Analysis Overview
SHA256
eb71dad7e3c7fc10f128a9f4c1aebdb527eb4192e3525010322559ca9b63d610
Threat Level: Likely malicious
The file EasyMC_Setup_v1.6.14_x64.exe was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Resource Forking
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Enumerates processes with tasklist
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 13:16
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240508-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2440 wrote to memory of 2884 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2440 wrote to memory of 2884 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2440 wrote to memory of 2884 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2440 wrote to memory of 2884 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2440 wrote to memory of 2884 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2440 wrote to memory of 2884 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2440 wrote to memory of 2884 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240611-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 220
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240508-en
Max time kernel
49s
Max time network
54s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7zip\win\ia32\7za.exe
"C:\Users\Admin\AppData\Local\Temp\7zip\win\ia32\7za.exe"
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240611-en
Max time kernel
122s
Max time network
154s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe
"C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4228,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.177.190.20.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
memory/3380-0-0x000000007458E000-0x000000007458F000-memory.dmp
memory/3380-1-0x0000000000D10000-0x0000000000D18000-memory.dmp
memory/3380-2-0x0000000005BE0000-0x0000000006184000-memory.dmp
memory/3380-3-0x0000000005630000-0x00000000056C2000-memory.dmp
memory/3380-4-0x0000000005730000-0x000000000573A000-memory.dmp
memory/3380-5-0x0000000074580000-0x0000000074D30000-memory.dmp
memory/3380-8-0x0000000074580000-0x0000000074D30000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4712 wrote to memory of 724 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4712 wrote to memory of 724 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4712 wrote to memory of 724 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240508-en
Max time kernel
119s
Max time network
123s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7zip\win\x64\7za.exe
"C:\Users\Admin\AppData\Local\Temp\7zip\win\x64\7za.exe"
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240508-en
Max time kernel
121s
Max time network
129s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe
"C:\Users\Admin\AppData\Local\Temp\hostsremover\EasyMCHostsRemover.exe"
Network
Files
memory/2256-0-0x00000000747AE000-0x00000000747AF000-memory.dmp
memory/2256-1-0x0000000000FF0000-0x0000000000FF8000-memory.dmp
memory/2256-2-0x00000000747A0000-0x0000000074E8E000-memory.dmp
memory/2256-4-0x00000000747A0000-0x0000000074E8E000-memory.dmp
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20231129-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2864 wrote to memory of 1812 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2864 wrote to memory of 1812 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2864 wrote to memory of 1812 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2864 -s 88
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240419-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC_Setup_v1.6.14_x64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\EasyMC_Setup_v1.6.14_x64.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC_Setup_v1.6.14_x64.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq EasyMC Launcher.exe" | %SYSTEMROOT%\System32\find.exe "EasyMC Launcher.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq EasyMC Launcher.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "EasyMC Launcher.exe"
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\easymc-launcher /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad --url=https://f.a.k/e --annotation=_productName=easymc-launcher --annotation=_version=1.6.14 --annotation=prod=Electron --annotation=ver=16.2.8 --initial-client-data=0x428,0x460,0x458,0x45c,0x44c,0x7ff7fcf629d8,0x7ff7fcf629e8,0x7ff7fcf629f8
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1640,9276256291475083563,18049687833462778926,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 /prefetch:2
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,9276256291475083563,18049687833462778926,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1940 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\easymc-launcher\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1640,9276256291475083563,18049687833462778926,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2360 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1640,9276256291475083563,18049687833462778926,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2588 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | o1089307.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | dns.google | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\chrome_100_percent.pak
| MD5 | 4f7cf265db503b21845d2df4dc903022 |
| SHA1 | 970b35882db6670c81bd745bdeed11f011c609da |
| SHA256 | c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16 |
| SHA512 | 5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\chrome_200_percent.pak
| MD5 | 6a7a9dee6b4d47317b4478dba3b2076c |
| SHA1 | e9167673a3d25ad37e2d83e04af92bfda48f0c86 |
| SHA256 | b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9 |
| SHA512 | 67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\ffmpeg.dll
| MD5 | 7977f3720aa86e0ec2ad2de44ad42004 |
| SHA1 | 04a4ef5ccd72aa5d050cc606a7597a3b388c6400 |
| SHA256 | 61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e |
| SHA512 | 8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\icudtl.dat
| MD5 | 2e7d2f6c3eed51f5eca878a466a1ab4e |
| SHA1 | 759bd98d218d7e392819107fab2a8fd1cfc63ddf |
| SHA256 | b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa |
| SHA512 | 0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\libGLESv2.dll
| MD5 | 8c93e19281992a00993fc0f09e272917 |
| SHA1 | 3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7 |
| SHA256 | 1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703 |
| SHA512 | c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\libEGL.dll
| MD5 | 7b77074945dfe5cf0b1c5a3748058d57 |
| SHA1 | fdea507ac2be491b8ad24ddc1030ea9980c94c0d |
| SHA256 | 994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56 |
| SHA512 | d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\LICENSES.chromium.html
| MD5 | 4247afa6679602da138e41886bcf27da |
| SHA1 | 3bb8c83dc9d5592119675e67595b294211ddbf6e |
| SHA256 | bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4 |
| SHA512 | ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources.pak
| MD5 | 99c5bf0dcd43f961aa3e177f7dc42d42 |
| SHA1 | 5618abd2e7b45c50400bb4aa0c455bb0b28bc472 |
| SHA256 | 75ff04d991c2a203105525a1ccb200a461717ce7b86ada4be092fe903d95cdc8 |
| SHA512 | 2e508c46eb266301f42ee6a7d63494f3856b422df61d0b605096bf4fc4943239d3fba15161adf8cb1cdcfd3bea8608102a0abce636999cc2a9e01bda51cc77ae |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a718c9b6e5e6563e23e450a0d01b932a |
| SHA1 | 95ccb1228f024f037259e759dbac464f3c27b8cf |
| SHA256 | 315f5ed966a1f3a89c94d1b78b9bf70e59a2869601cf6551b2c1fd3e3b008447 |
| SHA512 | b04512e95ab3997bc7d5c65e2f526e124bf1895b139eb2b6c6c7b4a4aa381cd408eb2bba01f44b09b1936d24752baae288f24a32ed84687d3e7e0681b5387d01 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\snapshot_blob.bin
| MD5 | c497639990ef3d4435fd721e8e855c9a |
| SHA1 | 85e7df364daab70730c756b8e24e81965d5a2255 |
| SHA256 | 5e15a82831965e521bee172e6878806bba51d410d1fdf1b4eb01385d1954502b |
| SHA512 | 63f2514d585dd7d3b988f0aaeed8106a06b67629eb54f2152e8b4a24276d9f56fc4650c8770d0ab44b4c57ca458856a0cce5f26f6226a56a807b38ce5615ead3 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\vk_swiftshader.dll
| MD5 | 77f7b4f46cb3e06b53729fd1e562dfef |
| SHA1 | 223c09805220ff2b5c1dcbdd5c0396231ea34f11 |
| SHA256 | a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5 |
| SHA512 | 6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\vulkan-1.dll
| MD5 | 25afbdf6701013c57b19b92225920915 |
| SHA1 | 009300dd4ab3b81794388ce7d126ae90ff97535f |
| SHA256 | 22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c |
| SHA512 | 575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\7zip\linux\x64\7za
| MD5 | 6a2e4039a2f56265369f22ecb1a19fd5 |
| SHA1 | b0ea59484a4827d7d9a0a27a5270310ef07e61a8 |
| SHA256 | afc9448bd0cc2eeda131cce313ef4994f9656417e0a15c8465fcda9ca859b280 |
| SHA512 | 796188635271cbd7dbd6a7f37cb4d4d5b394c8a302dc62008c40b4be507382925eeb8a550ca11e81c791d5dbda238f95dedecbdd0daddf84907c4fa3a9b1ca59 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\7zip\mac\x64\7za
| MD5 | 335361d7f6faf13cadbf116bfdb97226 |
| SHA1 | d6cba0f2e221d1061261767ec38ddd7c550015a3 |
| SHA256 | 434075f6ff5ea9250571033ca06b95d464efcad87a528dd0b224816c86b1a444 |
| SHA512 | 5fa86f6ec50e0f2fa87ec7cfa0e98cf2bfe158035e5af024e017cce4ddb33aea631008e43328e6049e0f95e8c63dac8b1e03d3c949b34ad2a3e94ab979cad0e0 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\am.pak
| MD5 | ebe0e7e0c78fac281a3f0196da22cee9 |
| SHA1 | 689864d898905d43b8a70bdf37c5b339daaf48eb |
| SHA256 | 08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d |
| SHA512 | 89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ar.pak
| MD5 | 3a8a7a08fedb148ebee6d3300356e37a |
| SHA1 | 2e9ac1ea8b6396b909f823486538d5640ddcaa1a |
| SHA256 | 43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78 |
| SHA512 | 7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\hostsremover\EasyMCHostsRemover.exe
| MD5 | dff1888306d5036e9e831d62d16412ab |
| SHA1 | 2597f86a16af51f61f7b4754fe290a9969e85abe |
| SHA256 | 136b6ddebbd837f775a10425fc0a6eaf4a46d32473f372208873cfeb2f64a28a |
| SHA512 | c2f984340c6d01531151b6ff58d2e5b47740b3faf309bc28c6349c4dd2b1e8715e24a69ee238380bd3ffc52e7922cf6c9a0c1ab685f449dc7e13054383b1de62 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\7zip\win\x64\7za.exe
| MD5 | b7b7473472c9806bee3e7ae6c1adda23 |
| SHA1 | 2dc03597a0d9c7ff97250f90d47bdeaf9b5753e7 |
| SHA256 | b0cfdeaf429f5cc53f85123dd8f5a5feb92c19d31aa34df257edf9a26be05f95 |
