d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478

Analysis

max time kernel
148s
max time network
135s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Minecraft.Note.Block.Studio.exe
Size

42.9MB
MD5

cad7ed3f0e24ed9d0c642a8db5711b6a
SHA1

526f38aeb0aac98e8dc834af594cba5210555407
SHA256

d49877b56eae195a92a251b8a2323f9271c5d1258c8671d26e03ee44425c0478
SHA512

21d07a10d13cc95ddaadbb7ed3045030c33cff6759af0f091e9058ae1c1b40dabf5ed1add13f62471feb19f3e1b52bd93246cd1b01ff9059aa32d1abd1e2597b
SSDEEP

786432:SeCSW3HLvaImZhgT3s6T/STneTZxcmpMmQO9KWNMurqQVbw+Dw3X6cM:eSC/mz8sEsMemWm/EW6u9bwnU

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
108	dxwebsetup.exe
2248	dxwsetup.exe
2464	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe

Loads dropped DLL 43 IoCs

pid	Process
2120	Minecraft.Note.Block.Studio.exe
2120	Minecraft.Note.Block.Studio.exe
2120	Minecraft.Note.Block.Studio.exe
2120	Minecraft.Note.Block.Studio.exe
108	dxwebsetup.exe
108	dxwebsetup.exe
108	dxwebsetup.exe
108	dxwebsetup.exe
2248	dxwsetup.exe
2248	dxwsetup.exe
2120	Minecraft.Note.Block.Studio.exe
2120	Minecraft.Note.Block.Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	dxwebsetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	dxwsetup.exe
File opened (read-only)	\??\Z:	dxwsetup.exe
File opened (read-only)	\??\H:	dxwsetup.exe
File opened (read-only)	\??\O:	dxwsetup.exe
File opened (read-only)	\??\Q:	dxwsetup.exe
File opened (read-only)	\??\T:	dxwsetup.exe
File opened (read-only)	\??\W:	dxwsetup.exe
File opened (read-only)	\??\Y:	dxwsetup.exe
File opened (read-only)	\??\J:	dxwsetup.exe
File opened (read-only)	\??\L:	dxwsetup.exe
File opened (read-only)	\??\N:	dxwsetup.exe
File opened (read-only)	\??\G:	dxwsetup.exe
File opened (read-only)	\??\R:	dxwsetup.exe
File opened (read-only)	\??\V:	dxwsetup.exe
File opened (read-only)	\??\I:	dxwsetup.exe
File opened (read-only)	\??\K:	dxwsetup.exe
File opened (read-only)	\??\M:	dxwsetup.exe
File opened (read-only)	\??\P:	dxwsetup.exe
File opened (read-only)	\??\S:	dxwsetup.exe
File opened (read-only)	\??\A:	dxwsetup.exe
File opened (read-only)	\??\B:	dxwsetup.exe
File opened (read-only)	\??\E:	dxwsetup.exe
File opened (read-only)	\??\X:	dxwsetup.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\DirectX\WebSetup\filelist.dat	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\directx\websetup\SET81BD.tmp	dxwsetup.exe
File created	C:\Windows\SysWOW64\directx\websetup\SET81BD.tmp	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\directx\websetup\dsetup.dll	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\directx\websetup\SET81CE.tmp	dxwsetup.exe
File created	C:\Windows\SysWOW64\directx\websetup\SET81CE.tmp	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\directx\websetup\dsetup32.dll	dxwsetup.exe
File opened for modification	C:\Windows\SysWOW64\DirectX\WebSetup	dxwsetup.exe

Drops file in Windows directory 40 IoCs

description	ioc	Process
File opened for modification	C:\Windows\msdownld.tmp\AS778873.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS778F36.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS779B09.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77BB16.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77D895.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77F068.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\security\logs\scecomp.log	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS778873.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS778F36.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS778F36.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77A70A.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77BF5A.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77BF5A.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77D895.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77F45E.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS779B09.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77AB1F.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77AB1F.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77D895.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77F068.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS779722.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77A70A.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77A70A.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77BB16.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77D309.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS779722.tmp	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77BB16.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77D309.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77F45E.tmp	dxwsetup.exe
File opened for modification	C:\Windows\Logs\DirectX.log	dxwsetup.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS778873.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS779722.tmp\dxupdate.cab	dxwsetup.exe
File created	C:\Windows\msdownld.tmp\AS77F45E.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS779B09.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77AB1F.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77BF5A.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77D309.tmp\dxupdate.cab	dxwsetup.exe
File opened for modification	C:\Windows\msdownld.tmp\AS77F068.tmp	dxwsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1724	624	WerFault.exe	47

