lumma | 161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2

Resubmissions

01-04-2023 22:09

230401-1247vaed9x 10

01-04-2023 22:05

230401-1zjs5aed7x 10

01-04-2023 22:01

230401-1xfcxsed6t 10

Analysis

max time kernel
96s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft.exe
Size

3.3MB
MD5

0501b8eb39f00dcaa3c89ccec2fbde17
SHA1

cb7b82a5d02a2b5ea9c16b5083015c832b556405
SHA256

161ba4c1b21cd20b15573f0ccfc4a5cbab8dedd94c722cd60afb8551d8d91dc2
SHA512

4ab6a3fd31c7551578f07ada264bb93a22eb16f75fdbcfaecf4c0861535a2f631082da5f6003ff9f57fda231e783cbf200caa6a6d6bdefbe08d64f33c67855b3
SSDEEP

49152:FyFWKUkiGqdO+huQ0Mm5aIHdkQ3qBge6jXdTv8JGo2WEWxm5PMdFH0U7T0f6mfb+:FmUkifdnI3eo8Uo2WElEk+

Score

10^/10

lumma stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Minecraft.exeMinecraft.exeMinecraft.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Minecraft.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Minecraft.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Minecraft.exe

Executes dropped EXE 6 IoCs

Processes:

NativeUpdater.exeMinecraft.exeMinecraft.exeMinecraft.exeMinecraft.exeMinecraft.exe

pid process

4952 NativeUpdater.exe
1460 Minecraft.exe
3636 Minecraft.exe
980 Minecraft.exe
456 Minecraft.exe
4576 Minecraft.exe

pid	process
4952	NativeUpdater.exe
1460	Minecraft.exe
3636	Minecraft.exe
980	Minecraft.exe
456	Minecraft.exe
4576	Minecraft.exe

Loads dropped DLL 17 IoCs

Processes:

Minecraft.exeMinecraft.exeMinecraft.exeMinecraft.exeMinecraft.exe

pid	process
1460	Minecraft.exe
1460	Minecraft.exe
1460	Minecraft.exe
3636	Minecraft.exe
3636	Minecraft.exe
3636	Minecraft.exe
3636	Minecraft.exe
3636	Minecraft.exe
980	Minecraft.exe
980	Minecraft.exe
980	Minecraft.exe
4576	Minecraft.exe
4576	Minecraft.exe
4576	Minecraft.exe
456	Minecraft.exe
456	Minecraft.exe
456	Minecraft.exe

Modifies registry class 1 IoCs

Processes:

Minecraft.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{044362F1-96DF-47CF-A1B5-A6FA09610748}	Minecraft.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

Minecraft.exeMinecraft.exeMinecraft.exeMinecraft.exe

pid process

3636 Minecraft.exe
3636 Minecraft.exe
980 Minecraft.exe
980 Minecraft.exe
4576 Minecraft.exe
4576 Minecraft.exe
456 Minecraft.exe
456 Minecraft.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

NativeUpdater.exe

pid process

4952 NativeUpdater.exe

pid	process
3636	Minecraft.exe
3636	Minecraft.exe
980	Minecraft.exe
980	Minecraft.exe
4576	Minecraft.exe
4576	Minecraft.exe
456	Minecraft.exe
456	Minecraft.exe

pid	process
4952	NativeUpdater.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

Minecraft.exeNativeUpdater.exeMinecraft.exe

description	pid	process	target process
PID 2348 wrote to memory of 4952	2348	Minecraft.exe	NativeUpdater.exe
PID 2348 wrote to memory of 4952	2348	Minecraft.exe	NativeUpdater.exe
PID 2348 wrote to memory of 4952	2348	Minecraft.exe	NativeUpdater.exe
PID 4952 wrote to memory of 1460	4952	NativeUpdater.exe	Minecraft.exe
PID 4952 wrote to memory of 1460	4952	NativeUpdater.exe	Minecraft.exe
PID 4952 wrote to memory of 1460	4952	NativeUpdater.exe	Minecraft.exe
PID 1460 wrote to memory of 3636	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 3636	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 3636	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 980	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 980	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 980	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 456	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 456	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 456	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 4576	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 4576	1460	Minecraft.exe	Minecraft.exe
PID 1460 wrote to memory of 4576	1460	Minecraft.exe	Minecraft.exe

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348

C:\Users\Admin\AppData\Local\Temp\tools\NativeUpdater.exe
tools\NativeUpdater.exe Minecraft.exe Minecraft.exe.tmp --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
2⤵
- Executes dropped EXE
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4952

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
Minecraft.exe --nativeLauncherVersion 1000 --nativeLauncherVersion 1000
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1460

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe" --type=gpu-process --field-trial-handle=2112,4804294240496324668,4440079406553663816,131072 --enable-features=CastMediaRouteProvider --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2116 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3636