| SHA512 | 544949f1213817599fdb09dbb9834aeeb370b3f6225c3d835a29797b006bd36aa37b8a246a22204277f40d3865a01bc8d029a531d17d6bb43d9ddd3db7370580 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\7zip\win\ia32\7za.exe
| MD5 | dfd1cf824c781069def1d239a626d43e |
| SHA1 | bbe24cbae89166de829a7cf91eebfb518d8f45be |
| SHA256 | 31fd52f8996986623cf52c3b4d0f7ac74a9dec63fc16c902cef673eed550c435 |
| SHA512 | 0413adecc5560ddb18133eec70b3a717d82738f304bdbe6eb6e2dad9ada57314c60bbd48ac0aa948af77ae76f7d522ada4f6089fffab88f882872c56bd12ca20 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\da.pak
| MD5 | 22134b12d90fdc00f23a1e0a6fb04eec |
| SHA1 | 17c9fc2cacb6e5ccc393d1af9bdf3e8e63ecdaaa |
| SHA256 | 62020dd01b47b696e2e11d7f5598628c07782a96ea6bc013dc2ffe8c820b7c94 |
| SHA512 | 9cce6ffb2d84cedcc5ccf200080d6a2cab691468c042e8e48a5fdd809b5c0d067c322326e49d18f66da8e0b1d28adeda4cd03e12d7aa11350b72776737aa3427 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\de.pak
| MD5 | fceb00caf7e76e688007665feae99e83 |
| SHA1 | 06fece84cf7028b3871f144258b8d084faf8745b |
| SHA256 | 80e63ef1950b8438813271365a7b6a3f3aba0bacc179f5675654249f31c06a3c |
| SHA512 | 08c14eb299a035949e6b64a069cadee66c420b7d66bb00d65d6a1a08fbee08a57ab08f8e77c44387f0fe02b47aeb0bf2709a1979025613cb51af4ab82fc3b6d5 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\cs.pak
| MD5 | f125738776a9fb8dbf25311fa3dadbcf |
| SHA1 | 3448b58d4810e69f5c1eca4e1484308c3ceff502 |
| SHA256 | 5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4 |
| SHA512 | ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ca.pak
| MD5 | 53e3fb38f84f60b98d23b337e4f03f92 |
| SHA1 | 42e435837dd36872d2a413518a299cd293ff8536 |
| SHA256 | b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a |
| SHA512 | 98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\bn.pak
| MD5 | ee25e9cf28fdd35846d8a9b3c4220eed |
| SHA1 | 702342cc207ced1bb585195abcf263cbc4ea0069 |
| SHA256 | 9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9 |
| SHA512 | 2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\bg.pak
| MD5 | 5ed6adc6158f554e71bdac7dc9731b16 |
| SHA1 | 394c8396c566d2b92cef881c332624be812115fa |
| SHA256 | 0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726 |
| SHA512 | 796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\en-GB.pak
| MD5 | 074d3dd44706502de7c33e791794b23a |
| SHA1 | 564a73ffad9232052c692eb94f560d6b17227c47 |
| SHA256 | 9c3954a5ca2cf126370a1152e9281f41a7ca97c69293f556a2c79ea6729324ae |
| SHA512 | 6e1296d04b16534274fa438643ecee6e37d17ed935623f73d5a8f3510a194e0efda9ca60fac8d51d25763c4818050e23c306f9ee18284b8600610d14f7768d98 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\el.pak
| MD5 | db449f218a705453eb10b5f418e28d7b |
| SHA1 | 7bc8fcc59c532bb086a7f081cd8d275a89dac835 |
| SHA256 | 73da35d01b91707846775bea7dc0331fc1caebd5c63d101aa8bb8bb58ca7f193 |
| SHA512 | 7dce45bc723d62498b335be0ab72dfc91c44c01f96f25c2314e9245a0eab28a92dcaa730b11f108b604545592445ed1612721416f60ae3bf55b1bd438bd04f78 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\es-419.pak
| MD5 | cadd9ec43e823609c4bbdc418da6009a |
| SHA1 | 91bdd44d5972a4763227ee7c127fe122aefe195f |
| SHA256 | 6c8d074047d57a79cf5cadf9caa6e9a64bce0895743a3dd89ed1350cc91c1e4c |
| SHA512 | 2b9eae4072e46024e33f000b1df1a64246f70498a557f4a03234d3dd47aadb04883b98ebf48eec21f0d6ca4c8a62065f675fdb352be680a56644ea3ae1db93a5 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\en-US.pak
| MD5 | 0dcd84e9e50a3e0819d5875ea889ced4 |
| SHA1 | 7c47f6e4e0cafec3a13c07d689d1dd6ff6516b1e |
| SHA256 | 699b6d7f05a484e76d3e1197a656247863e570f03cc02634c9dc42078a5c5007 |
| SHA512 | 153fc15f676d78d5d0f3a6862fc7eaa60c2a659c25ce87485f0253c321d9407a9b799b959104c27a8e7b5487f0de926ae8f375e2c3d313329112e48f2d001a17 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\et.pak
| MD5 | fcdea2954549e5d8f1e7a5de36ae4f74 |
| SHA1 | 41dcdcefbbab3e0e908d98ec9b6bac7eacecbb99 |
| SHA256 | d875bca2e8800657306727902f4f5fceec7415ea530bfa780ece0f016f792569 |
| SHA512 | 37ea008078083a36b07b1f5d0ca6e16f62b06a19266d8042efc796bf33c53200f37d3a37f5b48d024dbfab9e6689ec9c3f22d6e37e3898fa7deb61ace1fb2df3 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\es.pak
| MD5 | 39288ea031009bb9db582cbd93c7d534 |
| SHA1 | 467f76d33e39526a4d8cb6068eaf8e2791b3a9ee |
| SHA256 | 6cd39669df96b4b5b9047f7689338d3beb9ad7f8be2fddc595ef1ecbc47481c2 |
| SHA512 | 4a635e969cf2b09aab5f8723a3380c5e226bf0546019506d18de65c1e4a599d268b9ee2e03a65b245075f899a09697b7b535f1055c19344a411100c8f29d93b2 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\fr.pak
| MD5 | e609419893f1d885a2f17f94805a441c |
| SHA1 | 31083ac114fa4077a7da7c796ab3744873fb893f |
| SHA256 | 8d71c36d04f2d6062458aa2614f7ce223b2ee9b4665556803f764f384b191091 |
| SHA512 | 77f965f436a009a5aacebed3cc15adde5a1054e1c699b8a50b947a7e78a97cf43317d50b0ab7a42532c77d320b7393007e47199f31c58f7acb6f462f98fdd4c4 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\fil.pak
| MD5 | 693abd21a6855aeaa31f6c738c6b6fc9 |
| SHA1 | bb1fa375a9f0c682d9913b1c1610535eb2b4028d |
| SHA256 | f0bb231c710c025ad4643e2128867de6e111da867384082e7dc2d0769976b6ce |
| SHA512 | 03c68c45e3144a73251d950a8c7695e5b9c2c66711134016543ac07ee6eded723324d5312fad4624d35d0bfe9861ca4b7440d2445e6d3d6cff4a1a3cd5263c98 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\gu.pak
| MD5 | 57cf11b4352e59f11b20b7ab754af031 |
| SHA1 | ca1716d419f175a2dd548929fd551dcbd1ef4bd7 |
| SHA256 | 55588f211c26e1deb47b04d39728ec051b99334c55d30252b94df57d0fba2f52 |
| SHA512 | c74360769323b3267aa218e994f49c7e135d4f320365a349a5362c1755c4b660050a070bec6c5446d4620be97a341270b6c01289db20ddf5199ece23117110a4 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\fi.pak
| MD5 | 4f323a2eb73ccd029e742cee4dfa9769 |
| SHA1 | b860372d21cc55eb7ddbbf9f5bac61fed39426de |
| SHA256 | e1888472c8e1330e70e514d0a1936749a7e5d39f67e7edc818661c2cbf3e301a |
| SHA512 | d07d0f74736cd32d73b3a33867e65a25b727b5c30cb743162908e23d958fb3ae97285f600a9ef8196e61be9d450da5903d1e468fceb3b05ced93aa600387fddb |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\fa.pak
| MD5 | e3f56d4b0fa2878ed6847631d3b05dea |
| SHA1 | 627f48d5423afcb3cade0789f058d60867419041 |
| SHA256 | 2ee67a38cce9ffae1a639be17c0ef7ed7c763d9c15c9621f300bf634e1f25a64 |
| SHA512 | e29c28717f31dc57c2294857680a439acec25478913ea425b0c7b6e50f3343b21fb7983c15352f9e3c001ffa0c8e500d92a1924acde32a4b5bf3f5b6c60c4142 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\hr.pak
| MD5 | feea1754a955eb61cd41763be4e5ae2e |
| SHA1 | bb6252fec9ada8bf9ed7b81f59843d5abfcac80d |
| SHA256 | 787680ecb5d5ece246894481834b30145919c22b04d2dcad2f6ea2b2254abafb |
| SHA512 | 3d24c9ccb83f6ecf976df5cf00fdb0b46d53f09c1cb08ab68bb8d9944452785f40a761a152605708d7672f7dcb24e0b7cad1cfc14b267bf5fc1393cfd05ae4d0 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\hu.pak
| MD5 | ae13d7ddfeb82df9950c71a4ea0bd10f |
| SHA1 | 7b55315628060668f444b110031b1fc4715bda11 |
| SHA256 | 17758e2bc746f6d770fca8969ed0aa2d00658d68792d2e8bae94d7b58665d83f |
| SHA512 | f94247fecc4fda5bdbe9732f151cdffed337eee01f59aaab6e6452c570a549dfb87c0528484c1879a04af134ac883a21043c582d0a642e185e4e64e3aff830be |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\hi.pak
| MD5 | 34bcb12c154075510d9d3066ad4a8d1f |
| SHA1 | 6a3c062221db4f391f8505892f584647b05a410a |
| SHA256 | 83c6c411d75ec5c5de6984b21fdecb07c9b926c66b67c5c99380605f6fdd8928 |
| SHA512 | aba38e4a8039bbdc46b510a8370c82d3b199b4a02da7751c162c941e6d893a9cdfc0ce92db4144ecc2b2644d58b0bc6cc7cceb0533c62c131cc55be0258c3a7f |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\he.pak
| MD5 | 6010987755f300c7984dd3f72f518ab2 |
| SHA1 | eb85f0849a86aa5fb585efaa070d2d7300b197a3 |
| SHA256 | 1c84a575e28e9a72335ed13409d6861995bd9859fd57a4d9509fe912db4a56a9 |
| SHA512 | 4b77f74d986c16524a3a6c7f60cdbe53ac5be59418737835a7fa186e4b6ee853cce8317cce352fe4064c75a7d27bf1303d76eabc53993ff1e4b7758a8ccc6228 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\kn.pak
| MD5 | 90107e2353e707a6d071c9aabb5adefa |
| SHA1 | e4dfe445ca7830b3a56af38af1d73e3cb94abc73 |
| SHA256 | 9155b06ccaefbea6461f5c51e25ce25d85ca7bd557e76dae00a4d6a09a4bc424 |
| SHA512 | dead3b94638afbf4ef27e1cb5283ad2d0af73ab8996e7d2e8202ad174796121799992f577c974fc0ec53fe2b8f6fb4d37c3bef70b72c29b5b721377a0cf3b093 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ja.pak
| MD5 | e720738027460b044429705f7ea1d25c |
| SHA1 | 851b59efad4ae074849fe41f40a56c5534caaf72 |
| SHA256 | c78fde77efbca1b3cc0cd12bda718d1a113bf6b6f3ed558b5c9a452dc974edfa |
| SHA512 | 08b0fd0ceff7ddfed26985bf84b54d75cead1f6fd4d5971da9e40996af6dc5fe9455c402f62e758020a6ccdb1ee0213cc2a5ddfa28a2bfb1e8064c6a4401c3a2 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\it.pak
| MD5 | a2b9cce245e754258ea187ceb3aa2670 |
| SHA1 | 50f84fbcabea10385714a3c3a2483247ac040c02 |
| SHA256 | b72f89e5d2cacbd2db7ce28ceae35faab8c4199ec993fea64e8c78df882032d0 |
| SHA512 | 5e9cca2605d4a86d4f2b39845c8396c37f88b6f1d08c8f0e2b6f0896d60754331a588d0c0fc59e9ad8fccf0d50100a2307fff2d9df784f91537b1d9e108727ad |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ko.pak
| MD5 | f21c6033fa73bc7d3358c2467c9048d2 |
| SHA1 | 939f209f00e6664294872e0dc3b33a9015a2f1fb |
| SHA256 | d19cfa8ae07f23b81c0d40d7e751628844fc1aafb83d4bb4dcbe71caecf6ea2e |
| SHA512 | a4a4909ca56d3d924639cf1adab6d9ee512132c99c8e3dd37f2b949a1c816ab29ce81c01c658022e680344516201fdb0440abb97e577e6946e2731411674566d |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\lv.pak
| MD5 | 7313fab584b7561b1fa63de07b972118 |
| SHA1 | 3a44d445f57a78867d37638a80ab39add3fcaa4a |
| SHA256 | 7b92238240c31c197029d41fdffc244f68caeb8002854f65ee3125bd95643598 |
| SHA512 | 05b067847a63c0419298616278678ade6a4fec4008323121ace5a09e22f6dae409494474f5a88adc703833691a7d4810546d012d4311e176fe58812f166b8ae3 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\lt.pak
| MD5 | 02e9c88d9d5e58d135c9a92effcce38d |
| SHA1 | 92421a5fac68d506fa904075ea7cf39a3da8efc3 |
| SHA256 | 38ad40532287da53fcdb6076b9cdb841bbb4f30162681707295bcab448149e65 |
| SHA512 | f0897d62e81eb6e2c56cf1a5b5ad5124521c345f70cab841071c7b70b16130984700d694a32dfa010460244d8b520ba1b217ffd76f75c074b5b3a9ccda26b02b |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\id.pak
| MD5 | b5e4e0092bd1063e8bd68d0b539ab005 |
| SHA1 | 5e3d12a6fb497687df81ed64de17b0502ea84f2a |
| SHA256 | 8d7ef1377d39fb6045c9d4b1bb064c329bd789ee33b6de530c187f1e713dd7f0 |
| SHA512 | 52b535a143bc13a03804cfda2d3f2f81f036b8d24897d1ef4a657ed290ba14e43d7cfe92c868cdef6b093b09b90119f7e50e8496eaf347c8e4fdfc13c5e306a2 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\nb.pak
| MD5 | e5546ac3407546d6b786e24c7bc21ab1 |
| SHA1 | 7a9e44a525ae005d0b41020c403c4e1e49d237b7 |
| SHA256 | 751521cbf27777bc99f2039b987686f921cb27e02c959f6cbeb976799e45066e |
| SHA512 | becf51540db5a0893e6f44d588be98142bab5c2a0f37c0212348e3cf39da52def2fd104c039229b52767a9345890f5768ed897b4bde5c6feccd75036d8b4f363 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\mr.pak
| MD5 | fd3452d812a6129b8b6db620423adca0 |
| SHA1 | 9bfe47a0e9f1843c90875f28d8873d592098024c |
| SHA256 | c9704a3e528092ef676be4a653cb14b906e7c32424d59c8e4f22981014bd9111 |
| SHA512 | 7ec30343e985f7bdc6a64fc13d50bfe58ae098b03e18afeaeb4c89073059698cdf40477f2323a52c5e8f07f37b28608c54734501d14ad6ae0c9a0f2f4ab0e689 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ml.pak
| MD5 | 21aee42070f9eace2a8e14759526f05f |
| SHA1 | fedd83251a3fdb1846bf0e7e49a3a78cd77fae02 |
| SHA256 | 393d2dcd5c7c33945626fcf10ea4457649fa7b4c100c039898385133c26395cc |
| SHA512 | 60cc85a5a638d370710680bd39a6946d04660a0856bde49190fbc0002acf91617cfc3f3087a37cf592c047550ed2c5b73c2a769fbdffcacf4ad3ffa129c929e3 |
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\locales\ms.pak
| MD5 | 0bb952597b170dd4dd76e9d9d546ac3d |
| SHA1 | 101aafdf6a4ac0cdba7bd88538e7ac395e715e3e |
| SHA256 | f6721ce0d4d601ffeff011d652a9bf2518386cd8c1d2317763e37512451534ff |
| SHA512 | 46c9b63273d6ea30ee63ff230d6b5600018ae54032e04a6707f5873ebd383d0d59645f8d0b44b8ce9a4d40d5acd3453b618b9c4fd3c1b958adb5aefba3465464 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\pt-BR.pak
| MD5 | 3b70cbf1aa47436b78a5e8c7672ce775 |
| SHA1 | ff9f2820e5782f9eae0ea1d5ede61665fa62cc06 |
| SHA256 | 8b4a8a3b8741610c279283a6cb843cb274223f720edac1c73296340b02569fbe |
| SHA512 | 41e3b3264d8034edf9ee1ab696ca4612ee6ef4e8537b4598805362c4a250f81274425cfa2c9c62330fed73a683e6d3b2ff537b51d869d7da19c4422728da7c0a |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ro.pak
| MD5 | 4d1ed9e347de9351454d11132c06e916 |
| SHA1 | e3734d17a579ac423ec5fdc5829a211c7b76e049 |
| SHA256 | 57dc80c76c535c645893c9d3b4d0c4779aaa877445383abec79e32cf02c41276 |
| SHA512 | bd3d0841678879a24eb6f2f15c27bcb64a5d7ad171debbb51e7601a3898b830b1985b365363a01d22967969d4d4ddf89a130a5a33ff6a94cef6410b0e89f1849 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\pt-PT.pak
| MD5 | e9f8bc9fd1e845551fe3bb63c9149726 |
| SHA1 | 0bfbe46e8ffd62493c019e890a30ebc666838796 |
| SHA256 | 50cadb4da4e61fc335d145374511c34e5a0e40f9c26363614cd907cc7942a777 |
| SHA512 | 1d3761caadc3ac750c0a89c64db472bcb0764fc1c4b1108a9443fa71633ec7fdd945120a6f05e76221d9c58103cc9865b4857877d57d60b623f92a0235ed15fb |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\sl.pak
| MD5 | cfb094955a5a8f655ce8a598d5a89706 |
| SHA1 | 181ace68b0c3be132ab73302ba7f7c8750f9adae |
| SHA256 | 15489195e92cf11354a9a02895aad2ba8f17aecb676dd77942054a4f3f0fd623 |
| SHA512 | a31e131663072c1192a4146321db5f0f457d27e14afc8ae40a92a4f255df4cd5302774534fed5247e145c73739a709dd5852af35750f35ecbab0fd4c1a612e2f |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\sv.pak
| MD5 | 773fc8c89b093c40191fc233730188c1 |
| SHA1 | 28001794144bdb76f62044d57e2d52c8ae1635c6 |
| SHA256 | 6aab29795a36a0234c6d447fb1fdd9011da505c348b934346a27b6a2ddb92ff3 |
| SHA512 | f9bfd3e72955104b922c34352ec16d56939eea634b9abd549d4a3342dd72f8768c85bff59814e419aee6469f6521f4f71fcfe9b8a81c1824187ba818f6d6caac |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\sr.pak
| MD5 | f4041623ce5e06d2dea58d532edb120a |
| SHA1 | 2d7ee3ef60b39e3508427c7bc12e046d7bf5e928 |
| SHA256 | f2f80d7325d259811afea1e7648c42d3ef3eebfeddaec27ee2817f4e68ab541b |
| SHA512 | 18691f4cee3eeaa2305d1c978d803fdf757d9c4e87e88e36d7b1fff482cfddd820568b39a1108065f61dd2cf10d7219c27813aad4d64e71695ab91084ec3c694 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\th.pak
| MD5 | 96212a5191b7062d1620388acf1d09cd |
| SHA1 | d3616b6c4649dcfa347df0473e64219ccd63e63a |
| SHA256 | fa5f97bf433df481a6257fa39ef8dcc7961c5d5a83008b02c9773836d7bfc96c |
| SHA512 | 5192c36317c3a50696796c7286f77b1a02b7a0f83abb16ff7d47ec94281b85ee2fb29b9ddff7c4ad8b28a2a757772bd2bc726b10c19658ab672966679d391508 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\te.pak
| MD5 | 93edec428bdaa1f84f5c9478f440997a |
| SHA1 | e03f6bd50b0e0d888f9dfbdc87c98ff567e6a91a |
| SHA256 | a499f50e452ca02ea476fab8954e7ff58d2ee0c6263b8a4657b6ebddeecd2520 |
| SHA512 | ae34e29f1e8d23dacca66036e355b12ebb1117ec6e5e99413c792a0dc8b772eb63578b2406730b014fb4ffe32b05dfd9fab8adcf38ab3f5b9bfd0cf054ed09f7 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ta.pak
| MD5 | 8a1a245b43af1f174f262d8f53014d59 |
| SHA1 | 655045f5c71aa2589851a66d5387d4125bbce1ec |
| SHA256 | 85d8ef6fb5fdbd1d689aa6cdbbb768376b08b03ff39f7528a3804a3b4bd82af1 |
| SHA512 | d71b73fd2b5658acf5825f142130c49c278c801fd8beb5fb2039a3c209a1214a9cc00fb6896735fa4d020bc2279afca1577f35fb0a96a315631d46656d2055d3 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\sw.pak
| MD5 | 70510abd3079bf26caf327989e810216 |
| SHA1 | ea640cb8b3c63d71d9b3a0d377fef5540b04fe81 |
| SHA256 | a11017a3e0e7f48338d4515ec9e79c1764387232a0d9a05fecc4b594bff40091 |
| SHA512 | ecbc97397557e27e66536a97ddf78a744c104b258d40d6f31972e6e5c6615699dd24eb02144ae0d3d53764da0f83a06f561ba95bbf08da4bf4a548b0e7f8c052 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\sk.pak
| MD5 | befec33f564454253ad90d6cc06ecf62 |
| SHA1 | 1fa0e082c89f9aa397551421a35b7dfc941f5250 |
| SHA256 | 9db30eeac7f1814158283affa0af6451c6f7966896cd6d6df8eab14a37e58c9f |
| SHA512 | a581faf67311eb8d81b481d1e3348f579745331f87523650a4fc35ddbe6d5033e726feab0ca3911ef76a21aceabc3e2122d16333d1b7840a933b5231a9e2d157 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\tr.pak
| MD5 | 4e7c047364c7c4809242741b98b28092 |
| SHA1 | 4ff1b303476cb75d8190568c346e8cc2e452da14 |
| SHA256 | 6a25be43b786ab853f8081c53012be623543830cce5ccd246ec040d98f22b852 |
| SHA512 | 4624cec04114c15a72a804fa4966fe61303effe97039337273ed0dc99e8a6a685ca5cf5fa901a84c8b219d443f1a89e6e7cbe09eb21e7ecff662301067a6cefb |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\vi.pak
| MD5 | 98cb45f0555aee1985710196db17d72e |
| SHA1 | 1362238c253bc2a0e50c8dde6c95deb027fd6348 |
| SHA256 | 39a130557fea33a9c899f347fa3ed455e58bd51acc0b3b4586f76694b0f34646 |
| SHA512 | 93125310ade0c7029f0406aab291c35d2b7d1941f85bfd3d6071f85ff347c46e793a5ef164c08ebfcba252269a4aa84bf7a3b8779a36ee2f3da303411becc27d |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\uk.pak
| MD5 | 33f02db055c3f91148feee375acabfb7 |
| SHA1 | ca1dc284f41bc55cf35f94a4039008df9970d411 |
| SHA256 | 1968e9ed7722089330e7a8ae2c08f241aa106ed2be8948461439e6a92c330688 |
| SHA512 | ad16973e4103ced979276c6de175eb600241491ec9c441168e6375f68f8867d3f0eba422dd0ef6404208564015119f1e5e2500d5cf4ff2d8da45d713ed8c251d |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\ru.pak
| MD5 | fd441a4b72397f5d76915ebcdef45aa1 |
| SHA1 | 94a0ab5704e7303c6ef1c2ee5be0b6f4a52d146e |
| SHA256 | df41fb92e4d682d47b5adf942600b4f23c1aa5274b31b844cd4c4b6f0ec86a86 |
| SHA512 | 5fab517ec0141bb67b4b5ac868100b770fc0b7773b94f977af9205294da9305a2079327a4ece1ff1d9a3b3c805c8d8676c2b0505bf190d1c57c4ed0c14a1cfdb |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\pl.pak
| MD5 | 41fd7c76e30b333027e86e20a65283a8 |
| SHA1 | 81afebdfd62255d0b0ca508141dcd7b67982f4c1 |
| SHA256 | 5de95dc2236f896e66debfe2cc7553a5bfeaa7ffea2820fe1f2f67368af84f7e |
| SHA512 | c59132dc329ee72fa8e9e9c653da597b5fa40a6eb0a7988cf62b1bdaa646a9f09f504219bfbc5af394a12c9ab6050a39740460a3e5c3ed0946b556c33f608219 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\nl.pak
| MD5 | a17bff141aec095625d0420c7a609b08 |
| SHA1 | edf3746b20ff9e3bdbf09b195e7781da1f799a91 |
| SHA256 | 7482c28c2a42a94615118b6b8cc7d002415923ca104ef86a95a4ad05c8db36b9 |
| SHA512 | 903c50c39160e40920bdcce0dc337e83b03bba00481f82ebc8ac1cf6927ebfaa75b1f9791038a71632c5e79bf7331bbf7468cc626e303929801c08f54d092c8b |
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\locales\zh-CN.pak
| MD5 | 20b6d54de42cf9c56f0a85fdc27d82e8 |
| SHA1 | cecb82b4afe8544876f443fcf578453358ab59a8 |
| SHA256 | 4140caf95939f116993ecd8bc5f7681991f96735d2397c9c7b4c66e3013eed24 |
| SHA512 | 646af407dfb85863f4555961f37f706c18b5c1e68b3111eda9f9b531ba2bb60cf67211ad634037b872156f0ddd04d50d68c49173a27a78ce59f75cbc2bb6c3bf |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\locales\zh-TW.pak
| MD5 | 03ade5ba27cd3ae9bab6ab3a5cb721c2 |
| SHA1 | a747311a5f6c2e0e535efd52bc96f3c4d12d5c3f |
| SHA256 | 0c4abf7a66026068cd4f458d504cb04f3e04cf9fae45419ddc2d592f24899a2a |
| SHA512 | 33e122328773039595248a85dc0940841a1e273957ec9a4e175871b3ada48008b608ca6569b495275abb8e2a8844ee0c4d90b48af915a3f5a6aa44f3c37e51f3 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\app-update.yml
| MD5 | 753871ff73d231ba73614677412ac14d |
| SHA1 | 789f696b41591498eec4fdb0db78c68c6d59dfd1 |
| SHA256 | 2090cb7c9033d9cd1afa2275ede6ee080aa7bb97ff741e3e449af97b177551ef |
| SHA512 | f56bf2114cb84f0888eaec4d715bbac5653c5dd038b3bdb07282a9a560b20efc590909428a3f7b0d95bdc3c6aa9d2f37c8810d07f737a8b290ba0e924c7be1f4 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\app.asar
| MD5 | 9a6fee0ef9e7972344ef3b2315bfb853 |
| SHA1 | ee5bc71baaed68f28392e8d4b570408abe0c8071 |
| SHA256 | 320bc0f0e1310c128d0c7df93a5ba1e0390a306d6610888810a917794f49d382 |
| SHA512 | 05d00ebe9e278a910af687ed4bb7300aa57ea21b85ac12cb4b0d71641d420f3a0c518f1310846e71570a3b7b09834335431f874154f2abe8f2e760064dc378ec |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\assets.d.ts
| MD5 | 3474b89e956a0f104c48700caf1f35e8 |
| SHA1 | 061fd896f9f418a4db9685fdf4cc4646bbd7018d |
| SHA256 | 498a5a3ecd170f99e34ef350c1150397a56461ca7f9961d2a22890833eec2edd |
| SHA512 | 164804bb6b9142dd423f75e3f75700813a154f4a41a271aad4e191fefcf4a8d32d4c7d5972cfec6a7f4753ea44ea5dc03d4fbbe0c28cf00af47729b2f66c3ca7 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\entitlements.mac.plist
| MD5 | 9920b60c89256ceca825062dc9c53c53 |
| SHA1 | 0f1d847ef4067022c69fd82c135f3dfd2e4d352d |
| SHA256 | f4b2891dc2b1239191cecf7cd5b9a36ea4edaec33c1cc091e09380d669e8fb63 |
| SHA512 | 93ef0a66d6aa8091af3ab8af4b1ced502ded11f658aa77b6a5fe9e3d36bd5d01231060a0a656ea627c0fa32313b7a3438c75e1eb96f4f07692ee4d0f53ce9a90 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\icon.icns
| MD5 | fd27b269f6bb7c7c28d0f8d330cb8b78 |
| SHA1 | 5436360c72d3bcf03099b91904d6013e4ef9098a |
| SHA256 | c32d173e12c75d85532de8bebf8a65389ff352e38623cbcb5d90614f979b4a1f |
| SHA512 | 647e113d40973b96377ab818a3ea3f269613da29c84e0b5649cd024c9ea1c2d63235dadd97bc9490fa46706a2f39c2957360741e85da78df96c74cc0144cccb8 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\icon.png