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Minecraft.Note.Block.Studio.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Minecraft Note Block Studio.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Minecraft Note Block Studio.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxwebsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxwsetup.exe

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000683017697265594df7abaff73856dbd6e7770bcebfae01c8f4aa34f6f6f36863000000000e8000000002000020000000a61cf919101c601b12b53679ca6076c61e05843997bd4e16da3bc4f054913dcb20000000531456480633465bc7bf54813a7207bc455790a7dfa7547cc6a71e01974dd41040000000ac95d8c39086d522b610f6b27db2b94920aaeb1de88de9a28bf19dfdf9e15cc5dabfb87e2df7cb55b578fd2d2bb223a49e06b28524c158b7c990decf7e15683c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03041057ff1da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000f725632a601cf955d50bccb5dd763e58774f63329566c196be1fa8a72ea62a0d000000000e8000000002000020000000c4903f2a369e6605a09ecab569170c62c04405e69b22155b2a5cab768cb8443b90000000021e89fdc71610451b057b0d5c1503f6a90381ab85fa3d085a8ba4ac7340105cb92a702eb0f67dc672abd49a3a2c23a6913229ae8e042d80275ea4ca7668fceb658fa05726780ef806d4bce2539f8ce8a631caad29cc36f88893368c47771ca5d6bb2ee494b8a7e5a4bf097c000997e1c4ffe5e715b1964e232145c4ee474d2a1e1745943320056a3ce61c5d42f6e7af40000000b136d73c4275361d93615c4b91533b828e1bf5c97ea7a7728f8ede08fe536a8c265e52ff7f9a33d331eebd186861e0bd79b77cf2cbee508f28c96f7fb49efd8b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3BCAA571-5D72-11EF-B74A-EA829B7A1C2A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246	Minecraft Note Block Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\shell\open\command	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\shell\open\command\ = "C:\\Users\\Admin\\Minecraft Note Block Studio\\Minecraft Note Block Studio.exe"	Minecraft Note Block Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\shell	Minecraft Note Block Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\shell\open	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\ = "URL:Run game 848873736702132246 protocol"	Minecraft Note Block Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\DefaultIcon	Minecraft Note Block Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\shell\open\command	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\shell\open\command\ = "C:\\Users\\Admin\\Minecraft Note Block Studio\\Minecraft Note Block Studio.exe"	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\DefaultIcon\ = "C:\\Users\\Admin\\Minecraft Note Block Studio\\Minecraft Note Block Studio.exe"	Minecraft Note Block Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\URL Protocol	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\DefaultIcon\ = "C:\\Users\\Admin\\Minecraft Note Block Studio\\Minecraft Note Block Studio.exe"	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\ = "URL:Run game 848873736702132246 protocol"	Minecraft Note Block Studio.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\URL Protocol	Minecraft Note Block Studio.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\discord-848873736702132246\DefaultIcon	Minecraft Note Block Studio.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Minecraft Note Block Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Minecraft Note Block Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Minecraft Note Block Studio.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Minecraft Note Block Studio.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Minecraft Note Block Studio.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	2248	dxwsetup.exe
Token: SeRestorePrivilege	2248	dxwsetup.exe
Token: SeRestorePrivilege	2248	dxwsetup.exe
Token: SeRestorePrivilege	2248	dxwsetup.exe
Token: SeRestorePrivilege	2248	dxwsetup.exe
Token: SeRestorePrivilege	2248	dxwsetup.exe
Token: SeRestorePrivilege	2248	dxwsetup.exe
Token: 33	1576	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1576	AUDIODG.EXE
Token: 33	1576	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1576	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2120	Minecraft.Note.Block.Studio.exe
2468	iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2464	Minecraft Note Block Studio.exe
2468	iexplore.exe
2468	iexplore.exe
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe
624	Minecraft Note Block Studio.exe