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4804294240496324668,4440079406553663816,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --lang=en-US --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2576 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:980

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2112,4804294240496324668,4440079406553663816,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:456

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2112,4804294240496324668,4440079406553663816,131072 --enable-features=CastMediaRouteProvider --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4576

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2112,4804294240496324668,4440079406553663816,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
4⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --field-trial-handle=2112,4804294240496324668,4440079406553663816,131072 --enable-features=CastMediaRouteProvider --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --log-severity=info --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
4⤵
PID:3968

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}
1⤵
PID:4176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Minecraft.exe.tmp

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\cef.pak

Filesize
1.9MB

MD5
fa6c54291dcc13acc9dbec30923fe503

SHA1
8f157cc1ab1c18bf47305543b149604797cd6587

SHA256
455dd904ba68305f45682ae9c776a87cb2cb67bbe2d20e13cf97a812b68cf5f4

SHA512
135773297e6481f66d53a6a6bb887e0e0ba17ded9f76e2cef2db48a095a4c301eda84feb46f2a44425f4d34accd72765ee324d30a0692aa0c6d2c513166d51de

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\cef_100_percent.pak

Filesize
261KB

MD5
4cec40309dc9e4bf0f0cc915aeb6c9ac

SHA1
2da1b18943265f473f6b87b63132dbb2398ff487

SHA256
6267cb52b0ca5593cf402139e736eb4f1d6bc3f2eab4c6deb99934711050ef4f

SHA512
e684d4d735762e87c8556c164379f97f59b8b4077e2f4c49ae43610ca2a3994ad45839cf6edef4e741a4f1fb345413e4246fb5901dd52bd98c9a2f60866817c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\cef_200_percent.pak

Filesize
412KB

MD5
50a6d9ab74ebfaeda5baa28997149977

SHA1
1ad557cecf3d54a5fbe471ceab189d344fef347c

SHA256
c8f7697bdb4aa19722b975dd2126baf8c2edb5c0a58e2d64a6fefa4cbb8335ec

SHA512
31647191b432f82ff24a41a16abb77512bed2f3105791079d795304452e2bff89f618202023fd133cdc79f80d02647093edebca9e43c19cbd4d2bed4c8d35180

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\cef_extensions.pak

Filesize
1.2MB

MD5
c294094045246da46492204f2920d74f

SHA1
229367ac0be0a2da9d6338cba6f45c07f790140c

SHA256
8e8882c3d420231e1ddd1329e259cd8dc38fe392727aa74cfa4df57125d4cfb3

SHA512
03543e3c436a8b42b3f5bb942de468b4898172720ddef5597535b81347581ae0c89bf91e6bef3b91c796ca5bd393a865b2fa53ba70b2fda6578c640b14ab92cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\chrome_elf.dll

Filesize
810KB

MD5
4c8f4689e087a9843a79d6ec923f00df

SHA1
e6e37e19a04a55944bdfba6f9359bbe0ea8402fc

SHA256
8753acc450280e1c5ef5a09dac46d1fd873f1e66d771affc4b4afbfa3d59e3c4

SHA512
30b205bb4b391b23a7bb15248daa42af3ec34225d169a0d70325ea7e1422d298ea3376962e689311074346dd7aec3579789748e3aaa17b04ab72de6c0a0fc5e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\icudtl.dat

Filesize
10.0MB

MD5
9732e28c054db1e042cd306a7bc9227a

SHA1
6bab2e77925515888808c1ef729c5bb1323100dd

SHA256
27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e

SHA512
3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\launcher.dll

Filesize
59.3MB

MD5
03e38e3ad8d0c8ad8652c524c8a747d8

SHA1
0ed6423e26978b7e4241c2bc6e1477994f1312d9

SHA256
371f989bfd012b243941bfa13cf30661c6014aaa3bf5b9bce59ceef950a7021d

SHA512
265f0d2887f8c56883a8345a983777a1b9955e1713feb4f7374eb4db8182578265517edc859aec792a02d9aeea7162527df139da474f3d21485154bb6a441bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\libcef.dll

Filesize
107.7MB

MD5
ccb97167048a6c3928e0d93c2ee6efb1

SHA1
a3d60c190e97fc3e45d2de6ef0abf31c13393ed1

SHA256
1d0794f5029198084a19e690823ba72255baf52f05f2fa5eb734ec48adacd9a2

SHA512
9b5dbffb00b01f2a50c2fa094b3c67043c81e5b238df98df2b219e39d183a72822e72d7e51486dbd6156846350355bd5402890b6da46ca01e405211367ebeeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\locales\en-US.pak

