Malware Analysis Report

2024-10-16 06:41

Sample ID 240617-rw77waybpj
Target MinecraftInstaller.msi
SHA256 d9618862a64da8a5c86f2c9cde65b48ab92ff8bbc14d5f3c7946539a44e2db17
Tags
discovery persistence evasion execution
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

d9618862a64da8a5c86f2c9cde65b48ab92ff8bbc14d5f3c7946539a44e2db17

Threat Level: Shows suspicious behavior

The file MinecraftInstaller.msi was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence evasion execution

Downloads MZ/PE file

Modifies Installed Components in the registry

Drops desktop.ini file(s)

Enumerates connected drives

Blocklisted process makes network request

Checks computer location settings

Drops file in Windows directory

Executes dropped EXE

Checks installed software on the system

Drops file in Program Files directory

Resource Forking

Loads dropped DLL

Launchctl

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 14:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 14:33

Reported

2024-06-17 15:04

Platform

win7-20240611-en

Max time kernel

1561s

Max time network

1562s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Network

Files

C:\Users\Admin\AppData\Local\Temp\Cab13C1.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\Tar13F7.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 14:33

Reported

2024-06-17 15:04

Platform

win10v2004-20240611-en

Max time kernel

1800s

Max time network

1796s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Windows\system32\unregmp2.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,19041,1266" C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\IsInstalled = "0" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath = "%SystemRoot%\\system32\\unregmp2.exe /ShowWMP" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\DontAsk = "2" C:\Windows\system32\unregmp2.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Minecraft Launcher\game\media\images.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\hr.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\nl.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\te.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\tr.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\realms.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\hi.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\sl.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\zh-TW.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\movies.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\dungeonsmusicbeats.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\onevanilla.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ar.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ca.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\de.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\lt.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ml.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\sk.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ta.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\chrome_100_percent.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\d3dcompiler_47.dll.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\kn.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\.version C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\animation.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\icons.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libEGL.dll.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\swiftshader\libGLESv2.dll.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\fil.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\it.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\th.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\uk.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\bn.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\en-GB.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\es-419.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\fi.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\v8_context_snapshot.bin.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\lv.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\common.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\vulkan-1.dll.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\JavaCheck.jar.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\pl.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\legendsmusicbeats.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\pt-BR.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\dungeonscarousel.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\snapshot_blob.bin.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\unregmp2.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\bg.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\fa.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\gu.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\nb.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\upsellcontent.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\da.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\el.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\et.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ko.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\vk_swiftshader_icd.json.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\ro.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\sv.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\sw.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\media\anniversary.zip.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
File created C:\Program Files (x86)\Minecraft Launcher\game\locales\id.pak.tmp C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5934f1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI363A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{6A960B34-5197-49DE-AC60-1177DFE24976}\minecraft.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5934f3.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5934f1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI361A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3800.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3A05.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{6A960B34-5197-49DE-AC60-1177DFE24976} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{6A960B34-5197-49DE-AC60-1177DFE24976}\minecraft.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004dd597242da055490000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004dd597240000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004dd59724000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4dd59724000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004dd5972400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631086230754311" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1BBEC3237AF740F4DA613B3C4353A9A6\43B069A67915ED94CA061177FD2E9467 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\ = "&Play with Windows Media Player" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}" C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\ = "&Add to Windows Media Player list" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{DFCE54B8-2AA3-4347-BAB3-9EED1BEA411F} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command C:\Windows\system32\unregmp2.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\ = "&Play with Windows Media Player" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}\ = "Toggle DMR Authorization Handler" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\ = "&Add to Windows Media Player list" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\PackageCode = "001099CBF912E7A4CB6D8BF85054747B" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\image\shellex\ContextMenuHandlers\PlayTo C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}" C:\Windows\system32\unregmp2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\ = "&Add to Windows Media Player list" C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\43B069A67915ED94CA061177FD2E9467\Complete C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\Version = "33554432" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\43B069A67915ED94CA061177FD2E9467\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\NeverDefault C:\Windows\system32\unregmp2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\NeverDefault C:\Windows\system32\unregmp2.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4400 wrote to memory of 2524 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 2524 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 2524 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 3156 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4400 wrote to memory of 3156 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4400 wrote to memory of 3452 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 3452 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 3452 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 3580 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 3580 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4400 wrote to memory of 3580 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2524 wrote to memory of 3928 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
PID 2524 wrote to memory of 3928 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
PID 2524 wrote to memory of 3928 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
PID 3928 wrote to memory of 4984 N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
PID 3928 wrote to memory of 4984 N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
PID 3928 wrote to memory of 4984 N/A C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe
PID 4984 wrote to memory of 3028 N/A C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
PID 4984 wrote to memory of 3028 N/A C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
PID 4984 wrote to memory of 3028 N/A C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
PID 4744 wrote to memory of 2396 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 4744 wrote to memory of 2396 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 4744 wrote to memory of 2396 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 4744 wrote to memory of 2856 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4744 wrote to memory of 2856 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 4744 wrote to memory of 2856 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 2856 wrote to memory of 4476 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 2856 wrote to memory of 4476 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 2396 wrote to memory of 2076 N/A C:\Program Files (x86)\Windows Media Player\setup_wm.exe C:\Windows\SysWOW64\unregmp2.exe
PID 2396 wrote to memory of 2076 N/A C:\Program Files (x86)\Windows Media Player\setup_wm.exe C:\Windows\SysWOW64\unregmp2.exe
PID 2396 wrote to memory of 2076 N/A C:\Program Files (x86)\Windows Media Player\setup_wm.exe C:\Windows\SysWOW64\unregmp2.exe
PID 2076 wrote to memory of 704 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 2076 wrote to memory of 704 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 2396 wrote to memory of 4280 N/A C:\Program Files (x86)\Windows Media Player\setup_wm.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 2396 wrote to memory of 4280 N/A C:\Program Files (x86)\Windows Media Player\setup_wm.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 2396 wrote to memory of 4280 N/A C:\Program Files (x86)\Windows Media Player\setup_wm.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PID 464 wrote to memory of 4592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 4592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 464 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 609091F6681FCF76024862CC6866A529 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompressApprove.m4v"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3518B544B6C96B969A2F7DE7F39B9B45

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding ECC6B614B31C171499434B355BAD68C9 E Global\MSI0000

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"

C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

tools\NativeUpdater.exe MinecraftLauncher.exe "C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe"

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MinecraftLauncher.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\SysWOW64\unregmp2.exe

C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /Play C:\Users\Admin\Downloads\EnableDisconnect.wax

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa60d0ab58,0x7ffa60d0ab68,0x7ffa60d0ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4560 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4932 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3208 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4ec 0x3cc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2248 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2588 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=2600 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:8

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3688 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3700 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1380 --field-trial-handle=1788,i,3883551158178623330,9288042358527582197,131072 /prefetch:2