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 108	2120	Minecraft.Note.Block.Studio.exe	31
PID 2120 wrote to memory of 108	2120	Minecraft.Note.Block.Studio.exe	31
PID 2120 wrote to memory of 108	2120	Minecraft.Note.Block.Studio.exe	31
PID 2120 wrote to memory of 108	2120	Minecraft.Note.Block.Studio.exe	31
PID 2120 wrote to memory of 108	2120	Minecraft.Note.Block.Studio.exe	31
PID 2120 wrote to memory of 108	2120	Minecraft.Note.Block.Studio.exe	31
PID 2120 wrote to memory of 108	2120	Minecraft.Note.Block.Studio.exe	31
PID 108 wrote to memory of 2248	108	dxwebsetup.exe	33
PID 108 wrote to memory of 2248	108	dxwebsetup.exe	33
PID 108 wrote to memory of 2248	108	dxwebsetup.exe	33
PID 108 wrote to memory of 2248	108	dxwebsetup.exe	33
PID 108 wrote to memory of 2248	108	dxwebsetup.exe	33
PID 108 wrote to memory of 2248	108	dxwebsetup.exe	33
PID 108 wrote to memory of 2248	108	dxwebsetup.exe	33
PID 2120 wrote to memory of 2464	2120	Minecraft.Note.Block.Studio.exe	35
PID 2120 wrote to memory of 2464	2120	Minecraft.Note.Block.Studio.exe	35
PID 2120 wrote to memory of 2464	2120	Minecraft.Note.Block.Studio.exe	35
PID 2120 wrote to memory of 2464	2120	Minecraft.Note.Block.Studio.exe	35
PID 2464 wrote to memory of 2880	2464	Minecraft Note Block Studio.exe	37
PID 2464 wrote to memory of 2880	2464	Minecraft Note Block Studio.exe	37
PID 2464 wrote to memory of 2880	2464	Minecraft Note Block Studio.exe	37
PID 2464 wrote to memory of 2880	2464	Minecraft Note Block Studio.exe	37
PID 2464 wrote to memory of 1736	2464	Minecraft Note Block Studio.exe	39
PID 2464 wrote to memory of 1736	2464	Minecraft Note Block Studio.exe	39
PID 2464 wrote to memory of 1736	2464	Minecraft Note Block Studio.exe	39
PID 2464 wrote to memory of 1736	2464	Minecraft Note Block Studio.exe	39
PID 2464 wrote to memory of 2600	2464	Minecraft Note Block Studio.exe	42
PID 2464 wrote to memory of 2600	2464	Minecraft Note Block Studio.exe	42
PID 2464 wrote to memory of 2600	2464	Minecraft Note Block Studio.exe	42
PID 2464 wrote to memory of 2600	2464	Minecraft Note Block Studio.exe	42
PID 2944 wrote to memory of 2468	2944	explorer.exe	44
PID 2944 wrote to memory of 2468	2944	explorer.exe	44
PID 2944 wrote to memory of 2468	2944	explorer.exe	44
PID 2468 wrote to memory of 1544	2468	iexplore.exe	45
PID 2468 wrote to memory of 1544	2468	iexplore.exe	45
PID 2468 wrote to memory of 1544	2468	iexplore.exe	45
PID 2468 wrote to memory of 1544	2468	iexplore.exe	45
PID 624 wrote to memory of 1716	624	Minecraft Note Block Studio.exe	48
PID 624 wrote to memory of 1716	624	Minecraft Note Block Studio.exe	48
PID 624 wrote to memory of 1716	624	Minecraft Note Block Studio.exe	48
PID 624 wrote to memory of 1716	624	Minecraft Note Block Studio.exe	48
PID 624 wrote to memory of 1508	624	Minecraft Note Block Studio.exe	50
PID 624 wrote to memory of 1508	624	Minecraft Note Block Studio.exe	50
PID 624 wrote to memory of 1508	624	Minecraft Note Block Studio.exe	50
PID 624 wrote to memory of 1508	624	Minecraft Note Block Studio.exe	50
PID 624 wrote to memory of 1724	624	Minecraft Note Block Studio.exe	53
PID 624 wrote to memory of 1724	624	Minecraft Note Block Studio.exe	53
PID 624 wrote to memory of 1724	624	Minecraft Note Block Studio.exe	53
PID 624 wrote to memory of 1724	624	Minecraft Note Block Studio.exe	53

C:\Users\Admin\AppData\Local\Temp\Minecraft.Note.Block.Studio.exe
"C:\Users\Admin\AppData\Local\Temp\Minecraft.Note.Block.Studio.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe" /Q
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:108
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe /windowsupdate
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2248
- C:\Users\Admin\Minecraft Note Block Studio\Minecraft Note Block Studio.exe
  "C:\Users\Admin\Minecraft Note Block Studio\Minecraft Note Block Studio.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\Minecraft Note Block Studio\Data\wallpaper.bat" "
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2880
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\Minecraft Note Block Studio\Data\wallpaper.bat" "
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1736
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe" "http://www.youtube.com/playlist?list=PL7EA4F0D271DA6E86"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x59c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1576

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/playlist?list=PL7EA4F0D271DA6E86
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1544

C:\Users\Admin\Minecraft Note Block Studio\Minecraft Note Block Studio.exe
"C:\Users\Admin\Minecraft Note Block Studio\Minecraft Note Block Studio.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\Minecraft Note Block Studio\Data\wallpaper.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1716
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\Minecraft Note Block Studio\Data\wallpaper.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 1468
  2⤵
  - Loads dropped DLL
  - Program crash
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f2c175784061abfe4f04b9b77f379536

SHA1
47a31074bf1ec1963940a17840339a500084dbe8

SHA256
53fe573f03d42675a92f407bca5d17a127974a0fb12e3671248b1aad9069b65d

SHA512
c47b99f1d0799efa7b0cd7938b2d439c3d09843908d286321ed8bef04859ecfa46c91baa3420e63cfef99f77e04435c2571963adde9844d15769e55213b5447c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
07167a2a52f2d04e587c91ed653e726f

SHA1
f3267db23498b7a03c8fa94e858ebbad01c1bf16

SHA256
93223430919553f0918aedfbfc99c36b31dd6b2d8896c1e2d96adc90e2ebf110

SHA512
83dee5d33769802818ee65da342b6ae2bfd112cc615a4b78f635d8cf42c850b4d4d4305c9524604bbe4ab7d273d471adcd34871f9cb6ecf5702e28b4afd94b6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9080b577fb8f9ef2fedc5e5e4af8595c

SHA1
911231d9a76b924ebc21f77ee94fd14692bea0f4

SHA256
f7f08ce070e9ec0b6f7ccab98a319caca5c35719c035abeb18eafb84a6389cb8

SHA512
64d39776766fd1f8efa5b7c8f947bf5dabe1ae15ad30a984eef4355691d41b9f070e5ec1cc8e4353a80fde1582335b98a19507fdd4b703964caaad2e4e50e6c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c138812d81335fd7df1272e486d80e1c

SHA1
9845c716228ce4cb60e6d9d08bf61372d3b5bc10

SHA256
77bfa462a2784d3504f12f09def9b0c552e13038ca003989d6bb24c70bc4f367

SHA512
831e7336d465fe3cd1839d417ec843662cc6d527551fefcf6427f651ab15aff3517cca63da521075c22c612c800a63ec43ce0b36ceecf72cb6cdac184c1b633d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
35bbd1fd9302a81cbbbc5185e74d5e65

SHA1
5b05aeeedf3380327ff8251b43d1dfa985e686c8

SHA256
0131375ec97f92e94b82edd7e71496039118acd4b66d2495a2a7b49690d7a4fc

SHA512
310b19048856e81424c0b7b1081740928c1df4443960d32997c76e6f5db9aafa41f19d05a4623ec0df75a69006076a00e1ebbd515d1a0f6a1634a89509e6c40a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
11f3203dc08abf7edf317cb948585b76