| MD5 | bd8d487e261ad75074f94d065a1fe5ea |
| SHA1 | 5fed02a831fa006d24d2053f271817969c411539 |
| SHA256 | 5155e83d66a6c33b38551a7806b2ecedf4c3d6022811c18e3a90a542e725dd20 |
| SHA512 | 5ab2b0b469ff0af0cd8e26a6767335369ca8b73e7b9f574ba38458b1499978242dc88fef5975ffc6417335c7931dedfc91158e70018982adb92c23d776dd1de8 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\icon.svg
| MD5 | 6e21449b8640ba1dcf485c7f4fabbd2f |
| SHA1 | 1a50ae72417ef6bbf868f6a3fc75d1a6a4d8cce7 |
| SHA256 | 08545f22c3bd00fca027a79a26f605c815166a0f18ffe41ce706b5cf68525bd1 |
| SHA512 | 754a63e1e04b8a4e1c674c4e7fbee91d025a10010cd5051d2aa22d303e7ed5de1a404833a9ab2f9662f478bc269424672ea3d172ddfc4854fc18620719a5597f |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\icons.icns
| MD5 | 158e222cd935bd0896c0ae9f487ff802 |
| SHA1 | 608d0f248deb75705ff42c3143f16456debd9307 |
| SHA256 | a62384102c23e7dd8e715a671c75bae0b66d455088cd80c957276a97915386dd |
| SHA512 | 1f166bbbb73ae64575b0dc6359769cb16095bbe49b3f94a6cba9cf5ac433e62e3ca1779ce7d40abe8aa1a2b8dad4fd0bfab4fa386ebd8acc4dd86b78c88bfa9d |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\icon.ico
| MD5 | ba449c2f602dbee8ccb754ab9ccb013b |
| SHA1 | b61391be537be84bb22140a22d43fbf96472cc55 |
| SHA256 | 8557d5790488957917671bb447fa41248961cbcf60395023d700f4b431e16db8 |
| SHA512 | cc5ca1fc2844ad01eeb5dc50d469427a6a4c18ae54c5732e8cb9f20be5667207330f870d18e681503ae2bf9c6c94a03eac8b83d8d32e344101566a933405b885 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\images\mojang.png
| MD5 | c87524b65e064c564d97b782cd5e49be |
| SHA1 | 439e9d6ba008a53015bb35dd4c757f68a27035c7 |
| SHA256 | ab15f46745e9f79b03f2dd414db0692c43776297b416c508dfb478f3fc31d517 |
| SHA512 | 4bc2c07479aac39b2529c6639f7dbbfa6866b10dc2aee055b549f8d49e6609e68d9073166169c304cea65784c45c18ba9bc3a751fdefeaa0e8df1174e7ec2b9e |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\images\microsoft.png
| MD5 | 4d388badb05661ef1163991b0d40a55e |
| SHA1 | ae4fea8bea799d9e012946112081e8441ddebe67 |
| SHA256 | e3345ae5060dcd5a7e5b9e61735c8b66916152831298707a5b809e5120a88be6 |
| SHA512 | 87dc0b07479234ef61c4b1a838ee629dfe4d62c6c02337182f561fa6209f82c5070a3c0f072e22030a3c8c21dc551f66b6d05d3a2809d0f5f3b6ca7afe34a846 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | be1b6fe26a1b5a3e1302c26ce5ce53f3 |
| SHA1 | c3cac08e89c4cc91eae1cc87e33a1dea723f1d78 |
| SHA256 | 162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546 |
| SHA512 | 07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\resources\assets\images\grass_block.jpg
| MD5 | 306cea0ed44b65ad39b655b390cd7193 |
| SHA1 | f6eed63cef5c6753e43becc09b337119779a12a4 |
| SHA256 | d41c38b285922cea8c7fff69ffdecf536a438b080d1cd7de05dbbda8d2c8edf9 |
| SHA512 | 8ca08690130c679e01b5e29781b2e113bcd24aa80875d39ec6d3800f6119a36c4ff029c8c062d5f9fde8b049e0556e2e1083e821236862563a4699a0c09565f6 |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 1e401ccda5b723ab8a595a54f7d2531c |
| SHA1 | 127716680dd16f776b19c2306d716935e54c5100 |
| SHA256 | c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21 |
| SHA512 | 1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc |
C:\Users\Admin\AppData\Local\Temp\nsf52E4.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad\settings.dat
| MD5 | 4599dd1434c2ab0ac8cd5189f5fb6c34 |
| SHA1 | da491158b3682e48042340cdf485246a0f12a659 |
| SHA256 | 9827f479e27213a6b51115799944669e53a97f314e12d45c1cb3917618d201e7 |
| SHA512 | 3be8c0b30b7370d38b5b17d724d7a895b8f2d0a15939514bc1c1fc2a74c1f1839b7146d900ea0c869f25fb48dccfd3f612d770d7582f4f1866be42955f7315a0 |
memory/2288-885-0x00007FFEE96F0000-0x00007FFEE96F1000-memory.dmp
\??\pipe\crashpad_4020_NHMSPKLLFKWQRVMD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\easymc-launcher\logs\main.log
| MD5 | e0df7aadbfe41e6d510d233e61292997 |
| SHA1 | 36ec074d4524b2417a5d26bd8c890b76f696544f |
| SHA256 | c0a261bf84ce156b7bad44a9499a603f8a4a045d050a6e1008a81332afe4648b |
| SHA512 | b13122f99e69fab0d5a72e13cc3eb498b499174d95002dc754fcacf594bde242990ade4e6532cb2219e3a39a7c040069716e273003742757bb98cfe0e17362a3 |
C:\Users\Admin\AppData\Roaming\easymc-launcher\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\easymc-launcher\sentry\queue\8c880c451a664229a1f2f22d77d2287e
| MD5 | 2528fdd28cbb28f9184019099b2de1c9 |
| SHA1 | ff9a8561a62a8fa596f58a9e3e458b299eefb6be |
| SHA256 | 4606ca518f0c816681b00423ca87b7315a226a6a58cca39dc7b798fd92a0061e |
| SHA512 | 7d74701af291c907b2a2b695f8cc18d85ee5d4fb6d22c14cc247fc01820a51c25a9ec1eeb7e1f148f38bf3ea82e2466b66fe650ada5780da42f42062cabe735d |
memory/3584-1017-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1019-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1018-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1025-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1029-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1028-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1027-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1026-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1024-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
memory/3584-1023-0x0000025FD16C0000-0x0000025FD16C1000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
157s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
macos-20240611-en
Max time kernel
149s
Max time network
139s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/7zip/mac/x64/7za"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/7zip/mac/x64/7za"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/7zip/mac/x64/7za]
/bin/zsh
[/bin/zsh -c /Users/run/7zip/mac/x64/7za]
/Users/run/7zip/mac/x64/7za
[/Users/run/7zip/mac/x64/7za]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.6:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.16:443 | tcp | |
| GB | 23.59.171.16:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 92a8614e598c1853fdda2fde75ef2504 |
| SHA1 | 0c9a40fbaaccc713338b5cee815c4eb57125ff84 |
| SHA256 | f4fa58087ac1a015defdbc52f8216269e68833630cb28a2ba3f8c32b03d8739d |
| SHA512 | e878eaa713c249f9ef2d7f02274e78fd5ba079cd0457a789808ef28b1abf79e968f81249d79f3a09d24aeeccb0ca1c0b2934b4dd7361d7f925bd1e7da62c51c8 |
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:29
Platform
win10v2004-20240226-en
Max time kernel
154s
Max time network
182s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\easymc-launcher /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad --url=https://f.a.k/e --annotation=_productName=easymc-launcher --annotation=_version=1.6.14 --annotation=prod=Electron --annotation=ver=16.2.8 --initial-client-data=0x454,0x468,0x47c,0x45c,0x49c,0x7ff7f9ba29d8,0x7ff7f9ba29e8,0x7ff7f9ba29f8
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1528,17494923046235160232,14645142107294185008,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,17494923046235160232,14645142107294185008,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1920 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1528,17494923046235160232,14645142107294185008,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1324 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1528,17494923046235160232,14645142107294185008,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3396 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | tcp | |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.149.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 172.67.149.107:443 | api.easymc.io | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
| US | 172.67.149.107:443 | api.easymc.io | udp |
Files
C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad\settings.dat
| MD5 | da3567a99b89715c1ab716fea9466e2b |
| SHA1 | a682cb23a50a57a47bbd5378d8ec9ae8f0de00d1 |
| SHA256 | 8b0b4bf96189f541b85320c8a5f4d5943d4871c2ad3074faa0b01a01db9c2839 |
| SHA512 | a0af33fd7272db84d113363bf0111cdb4676505882875daabb0b58c80635886ee876d5a820e3055b0642ef9263c8eb06247448234e71c6280a8739880273cdc4 |
memory/5404-6-0x00007FFDA1440000-0x00007FFDA1441000-memory.dmp
\??\pipe\crashpad_4832_MZXONZHYBXQUXZCO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\easymc-launcher\sentry\scope_v2.json
| MD5 | 4bd063cbd868a2b0eb3db0e07f916f27 |
| SHA1 | cf7ecca4c40fa7ed2f476d37d57e7ad1a5f95d1f |
| SHA256 | 8ae68673ec6d68f393b97e3a5951cdb1daa0afbbf738a6086399fa511b368901 |
| SHA512 | 2a864e317027a055fb240ec44fd8bb2ea636143263136c583112d3cfff5810eafd86838c231ef510b5c230ee36ae0b3b5a40748c26f7e2a4ec7c22fbb73dc42c |
C:\Users\Admin\AppData\Roaming\easymc-launcher\TransportSecurity~RFe59819a.TMP
| MD5 | 071f6df04b7d3125d32215804b5a66ac |
| SHA1 | 3e0941f62229e74f3fe97b7b22c3eaa617e04e09 |
| SHA256 | 1e4ef679e70825d0ebf434d2c39733d60cf0d60c336978bf8cefcde455f009b8 |
| SHA512 | fab25946290ddeb90a0faab007bfca979ff23c2b9a825954d32f1a3295527117078f6ef163a84b191065269c1501846c8f7e9ba920d086a9a62c77b64683eeb2 |
C:\Users\Admin\AppData\Roaming\easymc-launcher\TransportSecurity
| MD5 | d4436572851cafe45506ccd661d2b5f4 |
| SHA1 | 42e28446a7e7ca368097182c0639528bdb403f7c |
| SHA256 | 457445a03a2e016a1514547d29347c3db660c211325b7288175ae88ec2565436 |
| SHA512 | b01b633c38b4c0b327261ca84b0c716ea9c02bb50b53b290d5c52b3326340df5e18b8213e5a5f8cc85ec899f38131418856e040e4144f8b43dac568d204977dd |
C:\Users\Admin\AppData\Roaming\easymc-launcher\Network Persistent State
| MD5 | daf6da1f8449e24e81629586dd13a604 |
| SHA1 | 42efb6338bdf91ae8731a796d57a46f75eb5af5c |
| SHA256 | b01b7ce6b518f013289292650a01cff7d5651b39946d9d905e2a7746000bb21e |
| SHA512 | 865a72031538ebe4d3283f311a36329aa979848e9c5a72115d604357ee47c631986ef50a10b54cc14c708db39f8b4a642278368d5bc44b0f1e14c2f3030783d6 |
C:\Users\Admin\AppData\Roaming\easymc-launcher\Network Persistent State~RFe598226.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/4544-134-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-136-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-135-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-141-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-145-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-146-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-144-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-143-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-142-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
memory/4544-140-0x0000028DE2500000-0x0000028DE2501000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240508-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{549EE8D1-2D76-11EF-A04B-4EB079F7C2BA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501b4a2983c1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000009c3244bc35300fa1ee3d132bcb6c7560f07d75668ca5d0e3ebc5cc08eca5771f000000000e8000000002000020000000ed9c30d3a97e6a47e1f5bc89ace2c4606a5d0bd718236efb6f098f883dc4953b900000007fd96471f496d307fcd915b45d8f077cb249dc115eb0490ac95c0aa06cc780762480b410ff72e421b93618fa7bd0ab003296583ed5501ef1b222869041f41aeb69504f5a475661ea9cc86f57db3da53ac8cefc6f9c5d38f2ae0c7b9495a403953a794e495b1692eeebb3456e12a4af44058be1e8ef248bd9a0cdec20cbc5b5d19862947405062b6e684418a7a214e6d1400000003a10a83ba6c7817a67b6ae9a623fec12a2509566273b91f6088cc68a059698cc9277d6aba4a83f68a7c655722ba762b2c95463e6d58c6a6f6d832306f53ae1bd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424879062" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000081b970514f5c9f467ff5ef5e3e02e5e7da04bbc1b2553cb091fc9fa2333bab41000000000e8000000002000020000000c48141b6a957524499c2c48c55b8d74153a9dfb6e5636f6cffd639bcec2e6b6e200000000d44c77e187edca74d2c25c3019732bb6aa4bd6e65ff085cca2b41ee62051d114000000062ab74896ae381f21ad3cb8ae53552e9a235a1525876ff05a972c9281035374abd08a41dcaf45dad6eb2fa9df0e56fac54c9153c397ebc8812d04681bc16d5c2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2084 wrote to memory of 2600 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2600 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2600 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2600 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:29
Platform
win10v2004-20240226-en
Max time kernel
155s
Max time network
174s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4112 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.212.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240221-en
Max time kernel
121s
Max time network
125s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 220
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20231129-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7zip\win\ia32\7za.exe
"C:\Users\Admin\AppData\Local\Temp\7zip\win\ia32\7za.exe"
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:29
Platform
win7-20240611-en
Max time kernel
127s
Max time network
166s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\easymc-launcher /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad --url=https://f.a.k/e --annotation=_productName=easymc-launcher --annotation=_version=1.6.14 --annotation=prod=Electron --annotation=ver=16.2.8 --initial-client-data=0x2f8,0x30c,0x2ec,0x300,0x304,0x1475029d8,0x1475029e8,0x1475029f8
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1076,12885832042759321462,18246161002487834179,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1076,12885832042759321462,18246161002487834179,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1340 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1076,12885832042759321462,18246161002487834179,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1568 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1076,12885832042759321462,18246161002487834179,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1208 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | tcp |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| BE | 23.14.90.74:80 | apps.identrust.com | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 172.67.149.107:443 | api.easymc.io | udp |
| US | 172.67.149.107:443 | api.easymc.io | udp |
Files
C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad\settings.dat
| MD5 | 82d7cd6e5396c20a254e2b80b6994c23 |
| SHA1 | 8161a743d10a020fd73408669cad8b38cf157d1d |
| SHA256 | d92733dbbb638a43c32cb77d72a9adb196fda9a907af95cfe87b2f454ebb8dff |
| SHA512 | 143e3e4e7b7c385093f56b652a1c044020451d8001f14060bfbc92d4d8795508cec0080862b04288d68acd927e4b3f51e6586090124661f5681ba3dd839660d1 |
memory/2308-6-0x0000000000060000-0x0000000000061000-memory.dmp
memory/2308-38-0x0000000077420000-0x0000000077421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabAC58.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarACF7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e0a7f2df0df116d5599fa89d9fcea13 |
| SHA1 | 9d36ed117113127b2537246040a8fc5835eccd35 |
| SHA256 | 037c0da14537323ba0850874b7e03a081884d153c897aa32af68d385d0ca068a |
| SHA512 | fb74bf1b259d7014150ad4b2524c57d7108c292911af903551cf992a743f8e552a1a3029da71bbf47ced47c7a223f543549cd866b56992ab26e3443f7dbfd5cc |
C:\Users\Admin\AppData\Roaming\easymc-launcher\sentry\scope_v2.json
| MD5 | 18c7c43e9bb566e169a7bb30fefe9841 |
| SHA1 | 4c28208feab495d50bbc70d00c905205bf9c9ce5 |
| SHA256 | 561e384ecb74fb531dfd79af714ad1a17a998ad1c270affa365e4601580d21fe |
| SHA512 | 21d835f4d71176f543638207f76035399c94fee0b5b24112d4a464cc423dedc6a1812b20fa5fa9cc4d00ee761678253da4bf00d9c892bd8bc9fe24634ba52f54 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240611-en
Max time kernel
130s
Max time network
152s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\EasyMC_Setup_v1.6.14_x64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\EasyMC_Setup_v1.6.14_x64.exe
"C:\Users\Admin\AppData\Local\Temp\EasyMC_Setup_v1.6.14_x64.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq EasyMC Launcher.exe" | %SYSTEMROOT%\System32\find.exe "EasyMC Launcher.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq EasyMC Launcher.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "EasyMC Launcher.exe"
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
C:\Windows\System32\reg.exe
C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\easymc-launcher /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad --url=https://f.a.k/e --annotation=_productName=easymc-launcher --annotation=_version=1.6.14 --annotation=prod=Electron --annotation=ver=16.2.8 --initial-client-data=0x2fc,0x310,0x2f4,0x304,0x308,0x1472229d8,0x1472229e8,0x1472229f8
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1048,10582484457668269178,3096515656141233891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 /prefetch:2
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1048,10582484457668269178,3096515656141233891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1316 /prefetch:8
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --standard-schemes --secure-schemes --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\easymc-launcher\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1048,10582484457668269178,3096515656141233891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1516 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe
"C:\Users\Admin\AppData\Local\Programs\easymc-launcher\EasyMC Launcher.exe" --type=gpu-process --field-trial-handle=1048,10582484457668269178,3096515656141233891,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\easymc-launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1200 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.103:443 | r2---sn-aigl6nz7.gvt1.com | tcp |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| US | 8.8.8.8:53 | api.easymc.io | udp |
| US | 104.21.29.153:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 172.67.149.107:443 | api.easymc.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 104.21.29.153:443 | api.easymc.io | udp |
| US | 104.21.29.153:443 | api.easymc.io | udp |
Files
\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\chrome_200_percent.pak
| MD5 | 6a7a9dee6b4d47317b4478dba3b2076c |
| SHA1 | e9167673a3d25ad37e2d83e04af92bfda48f0c86 |
| SHA256 | b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9 |
| SHA512 | 67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\chrome_100_percent.pak
| MD5 | 4f7cf265db503b21845d2df4dc903022 |
| SHA1 | 970b35882db6670c81bd745bdeed11f011c609da |
| SHA256 | c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16 |
| SHA512 | 5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\ffmpeg.dll
| MD5 | 7977f3720aa86e0ec2ad2de44ad42004 |
| SHA1 | 04a4ef5ccd72aa5d050cc606a7597a3b388c6400 |
| SHA256 | 61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e |
| SHA512 | 8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\icudtl.dat
| MD5 | 2e7d2f6c3eed51f5eca878a466a1ab4e |
| SHA1 | 759bd98d218d7e392819107fab2a8fd1cfc63ddf |
| SHA256 | b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa |
| SHA512 | 0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ar.pak
| MD5 | 3a8a7a08fedb148ebee6d3300356e37a |
| SHA1 | 2e9ac1ea8b6396b909f823486538d5640ddcaa1a |
| SHA256 | 43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78 |
| SHA512 | 7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\am.pak
| MD5 | ebe0e7e0c78fac281a3f0196da22cee9 |
| SHA1 | 689864d898905d43b8a70bdf37c5b339daaf48eb |
| SHA256 | 08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d |
| SHA512 | 89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\hostsremover\EasyMCHostsRemover.exe
| MD5 | dff1888306d5036e9e831d62d16412ab |
| SHA1 | 2597f86a16af51f61f7b4754fe290a9969e85abe |
| SHA256 | 136b6ddebbd837f775a10425fc0a6eaf4a46d32473f372208873cfeb2f64a28a |
| SHA512 | c2f984340c6d01531151b6ff58d2e5b47740b3faf309bc28c6349c4dd2b1e8715e24a69ee238380bd3ffc52e7922cf6c9a0c1ab685f449dc7e13054383b1de62 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\7zip\win\x64\7za.exe
| MD5 | b7b7473472c9806bee3e7ae6c1adda23 |
| SHA1 | 2dc03597a0d9c7ff97250f90d47bdeaf9b5753e7 |
| SHA256 | b0cfdeaf429f5cc53f85123dd8f5a5feb92c19d31aa34df257edf9a26be05f95 |
| SHA512 | 544949f1213817599fdb09dbb9834aeeb370b3f6225c3d835a29797b006bd36aa37b8a246a22204277f40d3865a01bc8d029a531d17d6bb43d9ddd3db7370580 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\7zip\win\ia32\7za.exe
| MD5 | dfd1cf824c781069def1d239a626d43e |
| SHA1 | bbe24cbae89166de829a7cf91eebfb518d8f45be |
| SHA256 | 31fd52f8996986623cf52c3b4d0f7ac74a9dec63fc16c902cef673eed550c435 |
| SHA512 | 0413adecc5560ddb18133eec70b3a717d82738f304bdbe6eb6e2dad9ada57314c60bbd48ac0aa948af77ae76f7d522ada4f6089fffab88f882872c56bd12ca20 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\7zip\mac\x64\7za
| MD5 | 335361d7f6faf13cadbf116bfdb97226 |
| SHA1 | d6cba0f2e221d1061261767ec38ddd7c550015a3 |
| SHA256 | 434075f6ff5ea9250571033ca06b95d464efcad87a528dd0b224816c86b1a444 |
| SHA512 | 5fa86f6ec50e0f2fa87ec7cfa0e98cf2bfe158035e5af024e017cce4ddb33aea631008e43328e6049e0f95e8c63dac8b1e03d3c949b34ad2a3e94ab979cad0e0 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\7zip\linux\x64\7za
| MD5 | 6a2e4039a2f56265369f22ecb1a19fd5 |
| SHA1 | b0ea59484a4827d7d9a0a27a5270310ef07e61a8 |
| SHA256 | afc9448bd0cc2eeda131cce313ef4994f9656417e0a15c8465fcda9ca859b280 |
| SHA512 | 796188635271cbd7dbd6a7f37cb4d4d5b394c8a302dc62008c40b4be507382925eeb8a550ca11e81c791d5dbda238f95dedecbdd0daddf84907c4fa3a9b1ca59 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\vulkan-1.dll
| MD5 | 25afbdf6701013c57b19b92225920915 |
| SHA1 | 009300dd4ab3b81794388ce7d126ae90ff97535f |
| SHA256 | 22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c |
| SHA512 | 575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\vk_swiftshader.dll
| MD5 | 77f7b4f46cb3e06b53729fd1e562dfef |
| SHA1 | 223c09805220ff2b5c1dcbdd5c0396231ea34f11 |
| SHA256 | a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5 |
| SHA512 | 6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a718c9b6e5e6563e23e450a0d01b932a |
| SHA1 | 95ccb1228f024f037259e759dbac464f3c27b8cf |
| SHA256 | 315f5ed966a1f3a89c94d1b78b9bf70e59a2869601cf6551b2c1fd3e3b008447 |
| SHA512 | b04512e95ab3997bc7d5c65e2f526e124bf1895b139eb2b6c6c7b4a4aa381cd408eb2bba01f44b09b1936d24752baae288f24a32ed84687d3e7e0681b5387d01 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\snapshot_blob.bin
| MD5 | c497639990ef3d4435fd721e8e855c9a |
| SHA1 | 85e7df364daab70730c756b8e24e81965d5a2255 |
| SHA256 | 5e15a82831965e521bee172e6878806bba51d410d1fdf1b4eb01385d1954502b |
| SHA512 | 63f2514d585dd7d3b988f0aaeed8106a06b67629eb54f2152e8b4a24276d9f56fc4650c8770d0ab44b4c57ca458856a0cce5f26f6226a56a807b38ce5615ead3 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources.pak
| MD5 | 99c5bf0dcd43f961aa3e177f7dc42d42 |
| SHA1 | 5618abd2e7b45c50400bb4aa0c455bb0b28bc472 |
| SHA256 | 75ff04d991c2a203105525a1ccb200a461717ce7b86ada4be092fe903d95cdc8 |
| SHA512 | 2e508c46eb266301f42ee6a7d63494f3856b422df61d0b605096bf4fc4943239d3fba15161adf8cb1cdcfd3bea8608102a0abce636999cc2a9e01bda51cc77ae |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\LICENSES.chromium.html
| MD5 | 4247afa6679602da138e41886bcf27da |
| SHA1 | 3bb8c83dc9d5592119675e67595b294211ddbf6e |
| SHA256 | bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4 |
| SHA512 | ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\libGLESv2.dll
| MD5 | 8c93e19281992a00993fc0f09e272917 |
| SHA1 | 3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7 |
| SHA256 | 1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703 |
| SHA512 | c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\libEGL.dll
| MD5 | 7b77074945dfe5cf0b1c5a3748058d57 |
| SHA1 | fdea507ac2be491b8ad24ddc1030ea9980c94c0d |
| SHA256 | 994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56 |
| SHA512 | d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\cs.pak
| MD5 | f125738776a9fb8dbf25311fa3dadbcf |
| SHA1 | 3448b58d4810e69f5c1eca4e1484308c3ceff502 |
| SHA256 | 5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4 |
| SHA512 | ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ca.pak
| MD5 | 53e3fb38f84f60b98d23b337e4f03f92 |
| SHA1 | 42e435837dd36872d2a413518a299cd293ff8536 |
| SHA256 | b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a |
| SHA512 | 98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\bn.pak
| MD5 | ee25e9cf28fdd35846d8a9b3c4220eed |
| SHA1 | 702342cc207ced1bb585195abcf263cbc4ea0069 |
| SHA256 | 9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9 |
| SHA512 | 2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\bg.pak
| MD5 | 5ed6adc6158f554e71bdac7dc9731b16 |
| SHA1 | 394c8396c566d2b92cef881c332624be812115fa |
| SHA256 | 0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726 |
| SHA512 | 796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\en-GB.pak
| MD5 | 074d3dd44706502de7c33e791794b23a |
| SHA1 | 564a73ffad9232052c692eb94f560d6b17227c47 |
| SHA256 | 9c3954a5ca2cf126370a1152e9281f41a7ca97c69293f556a2c79ea6729324ae |
| SHA512 | 6e1296d04b16534274fa438643ecee6e37d17ed935623f73d5a8f3510a194e0efda9ca60fac8d51d25763c4818050e23c306f9ee18284b8600610d14f7768d98 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\fr.pak
| MD5 | e609419893f1d885a2f17f94805a441c |
| SHA1 | 31083ac114fa4077a7da7c796ab3744873fb893f |
| SHA256 | 8d71c36d04f2d6062458aa2614f7ce223b2ee9b4665556803f764f384b191091 |
| SHA512 | 77f965f436a009a5aacebed3cc15adde5a1054e1c699b8a50b947a7e78a97cf43317d50b0ab7a42532c77d320b7393007e47199f31c58f7acb6f462f98fdd4c4 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\hu.pak
| MD5 | ae13d7ddfeb82df9950c71a4ea0bd10f |
| SHA1 | 7b55315628060668f444b110031b1fc4715bda11 |
| SHA256 | 17758e2bc746f6d770fca8969ed0aa2d00658d68792d2e8bae94d7b58665d83f |
| SHA512 | f94247fecc4fda5bdbe9732f151cdffed337eee01f59aaab6e6452c570a549dfb87c0528484c1879a04af134ac883a21043c582d0a642e185e4e64e3aff830be |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\lt.pak
| MD5 | 02e9c88d9d5e58d135c9a92effcce38d |
| SHA1 | 92421a5fac68d506fa904075ea7cf39a3da8efc3 |
| SHA256 | 38ad40532287da53fcdb6076b9cdb841bbb4f30162681707295bcab448149e65 |
| SHA512 | f0897d62e81eb6e2c56cf1a5b5ad5124521c345f70cab841071c7b70b16130984700d694a32dfa010460244d8b520ba1b217ffd76f75c074b5b3a9ccda26b02b |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\pt-PT.pak
| MD5 | e9f8bc9fd1e845551fe3bb63c9149726 |
| SHA1 | 0bfbe46e8ffd62493c019e890a30ebc666838796 |
| SHA256 | 50cadb4da4e61fc335d145374511c34e5a0e40f9c26363614cd907cc7942a777 |
| SHA512 | 1d3761caadc3ac750c0a89c64db472bcb0764fc1c4b1108a9443fa71633ec7fdd945120a6f05e76221d9c58103cc9865b4857877d57d60b623f92a0235ed15fb |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\sr.pak
| MD5 | f4041623ce5e06d2dea58d532edb120a |
| SHA1 | 2d7ee3ef60b39e3508427c7bc12e046d7bf5e928 |
| SHA256 | f2f80d7325d259811afea1e7648c42d3ef3eebfeddaec27ee2817f4e68ab541b |
| SHA512 | 18691f4cee3eeaa2305d1c978d803fdf757d9c4e87e88e36d7b1fff482cfddd820568b39a1108065f61dd2cf10d7219c27813aad4d64e71695ab91084ec3c694 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\app-update.yml
| MD5 | 753871ff73d231ba73614677412ac14d |
| SHA1 | 789f696b41591498eec4fdb0db78c68c6d59dfd1 |
| SHA256 | 2090cb7c9033d9cd1afa2275ede6ee080aa7bb97ff741e3e449af97b177551ef |
| SHA512 | f56bf2114cb84f0888eaec4d715bbac5653c5dd038b3bdb07282a9a560b20efc590909428a3f7b0d95bdc3c6aa9d2f37c8810d07f737a8b290ba0e924c7be1f4 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\images\microsoft.png
| MD5 | 4d388badb05661ef1163991b0d40a55e |
| SHA1 | ae4fea8bea799d9e012946112081e8441ddebe67 |
| SHA256 | e3345ae5060dcd5a7e5b9e61735c8b66916152831298707a5b809e5120a88be6 |
| SHA512 | 87dc0b07479234ef61c4b1a838ee629dfe4d62c6c02337182f561fa6209f82c5070a3c0f072e22030a3c8c21dc551f66b6d05d3a2809d0f5f3b6ca7afe34a846 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 1e401ccda5b723ab8a595a54f7d2531c |
| SHA1 | 127716680dd16f776b19c2306d716935e54c5100 |
| SHA256 | c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21 |
| SHA512 | 1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | be1b6fe26a1b5a3e1302c26ce5ce53f3 |
| SHA1 | c3cac08e89c4cc91eae1cc87e33a1dea723f1d78 |
| SHA256 | 162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546 |
| SHA512 | 07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\images\mojang.png
| MD5 | c87524b65e064c564d97b782cd5e49be |
| SHA1 | 439e9d6ba008a53015bb35dd4c757f68a27035c7 |
| SHA256 | ab15f46745e9f79b03f2dd414db0692c43776297b416c508dfb478f3fc31d517 |
| SHA512 | 4bc2c07479aac39b2529c6639f7dbbfa6866b10dc2aee055b549f8d49e6609e68d9073166169c304cea65784c45c18ba9bc3a751fdefeaa0e8df1174e7ec2b9e |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\images\grass_block.jpg
| MD5 | 306cea0ed44b65ad39b655b390cd7193 |
| SHA1 | f6eed63cef5c6753e43becc09b337119779a12a4 |
| SHA256 | d41c38b285922cea8c7fff69ffdecf536a438b080d1cd7de05dbbda8d2c8edf9 |
| SHA512 | 8ca08690130c679e01b5e29781b2e113bcd24aa80875d39ec6d3800f6119a36c4ff029c8c062d5f9fde8b049e0556e2e1083e821236862563a4699a0c09565f6 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\icons.icns
| MD5 | 158e222cd935bd0896c0ae9f487ff802 |
| SHA1 | 608d0f248deb75705ff42c3143f16456debd9307 |
| SHA256 | a62384102c23e7dd8e715a671c75bae0b66d455088cd80c957276a97915386dd |
| SHA512 | 1f166bbbb73ae64575b0dc6359769cb16095bbe49b3f94a6cba9cf5ac433e62e3ca1779ce7d40abe8aa1a2b8dad4fd0bfab4fa386ebd8acc4dd86b78c88bfa9d |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\icon.svg
| MD5 | 6e21449b8640ba1dcf485c7f4fabbd2f |
| SHA1 | 1a50ae72417ef6bbf868f6a3fc75d1a6a4d8cce7 |
| SHA256 | 08545f22c3bd00fca027a79a26f605c815166a0f18ffe41ce706b5cf68525bd1 |
| SHA512 | 754a63e1e04b8a4e1c674c4e7fbee91d025a10010cd5051d2aa22d303e7ed5de1a404833a9ab2f9662f478bc269424672ea3d172ddfc4854fc18620719a5597f |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\icon.png
| MD5 | bd8d487e261ad75074f94d065a1fe5ea |
| SHA1 | 5fed02a831fa006d24d2053f271817969c411539 |
| SHA256 | 5155e83d66a6c33b38551a7806b2ecedf4c3d6022811c18e3a90a542e725dd20 |
| SHA512 | 5ab2b0b469ff0af0cd8e26a6767335369ca8b73e7b9f574ba38458b1499978242dc88fef5975ffc6417335c7931dedfc91158e70018982adb92c23d776dd1de8 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\icon.ico
| MD5 | ba449c2f602dbee8ccb754ab9ccb013b |
| SHA1 | b61391be537be84bb22140a22d43fbf96472cc55 |
| SHA256 | 8557d5790488957917671bb447fa41248961cbcf60395023d700f4b431e16db8 |
| SHA512 | cc5ca1fc2844ad01eeb5dc50d469427a6a4c18ae54c5732e8cb9f20be5667207330f870d18e681503ae2bf9c6c94a03eac8b83d8d32e344101566a933405b885 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\icon.icns
| MD5 | fd27b269f6bb7c7c28d0f8d330cb8b78 |
| SHA1 | 5436360c72d3bcf03099b91904d6013e4ef9098a |
| SHA256 | c32d173e12c75d85532de8bebf8a65389ff352e38623cbcb5d90614f979b4a1f |
| SHA512 | 647e113d40973b96377ab818a3ea3f269613da29c84e0b5649cd024c9ea1c2d63235dadd97bc9490fa46706a2f39c2957360741e85da78df96c74cc0144cccb8 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\entitlements.mac.plist
| MD5 | 9920b60c89256ceca825062dc9c53c53 |
| SHA1 | 0f1d847ef4067022c69fd82c135f3dfd2e4d352d |
| SHA256 | f4b2891dc2b1239191cecf7cd5b9a36ea4edaec33c1cc091e09380d669e8fb63 |
| SHA512 | 93ef0a66d6aa8091af3ab8af4b1ced502ded11f658aa77b6a5fe9e3d36bd5d01231060a0a656ea627c0fa32313b7a3438c75e1eb96f4f07692ee4d0f53ce9a90 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\assets\assets.d.ts
| MD5 | 3474b89e956a0f104c48700caf1f35e8 |
| SHA1 | 061fd896f9f418a4db9685fdf4cc4646bbd7018d |
| SHA256 | 498a5a3ecd170f99e34ef350c1150397a56461ca7f9961d2a22890833eec2edd |
| SHA512 | 164804bb6b9142dd423f75e3f75700813a154f4a41a271aad4e191fefcf4a8d32d4c7d5972cfec6a7f4753ea44ea5dc03d4fbbe0c28cf00af47729b2f66c3ca7 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\resources\app.asar
| MD5 | 9a6fee0ef9e7972344ef3b2315bfb853 |
| SHA1 | ee5bc71baaed68f28392e8d4b570408abe0c8071 |