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=info --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --launcherui --workdir="C:\Users\Admin\AppData\Roaming\.minecraft" --gpu-preferences=UAAAAAAAAADoACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt" --mojo-platform-channel-handle=3140 --field-trial-handle=2364,i,15760386424478736154,16786991035256890277,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 23.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
BE 88.221.83.224:443 www.bing.com tcp
US 8.8.8.8:53 224.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 redstone-launcher.mojang.com udp
US 8.8.8.8:53 sentry.io udp
US 35.186.247.156:443 sentry.io tcp
US 13.107.253.64:443 redstone-launcher.mojang.com tcp
N/A 127.0.0.1:60619 tcp
N/A 127.0.0.1:60621 tcp
US 8.8.8.8:53 156.247.186.35.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
N/A 127.0.0.1:60639 tcp
N/A 127.0.0.1:60641 tcp
US 35.186.247.156:443 sentry.io tcp
US 13.107.253.64:443 redstone-launcher.mojang.com tcp
US 13.107.253.64:443 redstone-launcher.mojang.com tcp
US 13.107.253.64:443 redstone-launcher.mojang.com tcp
US 13.107.253.64:443 redstone-launcher.mojang.com tcp
US 13.107.253.64:443 redstone-launcher.mojang.com tcp
US 13.107.253.64:443 redstone-launcher.mojang.com tcp
US 8.8.8.8:53 wmploc.dll udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.18.22:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 22.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 172.217.169.46:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
DE 142.250.185.110:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 www.xboxab.com udp
US 35.186.247.156:443 sentry.io tcp
US 8.8.8.8:53 launchermeta.mojang.com udp
US 13.107.5.91:443 www.xboxab.com tcp
US 13.107.246.64:443 launchermeta.mojang.com tcp
DE 142.250.185.110:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 8.8.8.8:53 title.mgt.xboxlive.com udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
IE 13.69.141.149:443 title.mgt.xboxlive.com tcp
US 8.8.8.8:53 device.auth.xboxlive.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 149.141.69.13.in-addr.arpa udp
US 40.122.167.99:443 device.auth.xboxlive.com tcp
DE 142.250.185.110:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 99.167.122.40.in-addr.arpa udp
US 8.8.8.8:53 redstone-launcher.mojang.com udp
US 13.107.246.64:443 redstone-launcher.mojang.com tcp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 launchercontent.mojang.com udp
DE 142.250.185.238:443 youtube.com tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 238.185.250.142.in-addr.arpa udp
DE 172.217.18.22:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
N/A 127.0.0.1:61576 tcp
N/A 127.0.0.1:61599 tcp
N/A 127.0.0.1:61601 tcp
N/A 127.0.0.1:61611 tcp
N/A 127.0.0.1:61614 tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.179.225:443 yt3.googleusercontent.com udp
US 8.8.8.8:53 rr5---sn-25glenlk.googlevideo.com udp
FR 173.194.0.170:443 rr5---sn-25glenlk.googlevideo.com tcp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.0.194.173.in-addr.arpa udp
GB 142.250.200.3:443 www.google.co.uk udp
N/A 127.0.0.1:61697 tcp
GB 142.250.180.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 vortex.data.microsoft.com udp
US 20.42.73.28:443 vortex.data.microsoft.com tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
N/A 127.0.0.1:61749 tcp
N/A 127.0.0.1:61752 tcp
N/A 127.0.0.1:61754 tcp
N/A 127.0.0.1:61756 tcp
N/A 127.0.0.1:61758 tcp
N/A 127.0.0.1:61760 tcp
N/A 127.0.0.1:61867 tcp
FR 173.194.0.170:443 rr5---sn-25glenlk.googlevideo.com udp
GB 172.217.169.46:443 www.youtube.com udp
N/A 127.0.0.1:61963 tcp
US 8.8.8.8:53 sisu.xboxlive.com udp
US 20.69.192.122:443 sisu.xboxlive.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 152.199.21.175:443 tcp
US 8.8.8.8:53 122.192.69.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 152.199.21.175:443 tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
GB 51.104.15.252:443 tcp
GB 51.104.15.252:443 tcp
GB 51.104.15.252:443 tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c6.gcp.gvt2.com udp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
IN 34.93.91.7:443 e2c6.gcp.gvt2.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 7.91.93.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 108.177.122.94:443 beacons.gvt2.com tcp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.4.4:443 dns.google udp
GB 216.58.204.67:443 tcp
US 8.8.8.8:53 google.com udp
DE 142.250.186.78:443 google.com tcp
US 8.8.8.8:53 78.186.250.142.in-addr.arpa udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c60.gcp.gvt2.com udp
US 34.174.255.69:443 e2c60.gcp.gvt2.com tcp
US 8.8.8.8:53 69.255.174.34.in-addr.arpa udp
US 108.177.122.94:443 beacons.gvt2.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
NL 142.250.27.84:443 accounts.google.com udp
DE 142.250.186.78:443 google.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c39.gcp.gvt2.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
US 108.177.122.94:443 beacons.gvt2.com udp
US 8.8.8.8:53 196.17.217.35.in-addr.arpa udp
US 8.8.8.8:53 e2c75.gcp.gvt2.com udp
QA 34.1.37.11:443 e2c75.gcp.gvt2.com tcp
US 8.8.8.8:53 11.37.1.34.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
AR 142.251.134.3:443 beacons2.gvt2.com tcp
AR 142.251.134.3:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 3.134.251.142.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
DE 172.217.16.131:443 beacons3.gvt2.com tcp
DE 172.217.16.131:443 beacons3.gvt2.com udp
US 8.8.8.8:53 131.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
N/A 127.0.0.1:62083 tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
DE 142.250.185.142:443 clients2.google.com udp
DE 142.250.185.142:443 clients2.google.com tcp
US 8.8.8.8:53 142.185.250.142.in-addr.arpa udp
GB 172.217.16.238:443 www.youtube.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c16.gcp.gvt2.com udp
DE 34.89.141.94:443 e2c16.gcp.gvt2.com tcp
US 8.8.8.8:53 94.141.89.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
DE 172.217.16.131:443 beacons3.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 e2c32.gcp.gvt2.com udp
HK 35.215.129.230:443 e2c32.gcp.gvt2.com tcp
HK 35.215.129.230:443 e2c32.gcp.gvt2.com tcp
US 8.8.8.8:53 230.129.215.35.in-addr.arpa udp
US 192.178.49.195:443 beacons.gvt2.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:443 dns.google udp
N/A 127.0.0.1:62140 tcp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
DE 172.217.16.131:443 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:443 dns.google udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
N/A 127.0.0.1:62189 tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gvt2.com udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 www.xboxab.com udp
US 13.107.5.91:443 www.xboxab.com tcp
N/A 127.0.0.1:62213 tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c40.gcp.gvt2.com udp
BE 35.210.214.151:443 e2c40.gcp.gvt2.com tcp
US 192.178.49.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 151.214.210.35.in-addr.arpa udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 13.107.253.64:443 launchercontent.mojang.com tcp
N/A 127.0.0.1:62255 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
FR 173.194.0.170:443 rr5---sn-25glenlk.googlevideo.com udp
N/A 127.0.0.1:62313 tcp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.253.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:443 dns.google udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Temp\MSI45B.tmp

MD5 48eaf9d4ccf75bc06bbc5d33e78b7fff
SHA1 c710753c265b148f27ff3f358bb0ee980ab46423
SHA256 9ae2608edd49d2c319bb7bcfc24550bd9fb88b2f100fe90222a6fc55ca43c589
SHA512 505f4366f7258df3a88af77dde8335709063dd43298bf0ff8529992d53a60ad8de7d7ac65533f1ffc3a7f3ad4ca3a04c85366bfb9a14b47221609e6d36951d77

memory/1976-26-0x00007FF7A94D0000-0x00007FF7A95C8000-memory.dmp

memory/1976-27-0x00007FFA712E0000-0x00007FFA71314000-memory.dmp

memory/1976-28-0x00007FFA61860000-0x00007FFA61B16000-memory.dmp

memory/1976-29-0x00007FFA5FC50000-0x00007FFA60D00000-memory.dmp

C:\Windows\Installer\MSI363A.tmp

MD5 785ee78478d43f00870e91fa96b94646
SHA1 97e3f06230bb97333db9574e56a187c2b5dfce50
SHA256 b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53
SHA512 d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed

C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe

MD5 11a4bcd0c92d0d973847450bbe46c6bb
SHA1 f1229f3027424d650a0de2d6999626585539b2de
SHA256 6cbf77ad3d9c53860a353c9580c49ac81e6d26c93394347371454df6cf3f2ab6
SHA512 e33ad661735437db39e1aafa2d6c167e96582e240e4fa4a5ecac829e5a693e471b16be6d911a7937628f0c210a71473800c081ea5c061fc0c7fa98662554d17a

C:\Config.Msi\e5934f2.rbs

MD5 d30e900501a97652f110b1680818bc8d
SHA1 ead5d8011ccb2f586c4e973c53bcce831ea4a66e
SHA256 96c19e3aa3aa2d70e475b7196084ae05e0bb9ff69fe88a088561ab205e2af755
SHA512 700374cc0c079ab99579d2e51605b9d8f58efd6c0cc601f238b05cb8816f1c6a52c4e9e87d093cb2ef07eff228bf59a0a827d60404a9b4921fca83c6a9910204

C:\Windows\Installer\e5934f1.msi

MD5 02d7f8e22149e154487f2fdddfcec8c5
SHA1 390019b5f2c24f14dd398ab4ba8bef0183a923af
SHA256 d9618862a64da8a5c86f2c9cde65b48ab92ff8bbc14d5f3c7946539a44e2db17
SHA512 140d1b9c320e29eca7e9ad2ed0c75004d2421f612a6cafb593d168856fa918ed7bc607ddcebc042a3a26a3e819785d9cea4ef1a298ad1f13dd4181c5b5b3e2cb

C:\Program Files (x86)\Minecraft Launcher\tools\NativeUpdater.exe

MD5 55bc64c641938f7cc3a8ae66006da2fc
SHA1 2635c35a18e3dd562f4ebc2bb18aa57c6a21a055
SHA256 480eb87aa849add7ff8fda5b32f0af46027d208a14c4642d9ce3c214ffc7ca52
SHA512 49404d80750aacf58ba72e26d3942354521d8695452dd1d4901b8abaf07beaa3b280b51734cd9ea4ac25fbe0b2ba53c831a7c5ba01e5993957ebcf4d2adba757

C:\Program Files (x86)\Minecraft Launcher\update_files\Minecraft.exe

MD5 f6323ffef78899aad356e1d6556049e3
SHA1 f716742bb724f8a893416afd07e3ddd30ddd83d5
SHA256 c676508f4327f3595e4ff6a27a1f48d97d420565538e7f21f0f060d798747f58
SHA512 4c2d53fdcb66b1620656dc4827efb3f6282418a4804fcd3e60009a8745fe94647e965563bc1d2c4f86074aa341c2e50bf79a9f5ac0e82f8c7c2cf23f58233e46

C:\Users\Admin\AppData\Roaming\.minecraft\launcher_log.txt

MD5 6b6fbd26c034968b089f1ae61258413d
SHA1 fa2780247189d93ad530f403e212e08cbfb4d4b5
SHA256 01b5d0c17467f74c9f406e068bacf1b2d4e1f1a053c72b4b868369bb0c30f857
SHA512 0cd303b7d31b312c82f7511d5ffe20cb876fce826e45698a55603a1d4c049f87a7a49633b011b9509480fe9066e63c69f01e2bb0888822fca36e983360da9967

C:\Users\Admin\AppData\Roaming\.minecraft\launch_attempts.json

MD5 ac90cb49bb07f96f66dbf67c6e074a16
SHA1 225851c129dd55e9ee270b981caf14f985d64ae0
SHA256 5c88c2565433182b9347b55ae8e63acc149ff5d3123f185bce8eaca1c8842fd6
SHA512 4984d66cf9e4d5ca40c9dd0baa7be27cf1df82365d74833f433680aeb9c40d0566e34bbc76e6213ca6763ff8df5bfdf6ebed59d4ffd79df6a4e42a9167096259

\??\Volume{2497d54d-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b1872b6f-9446-4f0e-975c-3e4af8d1f4f6}_OnDiskSnapshotProp

MD5 5cc7630314d74abf5bed667c43bfcc64
SHA1 013adeb396e7e3351321fda4d66bcb946f9fb470
SHA256 553cc81c99de4804d434d3215de46936d2fe7f7d54d910edf25d065cc82f1ef8
SHA512 ad1848390964e2c3b60ee8533bbb97c39baab01e3a6e769bdb6ea30264070370c0c8b3fa8863d955b90f2316a8e1eca12f81f33a9aca6742965f6cbb5fcbd053

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 656184b3350f7495ee1043dc7e5d8ca4
SHA1 c7add3107411a460ea2a6ecb30afe8a32ab7e5aa
SHA256 4757e46c2c11f61f7fcd63806bc0c88da798b7463f3406b8821843d248bd5b32
SHA512 934ff9cd33f8a4f406f5b5332c582e3693a6233c34d86e29b18afab3633542d85833701f439a370d767e33f6f7a181b5bb6bfa6aa943373cc251c7caaf9d9331

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 210bc906f82bf3ba64fa4cc39256a50f
SHA1 e18ae38ac188d61b840b65bea32ae01fc45db5f4
SHA256 5ac978b041899d84062447f2de591639f3704ef8c168437187dc60f2a0ac5d6d
SHA512 8ce13df9b91a2649163e2a3641ca29a2ef41e9883d3534627026fc435a222c9e4fab58cb5913b6dcd25e8fc0b0abfcce70dbe5ac4cc35e5e745e886a78cd2c69

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 8565c30be0799f09f4a3a67421dac1a5
SHA1 72f1689474b160e128ab2df354df3f801aff086a
SHA256 25faa82f832fe11fc5f383ba9d2d8ed693337a0b9fa9ed2eb7db715cf9e303e0
SHA512 54e628c57396101cd0ee3ef5d7429399c1207290210cc544c5098594eb878861f88468902c002f51f8844d567462b045b3a3c57056acb04e45200a9148444552

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 76acd5715c4614e79567756822ff5757
SHA1 a97d81649281ab9e79bb8a8763fbef9300a6ef2d
SHA256 fdfce489e9cc27c1c05911055b34be9befe04fb0bfb806a7ebedbee564cd45ae
SHA512 7f7bdf4e8c7b9faa9b0559ebe1c8124d7371fb83aab8b59eef8716a9c8321cbb4a77ca8eb1ad76dd4aded4bbaedc065e9a5c554165a46b4041200feddf5b44a2

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 e83287121ca8ad9e3644a7a2d05ed8a3
SHA1 dfe896131530371bf64abad9807a74880e68f562
SHA256 41989758b48b2e324e811f55b049af48a49a752322041e432f68e853c7bc4390
SHA512 1683e3c333146106ba96a6df16e9a1730f9fa8b33a0c772f1dadc54cdf6ea43bed6f105abb766b7ba3c2268dd9ee6e21de57eddc6703359fb8100c71459b65cb

\??\pipe\crashpad_464_THQMXMOHQCYXSHVP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 128a7b65031e89f0199773d397b953ef
SHA1 5cd06e84ea6d917bdca5e33075220f8473cf509b
SHA256 e6895fd09ca8c2b6770d3c5cd142f6d0609815b059e6d31c9070a076d33b4be1
SHA512 5fc840d5f92ddd97b62d8aec0b44060d73697a44a04039ed04f39dca411ce053c7aec7a3310a36d6d7a1d714f5b084a2d483bf7eea95ee58cca0d21ac28e025c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9bd489ed3b62606ef97fd7c73a2d26a1
SHA1 8a833fe7554b883a83d31c7eb776b8d9d86e9378
SHA256 5696f0768bbcb581f2f4bfbd4a0ddd1f91f8839460bc25524fc07f305b964a19
SHA512 25b03217d000aa1d4762defd1aa05f6b9c6c89f23fa3430171f446b17f9a5df83992b162d63e0ee1939c31959646d5ba93c6a94a0008482a154f55a9bdaf7029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 416a19b830fe2746af91c51f9139088f
SHA1 44c8344cb0adeac1143d9990657e3dccb6705732
SHA256 66ea45c9680635290f06690cbaf967bf337cae706e5518b234c03d1741f40e08
SHA512 6edcc7728fa2d2fa0bec53cf419e765668d95036983fc16557a22a1c0fa3681ec6c0dfa89313053e06fc75cb377c1ac19aeaba12535b040fa6e6ab601a5a6be9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c8f79015c2bef077ec970f923f232e79
SHA1 e9c2aaab044e5a985fd0d09e32c6842ef6e31262
SHA256 a7959795a45416c86941131cbb7d6d3c336f2e2770601e21ca48c1d6b8fa7c32
SHA512 1aad9467b22dc5429a09dd92291d298bfb7fa7ba98c8c0bff151161ce98a713b7141d27b1d583820e30eb2fee8bbe08450b93a73fd2714e8f8a589597e740258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 549e4e98692f64a6e59c663f0b21525a
SHA1 bc5e36607b000e5c226df07ccd87da557adec437
SHA256 07ac372723298d761cbb466e210b2ce69a037a5e644853301e2e00c8c9bbf9a6
SHA512 c7fee48c8c56d0f9d6bcba67012dec11e271277ad44e2f5defe14965e925ea88a03d81e1159b31121a36064682ef696d2249e87ac874a0cec39905272a3c9797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a24b0.TMP

MD5 9177ecc956acc095a18c04ce94f019ff
SHA1 72780606aae33577ab385b9028c837f8aa7633df
SHA256 ecabf06a4108157bae6a953430cb96804f8c5fcd2c61d4a4a4237797187244bd
SHA512 612c90d904148e52d2e51b170e0de484fd35b54b4552753e343bfa775a37a575731bc9dc1ca350d0e1efad6067326125c4ee8f0ecff4554f71b7a444da8caaa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f5f084b94752b7299b3d68c62bf213a5
SHA1 30df1c348f4008fd47553b1a0f5ecdcf839005d4
SHA256 a77683bc1413b75c7af2fdfc76181c4b9af3c6a7db8bbb1cca72b180d4cbc486
SHA512 b3ffaf497a61f2bf18170d0c2ee771ba08657189e562a2b00c1e6b397f1231b3b159422337f2281eb2fa9ac83c179adc62e4a9ec20f655a15e845b337cc19f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir464_685960605\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir464_1290702625\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6c72a6c456a152cf08a11cc1507c6814
SHA1 dee0e7829641461391b3452829e0b724bb27aef1
SHA256 9ec061e6a890642058d1a837e8a7aee28874ad7475b231a9489eabc25f06d27c
SHA512 673c5ebcc99ff388b6f9cbdcde5ea9bf5c6818c303585ba04f7b1bef278e0814227bc397e20ad6b55ed3ae121bc7e8da212980157209dacfbbeb8213f74112de

C:\Program Files (x86)\Minecraft Launcher\game\launcher.dll

MD5 108297471e9cce625e5bb99f14834d12
SHA1 6681d250ff75a811b4168d89c98f9dca854dae65
SHA256 551d89ada1f13204a66643c9fc1e38c264634dbdfa818b74009358c9842ba7f4
SHA512 ce711fbfe8fe6d22682c0f7e248e29e94b29613baa3f6dfcfc0cae43fec4fc63b5bc8039764ee8f5a312cf179c1ed9409521429765b02a711f5c2c2f96339f27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db26c844e35bcd8f6ca7bf64dec80dcd
SHA1 71d83f8d0e64a39564fffa29c4d1e6b6c488584e
SHA256 123e32a244ae747868a90d985c4ac705ae52cc07e50c97f846110f02374006eb
SHA512 b44935be1bb6756698e5ccf9bc33f7b8e24b58493f35c5c61bedb870b50ec55afdd4171e559772c03f485c1728e7fd25df620d711da967f145a39d308224da08

C:\Program Files (x86)\Minecraft Launcher\game\chrome_elf.dll

MD5 077cf7b55f33077b26258d427eb35cbf
SHA1 707f227dc72008860655d98b56db52239691c128
SHA256 68b8b90e78d9c88d01a5298bbed536ae30f08b4fd4a188c0ab9d21c9894359f4
SHA512 418b1fc661715a562fa06b8ae6dbc56ea201c35bf8c776cc230764572c4e1b1fdb2054647c8bb66a4ee181dda8184989b794b4195705966936b0990584b4be9e

C:\Program Files (x86)\Minecraft Launcher\game\chrome_200_percent.pak

MD5 0d362e859bc788a9f0918d9e79aea521
SHA1 33abea51f76bde3e37f71b7e94f01647bb4dcbd5
SHA256 782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28
SHA512 37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

C:\Program Files (x86)\Minecraft Launcher\game\libEGL.dll

MD5 40a2fab3eb121a004061d458ea77eb7a
SHA1 6e6e46d20132091e2c0adee0e245bd3505589206
SHA256 0b507021f257b5c9e3776529fd3e763f8871148a8477ab16ad381eda2972cc3a
SHA512 a6ea901fe5c55f56723ce6c02a2a74034c2797fb6c6c53d758bf45f98ad8383363ee717748b7d38736a9439e41bc8e726674bebe9d15ccd37e77b26b4feda1b8

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Program Files (x86)\Minecraft Launcher\game\libGLESv2.dll

MD5 e85cdd4a5b0ad605ea2c8c930dfee9ad
SHA1 22e2ff606ccc0a79e520a4ca98086877d5f70eee
SHA256 d745e109f2011e8a42661272ee9fe030335b1a36b49070f503696d679add92f1
SHA512 4844a3037cadaa1995e8b43eb9278227540624ab0a267d48e1c748539c8f80b4bfc5fdd8aec6c48be8fdfa833833b385ff8595801037fe84850f536eda62526a

C:\Program Files (x86)\Minecraft Launcher\game\d3dcompiler_47.dll

MD5 d015c13bc7b1eb3a16c4ccedea833828
SHA1 9f85a04f405f797d62767a33f2b6f1aa34ab3b10
SHA256 5605f1700180489ea4ddf906f2ea9c45c4662cc853b044144e0f1b969b1f6c91
SHA512 ea7985f4139abd875a322dfd1267b901d07a42da600c61577c0a948637484be63b914e7546e77a7c20a5e308df7623af4959dfea3c6957d9a4551444b192d68e

C:\Program Files (x86)\Minecraft Launcher\game\chrome_100_percent.pak

MD5 e05272140da2c52a9ebef1700e7c565f
SHA1 e1dc01309fca499af605f83136d35e6d51fcd300
SHA256 123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3
SHA512 476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

C:\Program Files (x86)\Minecraft Launcher\game\resources.pak

MD5 5ce4d6247db95a54407c3af3bae574b6
SHA1 0fab5ae803188ca76e82532577ee0225229924ca
SHA256 a5cfcf574081a4a7c4cb3f0a29706f55061e2ff1655c3aeaeea8b6f63f0df35e
SHA512 6b6264ddecb827004e5dceca6e5c959858ea54fa9c668ea96a9290185462d2d931e687e233b4d9da8a0f7de3d9935daaa21bc73de0a87142856c13bb55801244

C:\Program Files (x86)\Minecraft Launcher\game\locales\en-US.pak

MD5 99b4fdf70abc76d31e44186e09a053a6
SHA1 fb4192460341de2a04127f1e7fdf5c41b12ca392
SHA256 87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa
SHA512 d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

C:\Program Files (x86)\Minecraft Launcher\game\icudtl.dat

MD5 d866d68e4a3eae8cdbfd5fc7a9967d20
SHA1 42a5033597e4be36ccfa16d19890049ba0e25a56
SHA256 c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d
SHA512 4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

C:\Users\Admin\AppData\Roaming\.minecraft\launcher_cef_log.txt

MD5 c013b6dbda9488db05e0f433410442cf
SHA1 bf7960d55658c25115554f946ca04ee877a22e80
SHA256 c0154e8c248ff10baeffc527b8cdc24dfbd91bfbb024a47f9b0e2e41b9e9a84c
SHA512 0e0e5ba4361c3d4339d49800ab46ff0d3d01ddb367f8fff1b15214cb233726bc293e9fd42b447d6cca8856e78519c74206343f90fedce3f6e7153a0b0f65b45d

C:\Users\Admin\AppData\Roaming\.minecraft\launcher_settings.json

MD5 67686bbba813af1c87936602ee1f3868
SHA1 af6afdb272d8fec9be828c5e1c48b8a3c67d670f
SHA256 ed8eddac73e1a5230a21abf4ca416d7ad42c659f7a7fb52498f8c7cd411ef432
SHA512 1e68f52810294373d2a73b0bba6280b17eeeeef6b85a90e507e28b4fed1c8497cdb58546f07a1172cae83953c70670f0fbe67bab679d6ed1a5c61fc140e13e22

C:\Program Files (x86)\Minecraft Launcher\game\media\background.zip

MD5 a9e5f05a132b9f3e5822147e34c569bc
SHA1 1cbe54656bf5317c17828e6fc9e224b09f3df796
SHA256 9cfab95db99ce188cd1992cbaf84b7f53c2421a111d1468ce75d76c39a6f6edb
SHA512 ca7c8daee3b0ad5029349b286e7a4376d23603d46a409fc8792d3e51cff318ded7ec7b08e08e2e863c974e5b5262538bb6b130b2824ffb6a4ea548fef003004f

C:\Program Files (x86)\Minecraft Launcher\game\media\common.zip

MD5 3dd489686eab0017ce987bdab1f76aa8
SHA1 f0de33e8926af056c309d6309bb14fa6f3b96c49
SHA256 0e4ef157fec67b4cb6dc5e2a2cebbaf14752e5b84c083e7b6bcd6c4767477e93
SHA512 813ac0161255b1daf9ef63bae6dca5bb4b70e1f2bc6b886d4a8cdbe38c83212ca686a426a90710c662918ee4b08a13cf50a03f317f0ef9dea93570e83344e5c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4f068ad41c39c3fc36c420ddcf63a7d
SHA1 22b751bd8218ac501bdc368b8e9307eb0960706c
SHA256 a75a97b97af33e146d830174e89b32167f06525e30140b34861bd03721ad393d
SHA512 4cb8a1331f20d16e5a624450bd2920727d41a2b6732c1e03ffa2441cd442137c445c12f5983f0ffb7367ae31a82c239b923807382bf0ef3131bb7895a13b06c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eefb86b256198a2ad35d722ca068c441
SHA1 69675504ffc0b1746b31a49d25e358c4cbe8f11e
SHA256 23359f9b9a642d531181c6305a72811823d243fda6a605b5780a9d28c680b5df
SHA512 a5dfb810e848d3f9419e219c3c3b5c385cd7265631058bccddeb143a324a3affd37e82ba710a00966d8cb2d9961d9fe59325432a31b3212b3819bcac80d181cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4771efc8f3e268cdac63605b27b12805
SHA1 f7e4beee0ba37f066cd1d60487e5cee25ccf051f
SHA256 72d7bc38275a639b1fb9c3b2b75db055d492c2e2cd048fe2a36f781cd6e0efa1
SHA512 69062fbe510bad452e6ac9fb0fa96541b3a90c46f1f4a5ea3aa3e076e20730178fc015a871ddcd1dafe92ed9df3a39211796d96fea56e6f0e50bcf3f5e14a251

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bef18f96c79cf04e735d5220e2751bd1
SHA1 6ddc99005461fed3269a32f9c334133323499f38
SHA256 b2e6bed9d8ff63224fd420edcbea263f8d733acf8af16e3b32c8fa588b491135
SHA512 39c7d8ad412fc3e86e7efd069c7575d6b5f10300c1e0fb222e98bff12ee3c5035ae67df5b37ec1b620d3898eaf6295294cebbbbe8f7ab863029ea3a8a2a62fe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a7754.TMP

MD5 5abb1b0283606336813beb02d7fc8c74
SHA1 e1b62377fd5717954c3bf204bcf0bfbdc791b465
SHA256 44b0e644e671986885a0cfda1105ee2a1980cabc97eb9af18573fdc9f85493b7
SHA512 c8263c56924af555095ad9fd512e2a36c4041ca47363239ce2e3713865cbb03a568d28e6e9026739142ae4640f5ad00f150201afae26ce18c515d70c10f431f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\be348032-54ae-4125-b4fe-7b9e2af3d8ba\index-dir\the-real-index~RFe5a801e.TMP

MD5 a49780512942397b3e3bca9459dfc93f
SHA1 87104e4ccf9c490ce0ea2508e6d39532bf29319e
SHA256 3ad1e2a3781da675b2fd39656e40688eaf0396797fb85529c09564c2187ee377
SHA512 ec5f0908052e6a9e9eeac3f308ef1fedc9b70672acf1e86b9daf056735ed2ec7b489e681c5ebc9b6697e6ebb06ec497ec693797ea1c5830215cf2273d3ceafac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\be348032-54ae-4125-b4fe-7b9e2af3d8ba\index-dir\the-real-index

MD5 9aa61b24b8cf4845862a7bcb84e5f7c0
SHA1 eca851192b5f09618187ee88a1998acc1c24a640
SHA256 a28cb495e3095e84cb7fd34126f4dec4405a64c84d3b89dec898d0136c8a3365
SHA512 e1bdf00ee3ee1cb2e3a4d8c710011a97e578b7c05f4cc9eefac88200956b8ca3ee8cd8b1fefb8effdc53839da91f44e09bd8d2c6a7428f1bbcb9a03fa6214cb1