Filesize
225KB

MD5
16a6914c9637812257e28b2cc4e6d809

SHA1
82212a642c90b51b8f67e517ee8782da841b658f

SHA256
8fe734f556d97e7c07d02e839a16565f7db88ca7091ca3903a9b153a68aaaf72

SHA512
6efbab68c8b036fd73951295a5f65718003deea46db838f6f263133452e09be45ce006246850facbb1922766f42c2ce1796722cecfcc8495921a7bcd9402a446

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\swiftshader\libEGL.dll

Filesize
334KB

MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\swiftshader\libGLESv2.dll

Filesize
2.3MB

MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\swiftshader\libegl.dll

Filesize
334KB

MD5
9f68bdd2b3a78eeddaceb6f6c5cae5de

SHA1
1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d

SHA256
ba6c8b38def6141447032c9a2b46b67a515276c88b30580703db24cf18d3f0d6

SHA512
4804c84b4183f9096d4f83cfc73df673467b45f4bd2613fbccc46739a2e8c2a887b36ca7d6785ab64ca17cb74f6c1fea74ca5587e24d2009030dc0604ce51443

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\swiftshader\libglesv2.dll

Filesize
2.3MB

MD5
cdfe6b31acf7e3f398725bc57158a00b

SHA1
cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e

SHA256
8b73aa808f2373c3ada15349e676f20a9dc644a8a7c21d5699288bee907fee14

SHA512
1ec2a3139bc5e38a3a15ef33d73791dce721fb864626a8767f834e11ff1a74ea70eb7aeb8107fe80b2bb7309df3cb620df7453d26524a0503929219b751249c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\game\v8_context_snapshot.bin

Filesize
167KB

MD5
cdeec3342ce88d4de5426032a6bf6a53

SHA1
b36ec3c3b20a7a06ff282d696f12b51904b073a4

SHA256
ca88a3c7034da1de52d35823fba0fe80ba5376ab70cdc1841e6aaf25c1f5dd6e

SHA512
54874cd76589124b750fdae90be75e1acf374566d56352c15dbbee98c095aad0e56db142952a808b08e4817bf5f8e176ffdc4ff79110d8661ee4f7ede16b2ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tools\NativeUpdater.exe

Filesize
1.1MB

MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tools\NativeUpdater.exe

Filesize
1.1MB

MD5
72e1747a895001b1a300ffcad1edc9a6

SHA1
111e67014919bf1a42859951abdd945e4080e883

SHA256
2bbf4862a5900db35050e1679e08bb91c879c112f3259bfbc483cb26aad09eef

SHA512
31af0b629fe79d6fcbdde4f7928c66f59773ad47971ca9f091f1e00e9e9f9c6ca254732040d2e1b764fcad2f2997c5e8e15247f928e97528b0bf36aca3be5ba1

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt

Filesize
173B

MD5
735ec90708e924ebfbfdc8c37615dfd0

SHA1
8de129b4805839aef056e10b6ebdfcc11f520d59

SHA256
13132412ffcc0e1d3a38320483ef56558be79537cbcbb41431aee1c2e723b9c7

SHA512
3ebcf3b4692acfae638d032d373458319b43001e0650a6c32525ece188b04631cced63489527acf70624de62d284344221451f20d14e043695123cefd7c02ec4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt

Filesize
493B

MD5
306b377b88d52af66c1ce11032e8bc9f

SHA1
eb34e87d022943815c7dc71e532542bcfeb288e4

SHA256
052c914fe170854a9ea3a76b8365b2c6c1abfd9a1266a759f72759af9157c7ca

SHA512
317fb12a371dc166c1f33386dc6fa7cdf81c00e230c79b964a8a64d05c7d2de703d579716c65acf2235b88dd86d7f468030207baa59f39c189955d97aa806f94

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

Filesize
128B

MD5
270ade77b4358d215f30e625a2b172f6

SHA1
c407dcca0525ba0bb9d9c5d63ac78f7aa03ae03a

SHA256
7afa6b9dacfb8d546c8f9c386601999232fa9aa6bcc9879503ab2433e053c3c5

SHA512
af56d5ec7d603284db4fe340f5f5fc00c48b0e3d065660cb3d40088e6c4c35675cb7eaa6504803a11120d49e40d7aeb0f5321aacef79e5b074369722056bcd62

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json.tmp

Filesize
220B

MD5
6cb2c6538014f5a4c83f6a91bcc6693e

SHA1
c8cef678f7f30a07cac9375981950689d926d2c4

SHA256
3fbc7b5ff8e3440a16806c63804767a617e2dbde22606570a7ca66a2ebf8858b

SHA512
ce544512f10fb7435c6a0965a2fc2478b05246a1d174335131e2e3c9888830f31cfa6879ff5bb2901bacb3fee72f83f6012f4f34eec2eb449cd8672ce522f8ec

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network Persistent State

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network Persistent State~RFe588a49.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit