8a058a12d69d1091913694ae51624d84c560aa919efdb0f3daf838c7674bed53

Analysis

max time kernel
86s
max time network
147s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/06/2023, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftInstaller.msi
Size

2.5MB
MD5

12d99a0cf723e0d62bc1aaf0738f858c
SHA1

cee9e6bea0fc63ca043d9aa4d2c6e531e4f2c46d
SHA256

8a058a12d69d1091913694ae51624d84c560aa919efdb0f3daf838c7674bed53
SHA512

8b1a9e128d734e1e8a39bf0fc203a1a7934f59bf431066b0f9c6a042cd18d3cffa750bccf7504ff7b7e2dd449827f2bc408b4b35ba6d4a88d944d5fcfba362c4
SSDEEP

49152:FZSE75avYUNqJQGRixUoUuZKJDXCJUcPBIHH0WCb:jSisQLJQMixUokJjCJPEa

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
2	1052	msiexec.exe
4	1052	msiexec.exe
7	1728	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
896	MinecraftLauncher.exe
1956	MinecraftLauncher.exe

Loads dropped DLL 6 IoCs

pid	Process
1440	MsiExec.exe
1772	MsiExec.exe
1772	MsiExec.exe
1952	MsiExec.exe
1440	MsiExec.exe
1440	MsiExec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe	msiexec.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{37737BD0-9439-44AC-BC27-F19E9A742C96}\minecraft.ico	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\6caf72.msi	msiexec.exe
File created	C:\Windows\Installer\{37737BD0-9439-44AC-BC27-F19E9A742C96}\minecraft.ico	msiexec.exe
File created	C:\Windows\Installer\6caf72.msi	msiexec.exe
File created	C:\Windows\Installer\6caf73.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC206.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC553.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIC1E6.tmp	msiexec.exe
File created	C:\Windows\Installer\6caf75.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC2B2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6caf73.ipi	msiexec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\0DB737739349CA44CB721FE9A947C269	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\SourceList\PackageName = "MinecraftInstaller.msi"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\Version = "33554432"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\ProductName = "Minecraft Launcher"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\ProductIcon = "C:\\Windows\\Installer\\{37737BD0-9439-44AC-BC27-F19E9A742C96}\\minecraft.ico"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB737739349CA44CB721FE9A947C269\Complete	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0DB737739349CA44CB721FE9A947C269	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\PackageCode = "CB880EBF125D34C4BA7EF5806FDB688E"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0DB737739349CA44CB721FE9A947C269\Clients = 3a0000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1728	msiexec.exe
1728	msiexec.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1052	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1052	msiexec.exe
Token: SeRestorePrivilege	1728	msiexec.exe
Token: SeTakeOwnershipPrivilege	1728	msiexec.exe
Token: SeSecurityPrivilege	1728	msiexec.exe
Token: SeCreateTokenPrivilege	1052	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1052	msiexec.exe
Token: SeLockMemoryPrivilege	1052	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1052	msiexec.exe
Token: SeMachineAccountPrivilege	1052	msiexec.exe
Token: SeTcbPrivilege	1052	msiexec.exe
Token: SeSecurityPrivilege	1052	msiexec.exe
Token: SeTakeOwnershipPrivilege	1052	msiexec.exe
Token: SeLoadDriverPrivilege	1052	msiexec.exe
Token: SeSystemProfilePrivilege	1052	msiexec.exe
Token: SeSystemtimePrivilege	1052	msiexec.exe
Token: SeProfSingleProcessPrivilege	1052	msiexec.exe
Token: SeIncBasePriorityPrivilege	1052	msiexec.exe
Token: SeCreatePagefilePrivilege	1052	msiexec.exe
Token: SeCreatePermanentPrivilege	1052	msiexec.exe
Token: SeBackupPrivilege	1052	msiexec.exe
Token: SeRestorePrivilege	1052	msiexec.exe
Token: SeShutdownPrivilege	1052	msiexec.exe
Token: SeDebugPrivilege	1052	msiexec.exe
Token: SeAuditPrivilege	1052	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1052	msiexec.exe
Token: SeChangeNotifyPrivilege	1052	msiexec.exe
Token: SeRemoteShutdownPrivilege	1052	msiexec.exe
Token: SeUndockPrivilege	1052	msiexec.exe
Token: SeSyncAgentPrivilege	1052	msiexec.exe
Token: SeEnableDelegationPrivilege	1052	msiexec.exe
Token: SeManageVolumePrivilege	1052	msiexec.exe
Token: SeImpersonatePrivilege	1052	msiexec.exe
Token: SeCreateGlobalPrivilege	1052	msiexec.exe
Token: SeCreateTokenPrivilege	1052	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1052	msiexec.exe
Token: SeLockMemoryPrivilege	1052	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1052	msiexec.exe
Token: SeMachineAccountPrivilege	1052	msiexec.exe
Token: SeTcbPrivilege	1052	msiexec.exe
Token: SeSecurityPrivilege	1052	msiexec.exe
Token: SeTakeOwnershipPrivilege	1052	msiexec.exe
Token: SeLoadDriverPrivilege	1052	msiexec.exe
Token: SeSystemProfilePrivilege	1052	msiexec.exe
Token: SeSystemtimePrivilege	1052	msiexec.exe
Token: SeProfSingleProcessPrivilege	1052	msiexec.exe
Token: SeIncBasePriorityPrivilege	1052	msiexec.exe
Token: SeCreatePagefilePrivilege	1052	msiexec.exe
Token: SeCreatePermanentPrivilege	1052	msiexec.exe
Token: SeBackupPrivilege	1052	msiexec.exe
Token: SeRestorePrivilege	1052	msiexec.exe
Token: SeShutdownPrivilege	1052	msiexec.exe
Token: SeDebugPrivilege	1052	msiexec.exe
Token: SeAuditPrivilege	1052	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1052	msiexec.exe
Token: SeChangeNotifyPrivilege	1052	msiexec.exe
Token: SeRemoteShutdownPrivilege	1052	msiexec.exe
Token: SeUndockPrivilege	1052	msiexec.exe
Token: SeSyncAgentPrivilege	1052	msiexec.exe
Token: SeEnableDelegationPrivilege	1052	msiexec.exe
Token: SeManageVolumePrivilege	1052	msiexec.exe
Token: SeImpersonatePrivilege	1052	msiexec.exe
Token: SeCreateGlobalPrivilege	1052	msiexec.exe
Token: SeCreateTokenPrivilege	1052	msiexec.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1052	msiexec.exe
1052	msiexec.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1440	1728	msiexec.exe	29
PID 1728 wrote to memory of 1440	1728	msiexec.exe	29
PID 1728 wrote to memory of 1440	1728	msiexec.exe	29
PID 1728 wrote to memory of 1440	1728	msiexec.exe	29
PID 1728 wrote to memory of 1440	1728	msiexec.exe	29
PID 1728 wrote to memory of 1440	1728	msiexec.exe	29
PID 1728 wrote to memory of 1440	1728	msiexec.exe	29
PID 1728 wrote to memory of 1772	1728	msiexec.exe	33
PID 1728 wrote to memory of 1772	1728	msiexec.exe	33
PID 1728 wrote to memory of 1772	1728	msiexec.exe	33
PID 1728 wrote to memory of 1772	1728	msiexec.exe	33
PID 1728 wrote to memory of 1772	1728	msiexec.exe	33
PID 1728 wrote to memory of 1772	1728	msiexec.exe	33
PID 1728 wrote to memory of 1772	1728	msiexec.exe	33
PID 1728 wrote to memory of 1952	1728	msiexec.exe	34
PID 1728 wrote to memory of 1952	1728	msiexec.exe	34
PID 1728 wrote to memory of 1952	1728	msiexec.exe	34
PID 1728 wrote to memory of 1952	1728	msiexec.exe	34
PID 1728 wrote to memory of 1952	1728	msiexec.exe	34
PID 1728 wrote to memory of 1952	1728	msiexec.exe	34
PID 1728 wrote to memory of 1952	1728	msiexec.exe	34
PID 1440 wrote to memory of 896	1440	MsiExec.exe	36
PID 1440 wrote to memory of 896	1440	MsiExec.exe	36
PID 1440 wrote to memory of 896	1440	MsiExec.exe	36
PID 1440 wrote to memory of 896	1440	MsiExec.exe	36
PID 1440 wrote to memory of 896	1440	MsiExec.exe	36
PID 1440 wrote to memory of 896	1440	MsiExec.exe	36
PID 1440 wrote to memory of 896	1440	MsiExec.exe	36
PID 1768 wrote to memory of 1560	1768	chrome.exe	39
PID 1768 wrote to memory of 1560	1768	chrome.exe	39
PID 1768 wrote to memory of 1560	1768	chrome.exe	39
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41
PID 1768 wrote to memory of 572	1768	chrome.exe	41

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1052

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5E29DBA08974CE1C59B24DD45FD0BA96 C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1440
- - C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
    "C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
    3⤵
    - Executes dropped EXE
    PID:896
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DC71157620C4A703348C4700AA4E5243
  2⤵
  - Loads dropped DLL
  PID:1772
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8E81FC2E4D46D0E6C1037B5722DD917D M Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:1952

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1988

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003D4" "00000000000003C4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1544

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"
1⤵
- Executes dropped EXE
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef63b9758,0x7fef63b9768,0x7fef63b9778
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1228 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:2
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2332 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3408 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3576 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3916 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3964 --field-trial-handle=1252,i,7490539122418195229,7624430200328809542,131072 /prefetch:1
  2⤵
  PID:2836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\6caf74.rbs

Filesize
8KB

MD5
b3832299c32935997a3a1848af575f00

SHA1
6b0b8f9810fb3300f87c5c2f7bb6c37f442280e6

SHA256
9608004b782bab46b51775bf249c8c9a3edaa7d4f3798b03517585a5e871edbb

SHA512
8abb92aad2c49d19e49500b8c7c29f2611b72e10d9326f2f568b662ca48870d8357b178a0a7cb2753159925fa1c93236c5014b9f39aaad101f103e887395317d

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

Filesize
1KB

MD5
78f2fcaa601f2fb4ebc937ba532e7549

SHA1
ddfb16cd4931c973a2037d3fc83a4d7d775d05e4

SHA256
552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988

SHA512
bcad73a7a5afb7120549dd54ba1f15c551ae24c7181f008392065d1ed006e6fa4fa5a60538d52461b15a12f5292049e929cffde15cc400dec9cdfca0b36a68dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4ad40342a8500aae9bbc253e43998e2

SHA1
0f56f7023c0c26a910364137c0b26e38c6d2c874

SHA256
aa9cde1551228806916e0571ba658b9bbe60784f3a91f92ae4a294994b28536f

SHA512
4e7781c7672420aa9d0fbcf69c4da57772620383d31662c01658e03f6d92d1c6aebd307986f487c9ea18c0925e1bf7fc33319dfecf3ae52f9781583c992400a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

Filesize
254B

MD5
c3dd2518f16f10460d0c6ab6c9853435

SHA1
b290596a065992dc89c8524822e96e1b535c87c4

SHA256
e737c6bc2a6a3bd44344a44893557f85c17f46ef5380c6c62a5dc2701f1db48e

SHA512
e95973f0cfdfa0ad231ba2537760638a23a863967d3eb7d703e58235c1243588176b5758eaa50fc3be9d2f6357bce4303e3ed148ee373b9c211fd1fe79c5d134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a39715de25423dedb89c0143e9cbeebc

SHA1
ee4d858ded83b992c45e9b6f0d04d40201a59472

SHA256
53306940073872a298ed933f580180f3c4af996860540d9c17cabf84fa341bde

SHA512
ae8ef2faf35f1c5f4bedba3448c2990c1a5058a4a5d1dd3c16e388777ee5fc5b57fe19ca4ccbe0219823c4aefa7abce4610823f9fe58fb8d1c85df39e1f591ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
67968abeb8e735fb9da3c8873becc8b2

SHA1
7563c94979a9b82053e8c2dea40dbb0c6e29aa1e

SHA256
e1e738a5927a574e810acabdc5fc0288cf7909c035c58a424309a9db92f1561c

SHA512
5f069ebed3c9b6ad2f073ded8479f7d652b78a77d034f75e827a9ba7c38557cab1e8a35acc720fe6446172b2b1a3b596c71c17049fff41ca0a02442352cc8552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
795a519366bec1a5ac012c6a0c8d8444

SHA1
6b7ec308cc9ea15d4bf6d1b7c40d3918ab92b5b9

SHA256
135e2928d59a72964d9d4fe4eebe5ce50730c43ff33a56e03803ff960897e6e2

SHA512
11c97a3089ceede52a3e2cdc981296fb001424d427e8d9109131b13bc9cfae8023f210e8185aabfb39b446e3b19143903273137884266f158ebcdf6bfe0c8878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
90d09aae39c3ba55a0313a73e9cf05c5

SHA1
8f0577aaba8860f26e7c6082a0f91a7692e61557

SHA256
021bb395cd0250fce9036debe3fb033e80ba9c3eb28025dfd187ff24cdd1c161

SHA512
25a3f45e0590d8fa98821b6c37bbabc7a168870fd738a091cd55ca1bffc071b83034ca0107e8f87a38386ad4075ea6620512564d59fe3bccdfe86438eddf8d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4D85.tmp

Filesize
87KB

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID06B.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1186.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt

Filesize
1KB

MD5
27b152ca4ff45cc6bdf9ae13349dd60d

SHA1
b1949396b095221542aa0477e2cf579ccf8554b7

SHA256
7821aaa7fb8058a2d0b76b0b7217cfd5157d0f708af337297621288d6f33e182

SHA512
526d0efb5f75101a57c9576e7ba32a88ff814245eab607b427d76f6b34efd70ef733ee76154ff943f7151f334dda3006f362b14ae8e809fcc50f120c9f0699db

Download Submit
C:\Windows\Installer\6caf72.msi

Filesize
2.5MB

MD5
12d99a0cf723e0d62bc1aaf0738f858c

SHA1
cee9e6bea0fc63ca043d9aa4d2c6e531e4f2c46d

SHA256
8a058a12d69d1091913694ae51624d84c560aa919efdb0f3daf838c7674bed53

SHA512
8b1a9e128d734e1e8a39bf0fc203a1a7934f59bf431066b0f9c6a042cd18d3cffa750bccf7504ff7b7e2dd449827f2bc408b4b35ba6d4a88d944d5fcfba362c4

Download Submit
C:\Windows\Installer\MSIC206.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSIC2B2.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSIC553.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
C:\Windows\Installer\MSIC553.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

Filesize
3.2MB

MD5
e8c86a94df2f0a4c5edfa59cfc420329

SHA1
4212cb446a2dce87225ca20ba45e10befb084062

SHA256
60c59edec70f5cd7d1cf880e7a1475de6f73932dc23ae913f9c7dfeaf52489e1

SHA512
273298886ff9466a28caae48e59d701fc1519ba39196ff5abac8c52b0d00e21be00e852ff453ed659fcf2c7cc980c138bf162a4dc8453d84fc542df451880e2e

Download Submit
\Users\Admin\AppData\Local\Temp\MSI4D85.tmp

Filesize
87KB

MD5
48eaf9d4ccf75bc06bbc5d33e78b7fff

SHA1
c710753c265b148f27ff3f358bb0ee980ab46423

SHA256
9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589

SHA512
505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

Download Submit
\Users\Admin\AppData\Local\Temp\MSID06B.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSIC206.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSIC2B2.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit
\Windows\Installer\MSIC553.tmp

Filesize
181KB

MD5
785ee78478d43f00870e91fa96b94646

SHA1
97e3f06230bb97333db9574e56a187c2b5dfce50

SHA256
b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53

SHA512
d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

Download Submit