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index

MD5 360dfcbd69fa20671b5a0cf911f9e46e
SHA1 008d7044c06fe318cc818ad8ae927f763965642a
SHA256 e6dda275d000ac1f04bbf8ae15d666863b8774618ec99bb5285f9eca79678f1a
SHA512 84ee030f62216388dfee3690ebda3c2f3131a5a9118359db62e51e637408d0982d44d8bed48af486e098e4e9f49aff17cb0437d633ac09461ec114b559f45691

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Code Cache\js\index-dir\the-real-index~RFe5a8687.TMP

MD5 f6a8f72a209f80f4011e44b69f9f685c
SHA1 7ec4bcd3dbb23e2087dad6323f424f7d24aa1e81
SHA256 e573b3fcba68849955d2acd3301b88678def5ed5beae55931e3fb6b89fc047bd
SHA512 0de7dad9eb13c729458a01102da2364af62bd3785ea5436c4b051f28892af7ded7334d49d45dfa16705e1af41bbbdd07151d13757132f54cc56d4a3d8c4b8fab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0cf91056a5335a1097b7b180a7dac038
SHA1 cb6ef1444e6f8294e0daf523bd38ea396f85708c
SHA256 57b5242d3ef3bc8358580f247b8b3e92abc329ab90a2cf65a6ac6d8c3a86bd21
SHA512 43370e692809857c25031010b4d5392bc5e0fa1a7f3f8ae44e461758b38fd4703c680f173c5dce0b537f14be63631590ff2ffbd5c1770102da29b35d576760a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56cdcccb-b2fc-4123-b8a2-593abeb911bf\index-dir\the-real-index

MD5 12c3e56fcb590685d2fdb6c42a129c04
SHA1 f51f13814e37471ccb75100a1406c19a71d4594e
SHA256 019b1d941a65084a72dd2a8975f77b505df75a6193cb6de6f30fc2f6ee4f5c89
SHA512 7204ceedf5f577090f09a492ea5b0ff5dd3b015d87a28e0e623b285b560690c4937dff91fb94377dc86bc4d852e38c4e636a1ce3acee6a725e23fd251c7a7da4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56cdcccb-b2fc-4123-b8a2-593abeb911bf\index-dir\the-real-index~RFe5a9f9d.TMP

MD5 a1f6f671ad934f4bf3383cdedef95cec
SHA1 2722d9609ed87288ef4ec3a880965b1676aeccbd
SHA256 cac845aea473035721a7fd963331436da1c3aa59513eb6510bfec7cdc0d60007
SHA512 a0ad6e2c9d64724eddf1f5f2e4e259071c88f6a59342bb966d166854f8b673e5db7b06430b76e132b6ed31b950acb2e42e4d7707ce130692e9897648236f8ce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bb82811663bb1dd3343dbbb2d0c32340
SHA1 3eab7ecd74eaf3de36ab2b421c0d1803b4809f66
SHA256 d6892f5301198c820b499db3d3d91a573748377fdc8a2b4990f10ef545dfe585
SHA512 2ca7870c764fa09308bd61da2046d522e33aeb241ddf0573a494c391b599bb374afb45befd70ac8d30c39bbcb2f759425a84703f103f444691c32c1a7ef32093

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 58d127b906a950a1f260aced65eedcc5
SHA1 69ac518aebb839533723de6b6fa81826089dfd6c
SHA256 7bd726fd2b36db888dfff4a88e549d61b84d10246159f4bb84ff0129a6d4bdc0
SHA512 21b76031ea8ec1f68c0f7d0a155d9c940bc5717f93a33a902e995b65f79288608330a161b545cd665fdf5e719476ec89741c4e07e55f6d57b46360f9b79b9a61

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json

MD5 5149a9f09a437677f77292016ca943d6
SHA1 1641cb2e7a4eec4df1a861d148f77bae2aed7a62
SHA256 0eafb2bcd879f4280d5d6666bed0926460b185ed0fcd023545aea5911b6f6dcc
SHA512 0ec9a7158254d5e7e6e076c514308b9f3f5b4d6d93e4a502097e1241b6cfaf83b3d5386d6814983a26607f3d618b2d7a59f8135e4e78f5195bc57ac52b0f5f29

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\LocalPrefs.json~RFe5b45fe.TMP

MD5 e91baa643243de748e62dd8cb55d79d4
SHA1 e1bbd06a3cb31e00289a506a23d80ccaf20c9009
SHA256 eb6d4e11f7ef29f5296d11a4b316f52fc4acec6ab3024b0420be413e64b145e4
SHA512 7d621b4791be09e3206d3ee0662dba2fd786dcc2520de38b4d9b9f475e885aa0438e3a63c1ddc28cf2797f20c391d7b56a0800b585f75d9a6c66eb3430f68f48

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State~RFe5b4f45.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 f941a3b557518bf7d6679c34d5caea72
SHA1 f57425f4a854fd35ba32365a9fd47135d5dd8b44
SHA256 35d628dbbe9f16861a467151f4c4a9f19401fff05129e5843c5ec640c83984e5
SHA512 9ae0969a1a574321aa6831b48ce1ac6ce612e434552d6567771cb4bcfecae24e36d9f5e182ec92601250535c3f61728f883ed53ade412638e41ae3d95e32bc96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0a97297595e920aa2c8e16a08f953caa
SHA1 fe33af70dc8c00c8b87f6f4c1762b9f9a6e69743
SHA256 875470a9f0fed534929294e0da678f8cd1c6b7e9793bb34bad0e831321a88264
SHA512 333374a7896ea8df0c2b9c520eb5e2425e85a4b63a766e2a90cdd8359e0fde5d90cd9f26913ca5076b9bf388a9a0903fdc55386595ac83bc078a50b3a4d656fa

memory/2072-1384-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1383-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1382-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1388-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1394-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1393-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1392-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1391-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1390-0x00000000076E0000-0x00000000076E1000-memory.dmp

memory/2072-1389-0x00000000076E0000-0x00000000076E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 506e2ee87ec26837304155234d662602
SHA1 6afe6bf6d26033b482ddd49af2cc93547870a80b
SHA256 87c1a6ceb6acfa77f88face220c0b55456c18c4f338edbae07c2ef3635823e55
SHA512 32d758c879a891dbe196778c4be9022dc2858c4a3cd73ad1a05bc50589dd7fb34962f5ef5863b2b09f1279cd218e141029db33e67c1d4c305f36182b43f1c23a

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity

MD5 dc90850976fde5c17a874d46bd7a7524
SHA1 360f618f0958d1ed039e088310fc5329208c9997
SHA256 b0069fa021eb3fc62b6cd51b41a10b4fb87c620d1fbae7cae27676c620890d9a
SHA512 083953d1488d5b71c58faa11a3f93491355befe06d4ece04489537beedc5fe2d2b2bcf8816d305f0ac8bc93c121932e48ab0e167bf36d717e1e46f997c5bbcc8

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity~RFe5eecb0.TMP

MD5 58c0b4e8902aa5df14ea8de86bdc22ed
SHA1 eafc1364ff960b334e16a5f71f67af4add1f6c3f
SHA256 df4b3a9529e2f1da0aad9af838b46a8a4ed704eaa74e0d19dff9355c344ad491
SHA512 95e49bc3dbceb63489e56a77f26918157e4ea32eebc8f5eb01eec5f4aef3c2dec159edbecbbd30f0216542500eaac0bb8f6843ac45f62b24893a37c2e06739ec

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 541a72315a54f034e9b3f809a53b9a7b
SHA1 4ae2ea72491f632b1b9053ce2af52b5b145b8a48
SHA256 a5f5260a147fde8a2277e8a3a18c5900e408f0decf90576ee6f0645d7b9a40e7
SHA512 7826a7790c2b4a3012c407375eff19b77e7c0d694aaf212ffb59139298f95c87b0d1908e2e3bbd45393fb44b15d78b8a85295626d0d6935b0278eaff775017c7

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity

MD5 c8c670c57d80857619ea536ff7cf6cd6
SHA1 6eee50890a062dda6a907d6b2fa3f3afa4c611dd
SHA256 fdca377b5c09e0692f312e6ac3d4ccba01e2e3925f6f8cbcb222eb2ad1a29e91
SHA512 44876ce3c865a0e5d89233898855c5602761198f97fee9fab4fc0b57cfb79bb06e67362386634f93086cd094176b35f3d94e3758bc37fc73837973993dc13163

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 28d5006f0a5f7bc69a0f70e3845d92ba
SHA1 2c2e4a4383a19913c695a352b5f95e995d070b4b
SHA256 f7e536c5967e33e3c0b78cd91becbca17e23d008a644d34a33a33c4be5642481
SHA512 dcd27a383f8d78577441607b93e9c92f67b7a108fcf0cb52a07df96d202af6105fa27356739230e3b4a0adb1d6f0abc533ff2271db0104b30c4b0f6efb347e19

