MD5
920ca9d8423f449bb6b5c91b74654053

SHA1
dab17ca23dbd60b681efb9d281c3731c9486b917

SHA256
f095bae92efc0fe907915193471feaac9f2f79744360cc4a26855dd8cfbc3674

SHA512
df1860d801603528096a28ec4aef1e16ca90cd4f34a9290c7600306b4cbdbd6e281af3ef89e03e53d9d73239313ff2d420e3bc20f5fafa59860a897b4c7bd3cc

Download Submit
C:\Program Files (x86)\Minecraft\tools\NativeUpdater.exe

Filesize
99KB

MD5
920ca9d8423f449bb6b5c91b74654053

SHA1
dab17ca23dbd60b681efb9d281c3731c9486b917

SHA256
f095bae92efc0fe907915193471feaac9f2f79744360cc4a26855dd8cfbc3674

SHA512
df1860d801603528096a28ec4aef1e16ca90cd4f34a9290c7600306b4cbdbd6e281af3ef89e03e53d9d73239313ff2d420e3bc20f5fafa59860a897b4c7bd3cc

Download Submit
C:\Program Files (x86)\Minecraft\tools\NativeUpdater.exe

Filesize
497KB

MD5
32ebe0f563f50819a18c0f90869ddecb

SHA1
f2087cf7eb6424697b9db14ce6c45dd8e84e5d63

SHA256
aded922740ff305d08c9351753dee10b354a322f18289f77f5f7b71eb1326000

SHA512
8b098e438f4b672cf15c23f0add00e55f3487181c2aae47c6be9017f616a81d0a65cf96f748d1719246b2e29507bb40fa25700c234101a9f4d785afb1cb92261

Download Submit
C:\Program Files (x86)\Minecraft\tools\NativeUpdater.exe

Filesize
497KB

MD5
32ebe0f563f50819a18c0f90869ddecb

SHA1
f2087cf7eb6424697b9db14ce6c45dd8e84e5d63

SHA256
aded922740ff305d08c9351753dee10b354a322f18289f77f5f7b71eb1326000

SHA512
8b098e438f4b672cf15c23f0add00e55f3487181c2aae47c6be9017f616a81d0a65cf96f748d1719246b2e29507bb40fa25700c234101a9f4d785afb1cb92261

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIACBC.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIACBC.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE36F.tmp

Filesize
87KB

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE36F.tmp

Filesize
87KB

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt

Filesize
173B

MD5
958d40fe0cf1159853cd80c00bf3faf3

SHA1
ccee3d8951a8006e1665c594adb1d912e5d4e6a2

SHA256
a32ddb9df6b91b6b9853f5bfe89f7320fd86eeaf3e13185032cf60e630ba2561

SHA512
2044b4996e7ccb464b6c85974d1a4e17939524ea2d4fa8a3af793cb1b9257277ab425be21f209ab82287afda35015e48764080f62a8ccb64c5c966d1b59162e9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt

Filesize
415B

MD5
312de7a91a7e8996c6443e03fb61b41a

SHA1
0770f91e1f8a4bf90976db4a15a40caacf837f11

SHA256
5f3a22db40a372f5754d902b362b691669ca195a962906a9a04b8e4542eb547d

SHA512
96cd59c7b5aa69c738b47445c3fce83cad1cd92edff1cbcab2e29174517d3a0f945539b6edd41d3d3d82ae7f2681a245c36a2a43f4f765fdfe0063aa4793f1c4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

Filesize
221B

MD5
f0041ffed4a79cd41b38bfcf82429bee

SHA1
aa1eda9eb54e052630ff7847bb8ede30057fd6df

SHA256
eaa59ccbcd2300e76055e0ea2dbde161cf95d688bfb3813d001b69b738244f4f

SHA512
54f604197e8f91c244b5a232f0a38ba9b21e7e7c2c49f757ef923348b258e2df3efd787634fb9090b32c0b59413f513383466d26ab4155f0b562ed2aed3a5005

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

Filesize
128B

MD5
270ade77b4358d215f30e625a2b172f6

SHA1
c407dcca0525ba0bb9d9c5d63ac78f7aa03ae03a

SHA256
7afa6b9dacfb8d546c8f9c386601999232fa9aa6bcc9879503ab2433e053c3c5

SHA512
af56d5ec7d603284db4fe340f5f5fc00c48b0e3d065660cb3d40088e6c4c35675cb7eaa6504803a11120d49e40d7aeb0f5321aacef79e5b074369722056bcd62

Download Submit
C:\Windows\Installer\MSI7D7E.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI7D7E.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI7E7B.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI7E7B.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI7F85.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSI7F85.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
92adf086d67c940f6be5c0a5f046b4d6

SHA1
1968775b88ddcbc9c4502b26e87995c975c1294d

SHA256
3dfedd1d1279fe2f2a74e6f43a2ee2e1377073e7afe16a0c0e2deec3e86bf7a7

SHA512
56da7eab564368d27a04abbf8e0e0bdb4590c65ee7dea7937abc726db1524475c4c28ea7ca59b5d648db3b51f4a8ee46d9769974173d3f8b72969bd02e99293f

Download Submit
\??\Volume{d2609e0b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{61d36fff-896a-46d4-af8f-17c3578d6c78}_OnDiskSnapshotProp

Filesize
5KB

MD5
2ee9e133b4e06a21cd9bada73e5ec68c

SHA1
0b43951bdb66bbb7a5546c2fb957ea60aa3f3bc0

SHA256
ed7ff1cfe3957797194badfe904ea46c238f35d4a9b595ea38ea30e9d63c09e3

SHA512
8b7a6a6dbffdd50dad9be155e250a3ae3bae8e2a3bfcde7e0d5ec7bc510372f79ac7aefc9975d65bff1912ad7a6e39982968811800fc4893eda5d0df925c068e

Download Submit
memory/5032-154-0x0000000000200000-0x0000000000526000-memory.dmp

Filesize
3.1MB

Download
memory/5032-151-0x0000000000200000-0x0000000000526000-memory.dmp

Filesize
3.1MB

Download