| SHA256 | 320bc0f0e1310c128d0c7df93a5ba1e0390a306d6610888810a917794f49d382 |
| SHA512 | 05d00ebe9e278a910af687ed4bb7300aa57ea21b85ac12cb4b0d71641d420f3a0c518f1310846e71570a3b7b09834335431f874154f2abe8f2e760064dc378ec |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\zh-TW.pak
| MD5 | 03ade5ba27cd3ae9bab6ab3a5cb721c2 |
| SHA1 | a747311a5f6c2e0e535efd52bc96f3c4d12d5c3f |
| SHA256 | 0c4abf7a66026068cd4f458d504cb04f3e04cf9fae45419ddc2d592f24899a2a |
| SHA512 | 33e122328773039595248a85dc0940841a1e273957ec9a4e175871b3ada48008b608ca6569b495275abb8e2a8844ee0c4d90b48af915a3f5a6aa44f3c37e51f3 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\zh-CN.pak
| MD5 | 20b6d54de42cf9c56f0a85fdc27d82e8 |
| SHA1 | cecb82b4afe8544876f443fcf578453358ab59a8 |
| SHA256 | 4140caf95939f116993ecd8bc5f7681991f96735d2397c9c7b4c66e3013eed24 |
| SHA512 | 646af407dfb85863f4555961f37f706c18b5c1e68b3111eda9f9b531ba2bb60cf67211ad634037b872156f0ddd04d50d68c49173a27a78ce59f75cbc2bb6c3bf |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\vi.pak
| MD5 | 98cb45f0555aee1985710196db17d72e |
| SHA1 | 1362238c253bc2a0e50c8dde6c95deb027fd6348 |
| SHA256 | 39a130557fea33a9c899f347fa3ed455e58bd51acc0b3b4586f76694b0f34646 |
| SHA512 | 93125310ade0c7029f0406aab291c35d2b7d1941f85bfd3d6071f85ff347c46e793a5ef164c08ebfcba252269a4aa84bf7a3b8779a36ee2f3da303411becc27d |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\uk.pak
| MD5 | 33f02db055c3f91148feee375acabfb7 |
| SHA1 | ca1dc284f41bc55cf35f94a4039008df9970d411 |
| SHA256 | 1968e9ed7722089330e7a8ae2c08f241aa106ed2be8948461439e6a92c330688 |
| SHA512 | ad16973e4103ced979276c6de175eb600241491ec9c441168e6375f68f8867d3f0eba422dd0ef6404208564015119f1e5e2500d5cf4ff2d8da45d713ed8c251d |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\tr.pak
| MD5 | 4e7c047364c7c4809242741b98b28092 |
| SHA1 | 4ff1b303476cb75d8190568c346e8cc2e452da14 |
| SHA256 | 6a25be43b786ab853f8081c53012be623543830cce5ccd246ec040d98f22b852 |
| SHA512 | 4624cec04114c15a72a804fa4966fe61303effe97039337273ed0dc99e8a6a685ca5cf5fa901a84c8b219d443f1a89e6e7cbe09eb21e7ecff662301067a6cefb |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\th.pak
| MD5 | 96212a5191b7062d1620388acf1d09cd |
| SHA1 | d3616b6c4649dcfa347df0473e64219ccd63e63a |
| SHA256 | fa5f97bf433df481a6257fa39ef8dcc7961c5d5a83008b02c9773836d7bfc96c |
| SHA512 | 5192c36317c3a50696796c7286f77b1a02b7a0f83abb16ff7d47ec94281b85ee2fb29b9ddff7c4ad8b28a2a757772bd2bc726b10c19658ab672966679d391508 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\te.pak
| MD5 | 93edec428bdaa1f84f5c9478f440997a |
| SHA1 | e03f6bd50b0e0d888f9dfbdc87c98ff567e6a91a |
| SHA256 | a499f50e452ca02ea476fab8954e7ff58d2ee0c6263b8a4657b6ebddeecd2520 |
| SHA512 | ae34e29f1e8d23dacca66036e355b12ebb1117ec6e5e99413c792a0dc8b772eb63578b2406730b014fb4ffe32b05dfd9fab8adcf38ab3f5b9bfd0cf054ed09f7 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ta.pak
| MD5 | 8a1a245b43af1f174f262d8f53014d59 |
| SHA1 | 655045f5c71aa2589851a66d5387d4125bbce1ec |
| SHA256 | 85d8ef6fb5fdbd1d689aa6cdbbb768376b08b03ff39f7528a3804a3b4bd82af1 |
| SHA512 | d71b73fd2b5658acf5825f142130c49c278c801fd8beb5fb2039a3c209a1214a9cc00fb6896735fa4d020bc2279afca1577f35fb0a96a315631d46656d2055d3 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\sw.pak
| MD5 | 70510abd3079bf26caf327989e810216 |
| SHA1 | ea640cb8b3c63d71d9b3a0d377fef5540b04fe81 |
| SHA256 | a11017a3e0e7f48338d4515ec9e79c1764387232a0d9a05fecc4b594bff40091 |
| SHA512 | ecbc97397557e27e66536a97ddf78a744c104b258d40d6f31972e6e5c6615699dd24eb02144ae0d3d53764da0f83a06f561ba95bbf08da4bf4a548b0e7f8c052 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\sv.pak
| MD5 | 773fc8c89b093c40191fc233730188c1 |
| SHA1 | 28001794144bdb76f62044d57e2d52c8ae1635c6 |
| SHA256 | 6aab29795a36a0234c6d447fb1fdd9011da505c348b934346a27b6a2ddb92ff3 |
| SHA512 | f9bfd3e72955104b922c34352ec16d56939eea634b9abd549d4a3342dd72f8768c85bff59814e419aee6469f6521f4f71fcfe9b8a81c1824187ba818f6d6caac |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\sl.pak
| MD5 | cfb094955a5a8f655ce8a598d5a89706 |
| SHA1 | 181ace68b0c3be132ab73302ba7f7c8750f9adae |
| SHA256 | 15489195e92cf11354a9a02895aad2ba8f17aecb676dd77942054a4f3f0fd623 |
| SHA512 | a31e131663072c1192a4146321db5f0f457d27e14afc8ae40a92a4f255df4cd5302774534fed5247e145c73739a709dd5852af35750f35ecbab0fd4c1a612e2f |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\sk.pak
| MD5 | befec33f564454253ad90d6cc06ecf62 |
| SHA1 | 1fa0e082c89f9aa397551421a35b7dfc941f5250 |
| SHA256 | 9db30eeac7f1814158283affa0af6451c6f7966896cd6d6df8eab14a37e58c9f |
| SHA512 | a581faf67311eb8d81b481d1e3348f579745331f87523650a4fc35ddbe6d5033e726feab0ca3911ef76a21aceabc3e2122d16333d1b7840a933b5231a9e2d157 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ru.pak
| MD5 | fd441a4b72397f5d76915ebcdef45aa1 |
| SHA1 | 94a0ab5704e7303c6ef1c2ee5be0b6f4a52d146e |
| SHA256 | df41fb92e4d682d47b5adf942600b4f23c1aa5274b31b844cd4c4b6f0ec86a86 |
| SHA512 | 5fab517ec0141bb67b4b5ac868100b770fc0b7773b94f977af9205294da9305a2079327a4ece1ff1d9a3b3c805c8d8676c2b0505bf190d1c57c4ed0c14a1cfdb |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ro.pak
| MD5 | 4d1ed9e347de9351454d11132c06e916 |
| SHA1 | e3734d17a579ac423ec5fdc5829a211c7b76e049 |
| SHA256 | 57dc80c76c535c645893c9d3b4d0c4779aaa877445383abec79e32cf02c41276 |
| SHA512 | bd3d0841678879a24eb6f2f15c27bcb64a5d7ad171debbb51e7601a3898b830b1985b365363a01d22967969d4d4ddf89a130a5a33ff6a94cef6410b0e89f1849 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\pt-BR.pak
| MD5 | 3b70cbf1aa47436b78a5e8c7672ce775 |
| SHA1 | ff9f2820e5782f9eae0ea1d5ede61665fa62cc06 |
| SHA256 | 8b4a8a3b8741610c279283a6cb843cb274223f720edac1c73296340b02569fbe |
| SHA512 | 41e3b3264d8034edf9ee1ab696ca4612ee6ef4e8537b4598805362c4a250f81274425cfa2c9c62330fed73a683e6d3b2ff537b51d869d7da19c4422728da7c0a |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\pl.pak
| MD5 | 41fd7c76e30b333027e86e20a65283a8 |
| SHA1 | 81afebdfd62255d0b0ca508141dcd7b67982f4c1 |
| SHA256 | 5de95dc2236f896e66debfe2cc7553a5bfeaa7ffea2820fe1f2f67368af84f7e |
| SHA512 | c59132dc329ee72fa8e9e9c653da597b5fa40a6eb0a7988cf62b1bdaa646a9f09f504219bfbc5af394a12c9ab6050a39740460a3e5c3ed0946b556c33f608219 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\nl.pak
| MD5 | a17bff141aec095625d0420c7a609b08 |
| SHA1 | edf3746b20ff9e3bdbf09b195e7781da1f799a91 |
| SHA256 | 7482c28c2a42a94615118b6b8cc7d002415923ca104ef86a95a4ad05c8db36b9 |
| SHA512 | 903c50c39160e40920bdcce0dc337e83b03bba00481f82ebc8ac1cf6927ebfaa75b1f9791038a71632c5e79bf7331bbf7468cc626e303929801c08f54d092c8b |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\nb.pak
| MD5 | e5546ac3407546d6b786e24c7bc21ab1 |
| SHA1 | 7a9e44a525ae005d0b41020c403c4e1e49d237b7 |
| SHA256 | 751521cbf27777bc99f2039b987686f921cb27e02c959f6cbeb976799e45066e |
| SHA512 | becf51540db5a0893e6f44d588be98142bab5c2a0f37c0212348e3cf39da52def2fd104c039229b52767a9345890f5768ed897b4bde5c6feccd75036d8b4f363 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ms.pak
| MD5 | 0bb952597b170dd4dd76e9d9d546ac3d |
| SHA1 | 101aafdf6a4ac0cdba7bd88538e7ac395e715e3e |
| SHA256 | f6721ce0d4d601ffeff011d652a9bf2518386cd8c1d2317763e37512451534ff |
| SHA512 | 46c9b63273d6ea30ee63ff230d6b5600018ae54032e04a6707f5873ebd383d0d59645f8d0b44b8ce9a4d40d5acd3453b618b9c4fd3c1b958adb5aefba3465464 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\mr.pak
| MD5 | fd3452d812a6129b8b6db620423adca0 |
| SHA1 | 9bfe47a0e9f1843c90875f28d8873d592098024c |
| SHA256 | c9704a3e528092ef676be4a653cb14b906e7c32424d59c8e4f22981014bd9111 |
| SHA512 | 7ec30343e985f7bdc6a64fc13d50bfe58ae098b03e18afeaeb4c89073059698cdf40477f2323a52c5e8f07f37b28608c54734501d14ad6ae0c9a0f2f4ab0e689 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ml.pak
| MD5 | 21aee42070f9eace2a8e14759526f05f |
| SHA1 | fedd83251a3fdb1846bf0e7e49a3a78cd77fae02 |
| SHA256 | 393d2dcd5c7c33945626fcf10ea4457649fa7b4c100c039898385133c26395cc |
| SHA512 | 60cc85a5a638d370710680bd39a6946d04660a0856bde49190fbc0002acf91617cfc3f3087a37cf592c047550ed2c5b73c2a769fbdffcacf4ad3ffa129c929e3 |
\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\lv.pak
| MD5 | 7313fab584b7561b1fa63de07b972118 |
| SHA1 | 3a44d445f57a78867d37638a80ab39add3fcaa4a |
| SHA256 | 7b92238240c31c197029d41fdffc244f68caeb8002854f65ee3125bd95643598 |
| SHA512 | 05b067847a63c0419298616278678ade6a4fec4008323121ace5a09e22f6dae409494474f5a88adc703833691a7d4810546d012d4311e176fe58812f166b8ae3 |
memory/2360-679-0x0000000000790000-0x0000000000792000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ko.pak
| MD5 | f21c6033fa73bc7d3358c2467c9048d2 |
| SHA1 | 939f209f00e6664294872e0dc3b33a9015a2f1fb |
| SHA256 | d19cfa8ae07f23b81c0d40d7e751628844fc1aafb83d4bb4dcbe71caecf6ea2e |
| SHA512 | a4a4909ca56d3d924639cf1adab6d9ee512132c99c8e3dd37f2b949a1c816ab29ce81c01c658022e680344516201fdb0440abb97e577e6946e2731411674566d |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\kn.pak
| MD5 | 90107e2353e707a6d071c9aabb5adefa |
| SHA1 | e4dfe445ca7830b3a56af38af1d73e3cb94abc73 |
| SHA256 | 9155b06ccaefbea6461f5c51e25ce25d85ca7bd557e76dae00a4d6a09a4bc424 |
| SHA512 | dead3b94638afbf4ef27e1cb5283ad2d0af73ab8996e7d2e8202ad174796121799992f577c974fc0ec53fe2b8f6fb4d37c3bef70b72c29b5b721377a0cf3b093 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\ja.pak
| MD5 | e720738027460b044429705f7ea1d25c |
| SHA1 | 851b59efad4ae074849fe41f40a56c5534caaf72 |
| SHA256 | c78fde77efbca1b3cc0cd12bda718d1a113bf6b6f3ed558b5c9a452dc974edfa |
| SHA512 | 08b0fd0ceff7ddfed26985bf84b54d75cead1f6fd4d5971da9e40996af6dc5fe9455c402f62e758020a6ccdb1ee0213cc2a5ddfa28a2bfb1e8064c6a4401c3a2 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\it.pak
| MD5 | a2b9cce245e754258ea187ceb3aa2670 |
| SHA1 | 50f84fbcabea10385714a3c3a2483247ac040c02 |
| SHA256 | b72f89e5d2cacbd2db7ce28ceae35faab8c4199ec993fea64e8c78df882032d0 |
| SHA512 | 5e9cca2605d4a86d4f2b39845c8396c37f88b6f1d08c8f0e2b6f0896d60754331a588d0c0fc59e9ad8fccf0d50100a2307fff2d9df784f91537b1d9e108727ad |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\id.pak
| MD5 | b5e4e0092bd1063e8bd68d0b539ab005 |
| SHA1 | 5e3d12a6fb497687df81ed64de17b0502ea84f2a |
| SHA256 | 8d7ef1377d39fb6045c9d4b1bb064c329bd789ee33b6de530c187f1e713dd7f0 |
| SHA512 | 52b535a143bc13a03804cfda2d3f2f81f036b8d24897d1ef4a657ed290ba14e43d7cfe92c868cdef6b093b09b90119f7e50e8496eaf347c8e4fdfc13c5e306a2 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\hr.pak
| MD5 | feea1754a955eb61cd41763be4e5ae2e |
| SHA1 | bb6252fec9ada8bf9ed7b81f59843d5abfcac80d |