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity

MD5 a7642356088b068e6b79aba8dd8beb45
SHA1 70a0e0b61760cb4cd8f2414ee4babd68f40dbb66
SHA256 5f8faa405dee1057a8a609c94a6c3dbba25e94701705ff9e0490e8bab6c82ef9
SHA512 afe9d68afbc582b80a1b9df48c18786248cc4621c05f8c3d15f8f391c00317566de1d4368f1817c907c6cf4cd95bbb0365ac518737c5180a60a15b14f5bff74a

C:\Users\Admin\AppData\Roaming\.minecraft\clientId.txt

MD5 d6ceb0b0c71f6079dbc529fb9104f211
SHA1 9df655596bc6c680f7f90c3bd034b16566cd1c02
SHA256 c8c435375ed9c84443940b40c1540e35e85daa86d3fe1563f4c3a6e474a1419b
SHA512 2ec101406acf74feda4e4385cbfe24047d785a7d0111385b5c17dd62e07dda7556614272a105b9831120bfdfe29134003ab4e6a6a67ff9d71296131fa778d28c

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 c448f17bf5cdbd23d048112fc12d04b4
SHA1 88df52bd4e3487823467c4db905f29b67d0660bb
SHA256 717de6b5cbe74176ca32fdd9229f0a2ad2d015c6468a55696ce566bc44ccfd8a
SHA512 e1d8e1037057b91ebddefc02d9380cffcb7a58e4d78427356eb8dd3a62965997a122cd5d39e2bc2e3ac2ee294a5ded162df6443341716850e723531df80f592b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3262042719412975011e6a5272ba941d
SHA1 cffee4278d1511120b5a0e9b23c1e9138e8cbd17
SHA256 a084455017b12e512fe0343802a3504ee4b08d3c50cd52f67ed4626459a74928
SHA512 245c27d236183911fb13cef67e3787df69510f8716fbc56e85bb6ee06c470b684e23b060e9665066f4989393f4a77821f03660ea15e7acd2a7ff63c668f6ec45

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity

MD5 055a8649ea876c683793c57d4d9fbe63
SHA1 9cae6c0ab9851d8840e0fa8af6a4a721c905e169
SHA256 9b3a3d2dd89f710cccd35d3e5d3fce55e48e176edc42b8afe5de453167ba4a92
SHA512 f9e623a0a3420b5e349ce79cc6d9bea83cd2ad28b720a050d95f84441ef209cb129a4b18da3e8fae833a36ba3de74ab4c6184a6d980d1393f7e4d86f709f7645

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 2d627063abf664a7ce796e3381bf67cd
SHA1 5ea93cd3b986b2726f1ae0f228ddfe77ae29cc24
SHA256 b1594ded80b4150e33ebd0aad4dbdce5c66adfaebd5a6fd5c994604a6e231461
SHA512 25dae5e8ea6df415feb248054a20596e684688ab534ea89f07d959d479cc0959d431955aaa7cab70b7e00f2827b999150fba37fd957865edc9659ca868083d85

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\TransportSecurity

MD5 b3cb450ade8174507b42407a4118c6e9
SHA1 54b1dd615a721606e1beea47b84356ed4f28f9fa
SHA256 eb2779e3708d1accca4ce6172797c6df0b289e81193cd81352f6fbeae250f3fb
SHA512 5b3b28c7a61931a8a95361f6b046a1bdcfd594ee562aa3ad65f53a9f1fc05886570f85260632b53ecbb3e6cf188efc10483301323852f2fbfb66e25dfbf3fdfd

C:\Users\Admin\AppData\Roaming\.minecraft\webcache2\Network\Network Persistent State

MD5 890b15577fa4f51aa207dea14a6d5c3b
SHA1 a3d3b0ab88138453bdd188227db4f5206864c39e
SHA256 6aa475248653b413a686ed21b07f1eaaf8cbdecea6aead658f83c1567cd5e5e4
SHA512 3ad317cd31317216b0a21d6ca433111bfb8466178a8bd844ffa1852cd4319e4523a9fb7713fded80d16d52092330dc3f4b067f642c10e34441cceadb659cad80

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 14:33

Reported

2024-06-17 14:35

Platform

macos-20240611-en

Max time kernel

108s

Max time network

109s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MinecraftInstaller.msi"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid DA981D1D-15B0-474C-8CAB-E8DE5E6413D7 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid BDB55EFD-A32E-4F5A-8F2F-B5563A46A128 -post-exec 4 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2 N/A N/A
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid DA981D1D-15B0-474C-8CAB-E8DE5E6413D7 -post-exec 4 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2 N/A N/A
N/A /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid BDB55EFD-A32E-4F5A-8F2F-B5563A46A128 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2 N/A N/A
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A

Launchctl

execution
Description Indicator Process Target
N/A /bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist N/A N/A
N/A /bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.agent N/A N/A
N/A /bin/launchctl stop com.google.keystone.user.xpcservice N/A N/A
N/A /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist N/A N/A
N/A /bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist N/A N/A
N/A /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist N/A N/A
N/A /bin/launchctl stop com.google.keystone.user.agent N/A N/A
N/A /bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.xpcservice N/A N/A
N/A /bin/launchctl unload /Library/LaunchDaemons/com.google.keystone.daemon.plist N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MinecraftInstaller.msi"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MinecraftInstaller.msi"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MinecraftInstaller.msi]

/bin/zsh

[/bin/zsh -c /Users/run/MinecraftInstaller.msi]

/Users/run/MinecraftInstaller.msi

[/Users/run/MinecraftInstaller.msi]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.google.Chrome.3056]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/run/Library/Application Support/Google/Chrome/Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=26]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreLocationAgent]

/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent

[/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=26]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=26]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]

/usr/libexec/xpcproxy

[xpcproxy com.google.keystone.system.xpcservice]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]

/usr/libexec/xpcproxy

[xpcproxy com.google.keystone.daemon]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=345720441 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=59]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=345788448 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=59]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Terminal.2100]

/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal

[/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal]

/usr/bin/login

[login -pf run]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountPolicyHelper]

/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper

[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]

/bin/zsh

[-zsh]

/usr/libexec/path_helper

[/usr/libexec/path_helper -s]

/usr/bin/locale

[locale LC_CTYPE]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=350091973 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=74]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=350705001 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=76]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=350793354 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=82]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=351351873 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=82]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=103]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=14 --launch-time-ticks=356161742 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=77]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=15 --launch-time-ticks=361965376 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=76]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]

/usr/bin/hdiutil

[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.AxZ9RI2qqW/com.google.Keystone.dmg -plist]

/usr/bin/hdiutil

[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.AxZ9RI2qqW/com.google.Keystone.dmg -plist]

/usr/bin/hdiutil

[/usr/bin/hdiutil imageinfo /tmp/KSDownloadAction.AxZ9RI2qqW/com.google.Keystone.dmg -plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.hdiejectd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=109]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=112]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=112]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=117]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=112]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=22 --launch-time-ticks=371790546 --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=81]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid BDB55EFD-A32E-4F5A-8F2F-B5563A46A128]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid BDB55EFD-A32E-4F5A-8F2F-B5563A46A128 -post-exec 4]

/usr/bin/hdiutil

[/usr/bin/hdiutil attach /tmp/KSDownloadAction.AxZ9RI2qqW/com.google.Keystone.dmg -plist -readonly -noverify -nobrowse -mountpoint /tmp/KSInstallAction.TpSccy2Kl4/m]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid DA981D1D-15B0-474C-8CAB-E8DE5E6413D7]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid DA981D1D-15B0-474C-8CAB-E8DE5E6413D7 -post-exec 4]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2]

/sbin/mount

[/sbin/mount -t hfs -o -u=99,-g=99,-m=755,nodev,noowners,nosuid,rdonly,nobrowse /dev/disk3s2 /private/tmp/KSInstallAction.TpSccy2Kl4/m]

/sbin/mount_hfs

[/sbin/mount_hfs -u 99 -g 99 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o nobrowse /dev/disk3s2 /private/tmp/KSInstallAction.TpSccy2Kl4/m]

/tmp/KSInstallAction.TpSccy2Kl4/m/.keystone_install

[/tmp/KSInstallAction.TpSccy2Kl4/m/.keystone_install /tmp/KSInstallAction.TpSccy2Kl4/m]

/usr/bin/env

[env]

/tmp/KSInstallAction.TpSccy2Kl4/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/tmp/KSInstallAction.TpSccy2Kl4/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --install --system --enable-logging --vmodule=*/chrome/updater/*=2]

/private/tmp/KSInstallAction.TpSccy2Kl4/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/private/tmp/KSInstallAction.TpSccy2Kl4/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]

/bin/launchctl

[/bin/launchctl bootout system /Library/LaunchDaemons/com.google.GoogleUpdater.wake.system.plist]

/bin/launchctl

[/bin/launchctl bootstrap system /Library/LaunchDaemons/com.google.GoogleUpdater.wake.system.plist]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/launcher --internal]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[GoogleUpdater --server --service=update-internal --system]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall --uninstall]

/bin/launchctl

[/bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist]

/bin/launchctl

[/bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=125]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=125]

/bin/launchctl

[/bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,8445699244497277,6930192066633470874,131072 --seatbelt-client=125]

/bin/launchctl

[/bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist]

/bin/launchctl

[/bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.agent]