SHA1
dcc3d5ff2b7fcdf7a02e1458c24e351661ca98f6

SHA256
b3325448f155504aa6cb0ebc2afd67a803cfb2d74b62ee432ca6a62e2bf76896

SHA512
07eb264180ddcebd0265e47d12382c5462ee8bee98d8d3c88b2b7304637fb7042903ca2c3c7848e2fbbcca5ca13f62ce42d00b7ea06f25169c5f4aa5c5a4538e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c45b2542df45693578523646bd3543de

SHA1
4597c06aa3f15e7563a1ed2f71720345dc107476

SHA256
b728d39079a6d3595755706f45600695288d4d94202f7b501252967b427188f8

SHA512
143cd3a4b4fd9d4b50c837de6e10120c7dd46a54ad7fa7ce2c9668d89250074040ec3216a9b170881fca0cddf7142361c9710f5d2abc3f504029f4bbec10864f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0e29829bfa6bcb84d52a8c3e20b5c3f9

SHA1
de634cc667d422f95cf0ebd5c90231d460db3711

SHA256
a4c66d6b3a233507483264c4c33637550e2852dd7b1c49f3d895fc04f6b3d235

SHA512
1e6c58c34ab6de82624e328973f144627c298a61f6ca79133a66bf7f0fdaddd4f46f9bf009c222606b4f6e2bf1dee6b52d2c76ded3734972877f89ad11835396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S0TJUXP0\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UQ4J2DQ\favicon_32x32[1].png

Filesize
1KB

MD5
12430f012c4b6b4a91c63cbf1369e1ff

SHA1
a8502ade0c47e23230e5da9d5658ec1f1da309d6

SHA256
079919e3400ba9bc0d569f5634cc41b2fd1b8e7a721b2b473d21f10fe2fa7f6b

SHA512
17b7564088e12cd64ae79e7179ef4b26941370dc442528cb08320fc0d40bec88d2b77124624685acf9ba974467e27a7051703761c6fffe5468c90217cac5a4a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69P6875H\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8529.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll

Filesize
93KB

MD5
984cad22fa542a08c5d22941b888d8dc

SHA1
3e3522e7f3af329f2235b0f0850d664d5377b3cd

SHA256
57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

SHA512
8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

Filesize
56KB

MD5
2c4d9e4773084f33092ced15678a2c46

SHA1
bad603d543470157effd4876a684b9cfd5075524

SHA256
ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a

SHA512
d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

Filesize
56KB

MD5
7b1fbe9f5f43b2261234b78fe115cf8e

SHA1
dd0f256ae38b4c4771e1d1ec001627017b7bb741

SHA256
762ff640013db2bd4109d7df43a867303093815751129bd1e33f16bf02e52cce

SHA512
d21935a9867c0f2f7084917c79fbb1da885a1bfd4793cf669ff4da8c777b3a201857250bfb7c2b616625a8d3573c68395d210446d2c284b41cf09cc7cbb07885

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf

Filesize
477B

MD5
ad8982eaa02c7ad4d7cdcbc248caa941

SHA1
4ccd8e038d73a5361d754c7598ed238fc040d16b

SHA256
d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00

SHA512
5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar854B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe

Filesize
285KB

MD5
bcbb7c0cd9696068988953990ec5bd11

SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c

SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF9D756ADA2AFDF522.TMP

Filesize
16KB

MD5
eb2c973adbe36c5336464b17e4886256

SHA1
9ec17d96834abe06abf22c44d14b92bb11668d29

SHA256
03138842f29af55d82972416cddd407245282bc6d6f650d71679aa2a26ab7774

SHA512
ab1d593df5e63a58247bfbffc0667ab23c4a772f450ca40dde95ab277ac4558b14e893019ea41aacf5b1b4fe3d302907716d581376a270846de5360bbe394a6a

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
385B

MD5
7eeb2dd91ac6e604f6878f69877d044d

SHA1
c7538c13d66356d75660bf015847fabb46f3dceb

SHA256
374f2026c275ee4927241f9c13f77dfd65950f2d151e2861450d6330a5566f72

SHA512
b6d266394b170065b43955652dbfde2cd7c9aba8ca6688abf07f96bd2e2aaae56db7147c8e2e8bfc4746f75827a1a06077e37f52c07f2ecbd479051a614a3d4f