| SHA256 | 787680ecb5d5ece246894481834b30145919c22b04d2dcad2f6ea2b2254abafb |
| SHA512 | 3d24c9ccb83f6ecf976df5cf00fdb0b46d53f09c1cb08ab68bb8d9944452785f40a761a152605708d7672f7dcb24e0b7cad1cfc14b267bf5fc1393cfd05ae4d0 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\hi.pak
| MD5 | 34bcb12c154075510d9d3066ad4a8d1f |
| SHA1 | 6a3c062221db4f391f8505892f584647b05a410a |
| SHA256 | 83c6c411d75ec5c5de6984b21fdecb07c9b926c66b67c5c99380605f6fdd8928 |
| SHA512 | aba38e4a8039bbdc46b510a8370c82d3b199b4a02da7751c162c941e6d893a9cdfc0ce92db4144ecc2b2644d58b0bc6cc7cceb0533c62c131cc55be0258c3a7f |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\he.pak
| MD5 | 6010987755f300c7984dd3f72f518ab2 |
| SHA1 | eb85f0849a86aa5fb585efaa070d2d7300b197a3 |
| SHA256 | 1c84a575e28e9a72335ed13409d6861995bd9859fd57a4d9509fe912db4a56a9 |
| SHA512 | 4b77f74d986c16524a3a6c7f60cdbe53ac5be59418737835a7fa186e4b6ee853cce8317cce352fe4064c75a7d27bf1303d76eabc53993ff1e4b7758a8ccc6228 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\gu.pak
| MD5 | 57cf11b4352e59f11b20b7ab754af031 |
| SHA1 | ca1716d419f175a2dd548929fd551dcbd1ef4bd7 |
| SHA256 | 55588f211c26e1deb47b04d39728ec051b99334c55d30252b94df57d0fba2f52 |
| SHA512 | c74360769323b3267aa218e994f49c7e135d4f320365a349a5362c1755c4b660050a070bec6c5446d4620be97a341270b6c01289db20ddf5199ece23117110a4 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\fil.pak
| MD5 | 693abd21a6855aeaa31f6c738c6b6fc9 |
| SHA1 | bb1fa375a9f0c682d9913b1c1610535eb2b4028d |
| SHA256 | f0bb231c710c025ad4643e2128867de6e111da867384082e7dc2d0769976b6ce |
| SHA512 | 03c68c45e3144a73251d950a8c7695e5b9c2c66711134016543ac07ee6eded723324d5312fad4624d35d0bfe9861ca4b7440d2445e6d3d6cff4a1a3cd5263c98 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\fi.pak
| MD5 | 4f323a2eb73ccd029e742cee4dfa9769 |
| SHA1 | b860372d21cc55eb7ddbbf9f5bac61fed39426de |
| SHA256 | e1888472c8e1330e70e514d0a1936749a7e5d39f67e7edc818661c2cbf3e301a |
| SHA512 | d07d0f74736cd32d73b3a33867e65a25b727b5c30cb743162908e23d958fb3ae97285f600a9ef8196e61be9d450da5903d1e468fceb3b05ced93aa600387fddb |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\fa.pak
| MD5 | e3f56d4b0fa2878ed6847631d3b05dea |
| SHA1 | 627f48d5423afcb3cade0789f058d60867419041 |
| SHA256 | 2ee67a38cce9ffae1a639be17c0ef7ed7c763d9c15c9621f300bf634e1f25a64 |
| SHA512 | e29c28717f31dc57c2294857680a439acec25478913ea425b0c7b6e50f3343b21fb7983c15352f9e3c001ffa0c8e500d92a1924acde32a4b5bf3f5b6c60c4142 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\et.pak
| MD5 | fcdea2954549e5d8f1e7a5de36ae4f74 |
| SHA1 | 41dcdcefbbab3e0e908d98ec9b6bac7eacecbb99 |
| SHA256 | d875bca2e8800657306727902f4f5fceec7415ea530bfa780ece0f016f792569 |
| SHA512 | 37ea008078083a36b07b1f5d0ca6e16f62b06a19266d8042efc796bf33c53200f37d3a37f5b48d024dbfab9e6689ec9c3f22d6e37e3898fa7deb61ace1fb2df3 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\es.pak
| MD5 | 39288ea031009bb9db582cbd93c7d534 |
| SHA1 | 467f76d33e39526a4d8cb6068eaf8e2791b3a9ee |
| SHA256 | 6cd39669df96b4b5b9047f7689338d3beb9ad7f8be2fddc595ef1ecbc47481c2 |
| SHA512 | 4a635e969cf2b09aab5f8723a3380c5e226bf0546019506d18de65c1e4a599d268b9ee2e03a65b245075f899a09697b7b535f1055c19344a411100c8f29d93b2 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\es-419.pak
| MD5 | cadd9ec43e823609c4bbdc418da6009a |
| SHA1 | 91bdd44d5972a4763227ee7c127fe122aefe195f |
| SHA256 | 6c8d074047d57a79cf5cadf9caa6e9a64bce0895743a3dd89ed1350cc91c1e4c |
| SHA512 | 2b9eae4072e46024e33f000b1df1a64246f70498a557f4a03234d3dd47aadb04883b98ebf48eec21f0d6ca4c8a62065f675fdb352be680a56644ea3ae1db93a5 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\en-US.pak
| MD5 | 0dcd84e9e50a3e0819d5875ea889ced4 |
| SHA1 | 7c47f6e4e0cafec3a13c07d689d1dd6ff6516b1e |
| SHA256 | 699b6d7f05a484e76d3e1197a656247863e570f03cc02634c9dc42078a5c5007 |
| SHA512 | 153fc15f676d78d5d0f3a6862fc7eaa60c2a659c25ce87485f0253c321d9407a9b799b959104c27a8e7b5487f0de926ae8f375e2c3d313329112e48f2d001a17 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\el.pak
| MD5 | db449f218a705453eb10b5f418e28d7b |
| SHA1 | 7bc8fcc59c532bb086a7f081cd8d275a89dac835 |
| SHA256 | 73da35d01b91707846775bea7dc0331fc1caebd5c63d101aa8bb8bb58ca7f193 |
| SHA512 | 7dce45bc723d62498b335be0ab72dfc91c44c01f96f25c2314e9245a0eab28a92dcaa730b11f108b604545592445ed1612721416f60ae3bf55b1bd438bd04f78 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\de.pak
| MD5 | fceb00caf7e76e688007665feae99e83 |
| SHA1 | 06fece84cf7028b3871f144258b8d084faf8745b |
| SHA256 | 80e63ef1950b8438813271365a7b6a3f3aba0bacc179f5675654249f31c06a3c |
| SHA512 | 08c14eb299a035949e6b64a069cadee66c420b7d66bb00d65d6a1a08fbee08a57ab08f8e77c44387f0fe02b47aeb0bf2709a1979025613cb51af4ab82fc3b6d5 |
C:\Users\Admin\AppData\Local\Temp\nsi21E3.tmp\7z-out\locales\da.pak
| MD5 | 22134b12d90fdc00f23a1e0a6fb04eec |
| SHA1 | 17c9fc2cacb6e5ccc393d1af9bdf3e8e63ecdaaa |
| SHA256 | 62020dd01b47b696e2e11d7f5598628c07782a96ea6bc013dc2ffe8c820b7c94 |
| SHA512 | 9cce6ffb2d84cedcc5ccf200080d6a2cab691468c042e8e48a5fdd809b5c0d067c322326e49d18f66da8e0b1d28adeda4cd03e12d7aa11350b72776737aa3427 |
C:\Users\Admin\AppData\Roaming\easymc-launcher\Crashpad\settings.dat
| MD5 | b9c43cffbdc9ea7f18e6b1808485e383 |
| SHA1 | 055d7de4c9d1b630201e9c80de60ffea7b473228 |
| SHA256 | 62a43bf4523b2792ed5fab7b23d8325faa1154284fd3dd3cabe99b9226d7b264 |
| SHA512 | fa2286bcbf070450f522d72164b9b6699ade084196dbc64015b71202ff0f1cc6a23b44aa96cc26ec3f8099a8a13efc526499c537f465ae5b48e60ccf7f6f3a2d |
memory/292-896-0x0000000000860000-0x0000000000861000-memory.dmp
\??\pipe\crashpad_2984_YHINPZUHUOBBAXOX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/292-929-0x0000000077710000-0x0000000077711000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab4730.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar47FD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f372ed4f2ee0d5c32b7401bf601fd1b |
| SHA1 | 63d7407880ff75d901884957edb4ff83e3712de2 |
| SHA256 | 6ff57d75b984f6bcc8ebf890bbbc9476845fa26cbd68df40ce8561c4e442fb45 |
| SHA512 | 2a917e83a295b443ace477050856d721af2b1ebb3370e63512078f9725357e50b327f0528e8bfd81cc6c0e0d5ba080eab71e98670eb852dba427465c75afa05f |
C:\Users\Admin\AppData\Roaming\easymc-launcher\sentry\scope_v2.json
| MD5 | dbd56933b91a6749d0f0b337fe24bf26 |
| SHA1 | ee0e52573c0195deaf6976fc804c01bfb70559fa |
| SHA256 | 9082b26081755e5146f75713590856e2161d089efeb9c6bbc35804d54822e01e |
| SHA512 | 83fc5b114f4a511a0ca38d7b97ce148d3e3fc45f3ee386df067a7a800b20847f36f1b0b6354ca2f36671ca83fde6f2ce5a314aabe7a9e86ca6bac904d43254be |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:29
Platform
win10v2004-20240226-en
Max time kernel
136s
Max time network
162s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1420 wrote to memory of 3368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1420 wrote to memory of 3368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1420 wrote to memory of 3368 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3368 -ip 3368
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 628
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240611-en
Max time kernel
93s
Max time network
124s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2384 wrote to memory of 3380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2384 wrote to memory of 3380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2384 wrote to memory of 3380 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3380 -ip 3380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240508-en
Max time kernel
89s
Max time network
157s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\7zip\win\x64\7za.exe
"C:\Users\Admin\AppData\Local\Temp\7zip\win\x64\7za.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffcf9ce46f8,0x7ffcf9ce4708,0x7ffcf9ce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17367774753485460328,1832785413675148308,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_1708_XKMJNWJXLBJXGPXC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2539608a5c828dab7eaee77aec54c250 |
| SHA1 | 0da7e0db9679000ce372ab15b9583b1dc0c015c4 |
| SHA256 | 35431281b3326f1c1e8d5eace1ae5b21d29558887065926af6acd1b8b0ea9195 |
| SHA512 | 6c9fe0a7f5b3b08be60ec34fd7fd0ac5463b0e31f659e7a00d38c65554ba622246e24ecf46b4ef630fb355c3c11650e777b2629bdbe437aaf001093373d303fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef45fdb9a7204fe101273d626a669e6f |
| SHA1 | 4528490458bc86a585ecc6d7abe164a111146a33 |
| SHA256 | a4fd757b663f75b38033da127b951eb2437acde8531e4d74a2aba1cae8d0632e |
| SHA512 | ca3a7647953ea38941ea414829295792d381877c03d1022909ceaf7dea8bc061eb71e4882dd22117168e19655fe552850ba022c93310855d82deff6945033505 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3fd74cc2fac82d5c3b553ca6fd3b827b |
| SHA1 | 7c3efea6e0c957a3d553ad2be56db0931676ee0f |
| SHA256 | f05e508156a5d082e0e3c60bc49e3e980f695a0c1d5e08393d77056dbb04790f |
| SHA512 | 674895f72b5eca1cf349b1f738367d6d58510989f63246868414af6f1f2087a212c13732533dd59a2ef439c038ee72021f525cba025096bf080a91b3b8a52937 |
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240508-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240508-en
Max time kernel
49s
Max time network
54s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240508-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240611-en
Max time kernel
123s
Max time network
129s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4700 wrote to memory of 3148 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4700 wrote to memory of 3148 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4700 wrote to memory of 3148 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3148 -ip 3148
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 612
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3532,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 88.221.83.178:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.251.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
ubuntu2404-amd64-20240523-en
Max time network
130s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win7-20240220-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240611-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 88.221.83.227:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:28
Platform
win10v2004-20240508-en
Max time kernel
49s
Max time network
53s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-18 13:15
Reported
2024-06-18 13:29
Platform
win7-20240611-en
Max time kernel
120s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1