/bin/launchctl

[/bin/launchctl stop com.google.keystone.user.agent]

/bin/launchctl

[/bin/launchctl error 3]

/bin/launchctl

[/bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.xpcservice]

/bin/launchctl

[/bin/launchctl stop com.google.keystone.user.xpcservice]

/bin/launchctl

[/bin/launchctl error 3]

/bin/launchctl

[/bin/launchctl unload /Library/LaunchDaemons/com.google.keystone.daemon.plist]

Network

Country Destination Domain Proto
GB 51.132.193.104:443 tcp
GB 17.250.81.67:443 tcp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.77.118.121:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 a479.dscg4.akamai.net udp
NL 23.209.125.6:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
DE 142.250.185.142:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 tools.google.com udp
DE 142.250.186.110:443 tools.google.com tcp
DE 142.250.185.202:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
DE 142.250.185.202:443 optimizationguide-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
DE 216.58.206.46:443 encrypted-tbn0.gstatic.com tcp
DE 142.250.186.110:443 tools.google.com tcp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml

MD5 9a43af57707d2fb460832049d1f217d1
SHA1 056d813f8cb5198ca82072f7e3484f38ea5267f8
SHA256 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c
SHA512 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 ee287cc0491e8978f0212f298842aa41
SHA1 f7a4f0fcce9567879a2fc9990ab45b87b49213a1
SHA256 ec14d3c96651c13fc2e041e5e922c6073181510724fd1070aeaa434cfbafecf0
SHA512 e5ef3031577c4c80f60da401802096d817278652516355a8e80f28bdf7b269b9b5828cc48df8d61f339ebd0e34847a3b03ca3ff01e11eae2773597c64c36f023

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c7a83f4f13edf946a90396e2203813dd
SHA1 5282ca6a0b8e45b6108337feaf897555716e6d4a
SHA256 c2eb1d058a1be59da36b3ea30784b0b7a9eacc84937f83113f92a0b97d34a623
SHA512 28ddcae711fe0d08bd215b1604766ec1415e453dae79f4d13a0b88ed5012ef1022d7b36ea5e069394aec31813196d4fd0825e340da6902a65278ae084db1e843

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95d1f6a479ea836bed553646ebef85c1
SHA1 19da469018294e373c788d888e5c55e0bb18695e
SHA256 fc78047a7293b7fba3abe949497f397804f86e2ff04c29c4a549df60aa877aa2
SHA512 3f9b8aa7efc6cbbcf6672e0d08a630178c653894d800e9125ed18774de105bc564b097120e98b5711cec5d05d95b41fe822019bc10038055eabf341b0c12845d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 b5ed1a4aa9f5eb7122af5b836de7cefc
SHA1 50f9e5dbb61125650245824f2bc6b466ede59bf6
SHA256 c81bb42621fd0e666a3863f06db96ab6f5f2631cf135d41e2916c25d973c1056
SHA512 3986a6f6457f3f794a04034f6d905cdb7ab37e67fd3d266a1aa7bf5deaeb544097d0c8668642288f2a6dfb33f343147241d2130abbff33f20140c6608f4a1211

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/tmp/com.google.Keystone/.keystone_install_lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/Keychains/login.keychain-db

MD5 32b066f5c0d2d430bac9f9aebd7672f2
SHA1 677dc17d89b0a1fd9878aed6e7fc0b2962a36390
SHA256 f52d2e3930bacec3867bedc34d8cc20573ac393ccd237b161bd612548b1c4db3
SHA512 9cfee5e289ef6523a5a6bc9266e6ff32244cd26144420aa68a3d4158c2c0a95c82fa731da7213d3db0cd1066d5867a076b4e587547830a3314264d4991a01d27

/Users/run/Library/Keychains/login.keychain-db

MD5 809df7b9608792a031707795dc81e46e
SHA1 643e302f2f961b63cfec6de80bfa0e93abf97db4
SHA256 4c74d3051e278a80aab79332715f23a1a506da18d29df136d13e7f835a5baf83
SHA512 96f4a238418702c11f41c0381a2eb57fd1d647a585f3156453a4997efc776dce18f86ac97fd55709cf54d0840ac37f190318e2cefdabd82fd6001aec26b4504d

/Users/run/Library/Keychains/login.keychain-db

MD5 a15d1e4403007249360200379c7f75da
SHA1 edb4cd331b021a587c3e649ca579c9a348dd660b
SHA256 8e851a9c214fba77edd2a596026a0a5f3b2763db83d954a3de3defafb5511be1
SHA512 29c1c11f9a86a802f067349c882ce66cb164d3b405b2c3e046f1e86aa855626938c44b8bf21b68ef64f86c5be93aef9e160f17f10ab968d6fbb8b181233a2a1b

/Users/run/Library/Keychains/login.keychain-db

MD5 c825edb357e3f6adb6b88caabcb372a1
SHA1 6b4866b481a8e83890a84349bda1be0009bbdd51
SHA256 1ad1c87f1873a2f70e62fea9af5475ff3ed7fbd8ba22b4808cccd7b67917b5a9
SHA512 5b0a24a9a3bc57e2b8459cbf447265057f37469680c5c75365a3001f413cb8d9d5aaf01e2a18b5985566b4151d65e5e62ea61d0bf2128e0dbb9ac369de0fa90d

/Users/run/Library/Keychains/login.keychain-db

MD5 22702fc29608f809ef567a661cab2c81
SHA1 059c31d150a46a8155ee6ec7675bff7717c7a5d7
SHA256 a8ac41daadfbabd7d172db7a3833755a71c0c01f5f3b808faccfd032ef071b16
SHA512 d15568db13c091752dbbe73c6d2d15d3fcfbdd6d2a003a872ac1d2992834732c550c99a6b04a544fa00fcea327659a8c5a07239d284e0b6e8da53c84bd2997a6

/Users/run/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 fcb4024c6dc53a5b72c492fd960762d7
SHA1 82c43024d9e274bf2b8a5d1e505d65cf3873fb92
SHA256 5cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6
SHA512 5373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b

/Users/run/Library/Keychains/login.keychain-db

MD5 f20768229d51cc7a7b3cfcfd263c3b37
SHA1 7cf2a98e14da87d90eaf716e6ecc014ce1c75060
SHA256 a9abc53141a0bfb15b20b4ed2f95298b79fc5ebc5e672aec430908b468fa4e2a
SHA512 72664ba09d40031c3f75257fe2fb031f03ea4b284756b14c089f1085a2931c0f936b571a639c2711273c7817f91bd2d228f3558d59292b740edd8326be14cc29

/Users/run/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 6487e04972ecffd0aabf7b61bdda8119
SHA1 26f0b11a2529a35f6970a914deadfcf2e2d23286
SHA256 241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172
SHA512 44db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae

/Users/run/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes/settings.dat

MD5 a30a3013aaafaa0d534dd31655d3c741
SHA1 5afd87ea28558f6970f1c17d5305f640ec649b06
SHA256 3c3b1523ecf2d67b99ab0d14ab60ff783c4a5fafa5cd8b9facba8ad7356a4a21
SHA512 412b333c4a24672dd6592e3d6005cf522ca256e6406daca8e87c56b9e000c393ba5b022354dc78c1230fff9238f4a6b13a678b94d143bd75724ffc346df0dd62

/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/Users/run/Library/Application Support/Google/Chrome/Default/Local Storage/leveldb/000003.ldb

MD5 61a867b6e4a24cfcfd32ddef25ac3229
SHA1 87cc4516fbce1700174d8ea27c9d2cb70a60a1fd
SHA256 9cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5
SHA512 3678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc

/Users/run/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 b5db1f091948de93d7fc96e14aef6da3
SHA1 74745f991e3dfe45037366e55c2e6df47d8e6593
SHA256 b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e
SHA512 d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34

/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

MD5 b47a44bdd1b765b6af56b347447fd1b7
SHA1 8599a1870656af91e432bb35e3497863e34ddfbb
SHA256 79b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06
SHA512 bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0

/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

MD5 e0f65ad85a40a32fa91e551005e193ce
SHA1 a145766d5df23ae5fcd23dbb6937606f280f3502
SHA256 18b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8
SHA512 bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425

/tmp/KSOutOfProcessFetcher.qOCpOmdrqn/download

MD5 592a384bb4be901ac5509b105ea280aa
SHA1 a9e557f9948f32c81ee7348e46bfdc5329ff16f8
SHA256 7c4bb44380aaa8fd95d9c92bdd0c62f334937b37b03296f09fc23fb526424e69
SHA512 869556b5d0ab4b0a1aeafd6614a9a46b6b4776a38166e547106a21abdd21a029f9dceeae027bfbe9f9384d50c1ced123b466dda79d68d74914c43e4c123c06b3

/tmp/KSDownloadAction.AxZ9RI2qqW/com.google.Keystone.dmg

MD5 8c1118fd54e7695c3b02735fa3c177d8
SHA1 a88af986c65667ffc23c77a3be85349c841f0437
SHA256 500ab00c0f649b7a1f218e02e8e78b3661a8c8d43dcbc2d683c0653646ca3618
SHA512 8000251b71f1b3c51150d77763ad05f09cf8af768c4e8a84434da26856cc5eeaffa5d07e383bb3afe66c3b5ca6f22614ec44670f8442c4bb1ce74ca5c32c6037