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
1KB

MD5
bd6eafd407cac5e78f7f8798abce1541

SHA1
fb8365ed845798d3b6281c1a4540c8a1e2affc71

SHA256
acf7d77e485ce5ab619031b573ee2696afef5aef38886a60933f642c51f27150

SHA512
71aebd709a17fd07387476b1cf480f9a30958ec408abda279106fc4b310d85e87dccd0938fb16bcba62205d1ea74785426d75d772b74caeeaef71ce925de3bda

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
c42edf463c586e1806993b9acd3bb6b8

SHA1
28723150e5cc225ef06c25df91514e382c5c6c62

SHA256
4b1a39e69c374c925795673b5638b42085173f95daef6ca38eb15c7c6d9741a9

SHA512
ffcaab32093e248a187a38ccca14d3811e1a840a0bdd5fcd3944b8079f12359a11ad122f325be92857081fc63ce4f9e6dccb7aeda429a21f251adefb7d8798b9

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
4d9d2b490057c312a52704c377bed2d9

SHA1
6176feeb22df21637300cd7d9b9e1d9f14c69624

SHA256
679e67f9af5eddf891637db057dcab2c322f76b847e88c919365c91ad602cfea

SHA512
eaf80ad02bc815c2b13b070ed754f0f34e4144a315a1232716f0fda6358a9e1becd1373d21133e9901ff96abf99d9da2f995031efb6e5c6f373861e561d5af8c

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
6cb27b8ce09c5c3f2764cb90d658102c

SHA1
12f6a5bd5950267c75feaf453c0708e21ef83254

SHA256
80907ff0c88f0296ea1cf03ba665712c2c99cf642357c080045b19864939b32a

SHA512
0b39a944c108f7ab24ead54bc1220468cd91e537652c885527b1e0d003806e8051bdf16c822d194a5efc64d7c9dbe64c25282b8de472aaf7173fe1d682f6baf9

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
7a3620ecf132130ce2de585b43d662c5

SHA1
770e0e07c98ef13ae7ecc194fbee31059cda10e0

SHA256
dba8389d1ee2176d9549ca6724c2d22848d10729be3ac0aa4ff5e62364139ed2

SHA512
70d45d55fdb97f020692aac5c382419ba013cf989dd041c13800a6ff477657d0271a625c11121c1f9e3aed7f89aa9813faba5b97052d9a03766cf8b8838e25a8

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
35b059b3367076f24c32a410588b0a3e

SHA1
098fac15db6352fffb9fa5c883c0afc3d567b422

SHA256
1bed49038877401d197ec528eabafce4b3b00e574c23b0e8e24f4b0590d372c4

SHA512
a6417ec10520b37f9a0adfe2e8d772544cd21a572ba7b0e5299fc369a7eb6d05b3d2477f006a6715253bd2a8eee536019c679007d6a939aff016c272453a9b85

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
4KB

MD5
c7405c3ba6c30666e1780a47b19f29e2

SHA1
50d7d84df71cd57b8b8a5c77d38234296f4727bf

SHA256
a0f71094e850db9930bcc839c246f0acc2578f6e781a10bfd9a64f6ede33b1e4

SHA512
956131f48b5e25c3bd874aca94b6e32c7f568b5bbb734ce9c3df9c7da811c195042bc8fb36219c37e4ab4d0da59bf939655922f2179b4c7f4d745325298eeae6

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
385B

MD5
da578ef4acc94a4f8353ef1eb9679e9e

SHA1
ecea32599085d21f76d749c479610df48be2561e

SHA256
dbe8311dca8fba7d30c2845f19ceb542e3f4aa2352e4d1d807fcdca68f2d180e

SHA512
e802b74d4010b220f54b643e276b2ca9bbec8cb1b7541e495855f19b95aa3f521f50dc54061661c75eae467df7972633d78ada91a21a55d962bbf847c4cde9a8