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Tjx6SR

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.32.0/Ruleset Data

MD5 132df2b999906be7b21cc21bc247b068
SHA1 0665be201a96e717410a4e61a263bb879b3f08d4
SHA256 fed1557c8b4e40813114db3b546c043105892dd0895c4d7c02d45a8be351173a
SHA512 6764c8a425cd010a67a4636f812d43e63bb0815943e9839cf9fa35f3e5f9ba52309ed842306dcffe32a72e7019cb0c28e1d402dfc22dca0603a0cd48d6a26451

/Users/run/Library/Application Support/Google/Chrome/Default/Storage/ext/gfdkimpbcpahaombhbimeihdjnejgicl/def/Session Storage/000003.ldb

MD5 38fc535a8f11d7e955ef58cc63158eff
SHA1 c45ad3ee106dbfb65dce7c09b53140f34454cd0e
SHA256 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8
SHA512 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dir6KIbYI/CRX_INSTALL/images/icon_128.png

MD5 30899b6c4e4a757b8ec6dd2208acdfb4
SHA1 f2c5880a724c6d75cce1b5191e0d82c3bc7de768
SHA256 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4
SHA512 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dir6KIbYI/CRX_INSTALL/images/icon_16.png

MD5 344554d96e418120bd80ef5de5194697
SHA1 23e141c3a6ce368acc1c299f062ab85914bcb17e
SHA256 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378
SHA512 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

/Users/run/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js

MD5 6eebed29e6a6301e92a9b8b347807f5f
SHA1 65dfb69b650560551110b33dcba50b25e5b876de
SHA256 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697
SHA512 fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

/var/log/fsck_hfs.log

MD5 5ea4881120de1e9a210be3013542bc70
SHA1 b5e9b58a17d30de5f23504d5619fb20497a08699
SHA256 8c214cb058e8b4c3b8f9f7f87a7198f1f9e2ab4b72abfae6cd686b51275bdfdd
SHA512 0315367851e3a0aeae8687242cd16b87fafe1a70a07785a39690e82137fb0a9517b789098ea1065c9eca52111d46c9ee9fa6d3f970bb60e01b570a7c15f723aa

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Info.plist

MD5 3613b6c01c8090ab5612713826cfcdce
SHA1 fae76e3877a0d9c614b64f2af8729a6b17c8fe62
SHA256 dac104fae3045db275b51d43dfe8096f9ba5934cb5b7d3095f656f2967856979
SHA512 b6e85525a604802b2f38307e1b95a6bb26a96363f21db5d570a6a1e09ceb1a549559d4df07aec5a4a1a7124f728b32d08a38bd85acc6caf926d2e3a3958ee089

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

MD5 78156405dfc569aa40a1bc93309d1ed7
SHA1 4b30356acafa952219495eb03a995216953fb4ff
SHA256 1ab545afa5bac1f9f3f382556a5ba62eeebc6baf38c9aa57e053fda787b7fdf4
SHA512 d13702b41e8249ac416454a9e45c007aadbc01487339054fc6610e08d523bbca67735a717588b3f5a426257e9973fe98df7d3dec53f90aca86bf60881ce12f4e

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/launcher

MD5 018353808ea1782b5401ed00996a7f6c
SHA1 3e6d581cffd6cdfb2c9d106fed13b675f204c187
SHA256 8a8cfc2486cdb9bf5be006c6f2228dad532f8d6abd8a0a0d2821e36be91c8175
SHA512 e47ee8af08ecaa3762464855a8747c9a6de04010fb9e2a6b5c7b8b56dc5c3cb51cfdc61f63ff2068922b9bb6af19ee6b8e7c817c4fd1f8d30dc148d292b22d9a

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/CodeResources

MD5 28fff7d0242a1c6280805397b7a21065
SHA1 a1d7228fd8682dc506934cc8a98d3196abe8933b
SHA256 0771e42d9ef0790eacb0e6dc5d318ce16079b117ba87eaca6cecc4120c426160
SHA512 5fc0d512764eceea07298fc7ab0464f7dfc477e090265f341972fece983ed041439ba74c9a06265af696b898e79397f457ca879099f918bbcd235359571f9de9

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/_CodeSignature/CodeResources

MD5 7c654dcfe53e66bbc857790c8c6c4757
SHA1 9e22920c35981f20cd884f6719fa2890585d948d
SHA256 32eb395ce24a0b4904533251087d6918f5efe03791c03127a9d41882cebf0dc3
SHA512 f8de2d56ed839a508dcfcd4c58bf13f40bf037a693219a7639343c2ed27f6b386bddec1a910e08cf81f5eabce682174b3eb8924078c9b2cc43521e861f30b2a1

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Info.plist

MD5 e46f9a1729b25b6eb0307ea2ad11624e
SHA1 c65491186ff8f472207025ef15b9aea5962c76a4
SHA256 d649de3e7adc7c26c2144a109c5fff1a055f3063faaebb75ac9bb05a1ec81616
SHA512 97bfc0ecca8381aa3a604774f7965dc5f6e208ab0fecc63399f2d8ba895e03f1ac88a16a269262f959e75c1538a50f5abf3dea060756e0344143935b087093c6

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdate

MD5 f648cb70a6e3a08a720ec25e19f55a20
SHA1 d22849094ddadab03d2f8e8c7ed30a6ec0ec37f8
SHA256 c4bcd19e90823cd49566898792d6b3d9b915bd51ed1e90b41a2aae0b47c28640
SHA512 7813f6272e58cdbc5e1c4b9643ce868ca8433d33b79a27bd5fab9360fd650c498a30b24c85210107be8e9a8c183473807310624ed54e4f813a07a219c4ccc90a

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/_CodeSignature/CodeResources

MD5 48c83bd03a541d477c68f2470b91591d
SHA1 9e02994596b0d3a4ddefb7229ea14ed5fa6d2a54
SHA256 22df5496e2ac7739dd1a7776290bc54cbdf99094d950f852860ed7307f1d8ce2
SHA512 d6f6c67ef0b192041f78296aae55e71697007a573421aaddff2a21b0824479f5dba42292751165f505ec18a6d547f80d1d62d0896d20c4a3f3a43254480b7010

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/_CodeSignature/CodeResources

MD5 c48c1d9c6cf982c32580a9c58b0cce51
SHA1 630a08873072069616cdcc31f55e6d7423086d78
SHA256 6686de10a28a2fe11b36cbb86dcbacc827cfc4ea116b4dabf1845e5aee629e9b
SHA512 27f6256579e03e319af66d7fa316935b4e2d5c126429a8b961424a466cab907ceab5d068fb87d763bc3d819a791492c17ab1d1b54f5530cb34224b582d00c013

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent

MD5 99fd2d4eeb51a0d252bb3c146cc1500d
SHA1 abcb0e6df9a45d09cd61a392f839eb1bfb96a0df
SHA256 d4bcaea89b070cc09a44ee2a052cd064ef5011619e48d38ed337dcccf1426d06
SHA512 495847306558d8bf215713ad6bb738a3c73ba05769c294b978e1d51c112cdf042d8f070612d7a4e76f9d1ebacb35c21c2d461a66252bda3d447e9c22ea4aa93c

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Info.plist

MD5 44802a32230ecffbc1dfcffe92d25eba
SHA1 cdd290e6b31adaf0e027d64ff9bb4ca33fe96d9b
SHA256 7bb7472bd36148b228b390eeadc169cfef9263875e7c2d14f716be913cd22909
SHA512 8ec32d77030b645eecf8c80c79298ff36afc3bc9d326b639e7a1175a2ff67937826070393f2c92efc9688a0dcd1ef10e3603dfe725f6c070f55d083aae4f52db

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall

MD5 a7e2e19360745d055eb3ca2545d682a2
SHA1 dec4301c55177325f1a0eea3c351b3b338d19693
SHA256 c55c4abaf216a1df11c19daca9d1457b1011d72f70a341b3f22c8a5386009a16
SHA512 af919721073508737ef23e46b26ea6e81260b473787d9b5d43bb52a6ce5b501441f02f0fe7f30d95b09ee8616480bfd78a76ddf3223bedab8086ce195345355c

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

MD5 6b66e28ab925b3c2a2dc166d381ac43b
SHA1 97983bf668e79ac441dbcc617b4dbb21e195c8e5
SHA256 ad5156e73ad07eb2b03d089246a0ea8e59899ffa185d185f5af88c9afacdd937
SHA512 770ef10e7d8fa8d60f1e896e70d5e480e8cfa6acb0f8f78b932e5baa86cab38ac3b986f2645ce09e8f71b25825e33060e5739afc21944404bc5b5175b3505691

/Users/run/Library/Application Support/Google/Chrome/Default/Download Service/Files/e81b2ad1-7a44-4ff7-a341-22586589f573

MD5 5adf364735dcbe6bf26ebe3f705c9dbc
SHA1 a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46
SHA256 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340
SHA512 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-17 14:33

Reported

2024-06-17 14:34

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-17 14:33

Reported

2024-06-17 14:34

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A