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
1KB

MD5
9e839d7a87977e0f5e1011483bf4dfb6

SHA1
6872384c9c5c0304947362e7c6b8ca1bd923e3d6

SHA256
f7b928fc6970d29893b4ca9c6336535b85a999a7a44d6cd89c5eb94c947474ec

SHA512
d9bfa0f17f84cae3d3aa2a09dc1f0a7279e9191abd834396e8085fef622cc2888db503ed033c739f41408b20355464685a1c3448d373156bd090c8952ea12221

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
1KB

MD5
9ae2389fc762df964cea9d4a62c25d82

SHA1
99ba831c5ecf63f61d285733e3acb34bc0312ebc

SHA256
d9a296096517f9840509c3372df7b741c8662007ae7787d6cae34e2e5a3daefc

SHA512
9773b3952fe5b6c0e4e60dee08127e723922e34142343ec5592e3ec4a50eb55aef6ceb62ba5717354332fe386d20a027e83f116e930c8eefd268f8db505ed3e5

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
1KB

MD5
99ebe771ebcbd5f4f76a1d13a440c0a2

SHA1
f522494db00c688fd4342a66edc1e95679977548

SHA256
9dce703257d0c4a3affe25538f528f94731ef41621d42599195fbe97a1aa048a

SHA512
a8c06a1e51b4bccfd1b45b039757d977947381cd009e003f70177768142f155bfc37ec89e8518e45033fc8a2379b57d46acdec5992b3aac4932babb30c42a794

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
1512e22f943122a82a499ee4eda3f1b7

SHA1
b1ab3deb11c23c931a9442c1afbe83b228d0cdce

SHA256
31a7c088acd992a80b268a531a9341e009fbd57057a62eb9c2b1909381bde7f8

SHA512
bfa86fcec77189046f510b61190f57741f7193b3f4bea97b9b73ab24ab51e1897c74c6ff4537b36c0ece0db3d2f76959b0ce45b79de2b81e1b376a47e4151523

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
9c13f4c2eae7e4f65fd5829f27832343

SHA1
57ecc47737f7a8fe14b848281e908fba0a7f0343

SHA256
9830ba1f9c3ce2a6be163802056b9dad8d0cd9bf20ef4fe1dd79f57096d339ff

SHA512
8140eff86e9d1e70819a7e0ef98fdafd5ff8368a0b32fc1881698c25f518264525e1cc4301fdfd0ec7c3c6d05ae81a56c96396330d14af36b53f087bcec6ad0e

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
bfec159c51212f67fd60bd08dfd62545

SHA1
a4d56cbb968545f11b6851eaff83d831b807b0d5

SHA256
ed1a5147b5028377f3b9058ad8c65ceb060cfc93169fce57c50778a1f59df65d

SHA512
8c442a82d66ed35604c6f7ff13c4ff1096ad4985e91fae2623244867010ba780dd081796471abf2614b5b64f1e0f979d3e6d02677e846306d5a38523dbc113ca

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
0332132f939cbbc182102728b4ca4a4b

SHA1
634a478dac76226ed7ac6e8870c662aa17405162

SHA256
e5d8588ac2bb36af8d6e531d135535a51c11899ef8e84f42f0a6d0a28f9217e2

SHA512
676ed17507b0cdd7a5f33d8958397aa392df89c5c4408161ad9cfe5a922f4e606f403a0eea044d5f75a79b51eef73e632297fd46427492796b459cd87e5742d4

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
2KB

MD5
d41d40ac8828151c9244a45096fed48c

SHA1
cce36c8effb7d870f1e74bf990f09855e7cda892

SHA256
35706cd23a6dbb11f1929537bd6296879be3c7246e5827a0c86bd74e864da71e

SHA512
c12f20c934b5644f33ed76dbf7c18f9fb8509cc655b24b4c29f97960e1eecb5510203794524132c974c96cdb0f72f66dbb440642ee06b3b7497cbb9d0723badb

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
bd20adcf331922bf53b686eb5cfa4125

SHA1
8daea000706ec6fa74bd15407d19a5e239af7e73

SHA256
4cd317e2006f629398b635798fc4f9d5f96b05f5d8e8f06921f18e860eb38f5e

SHA512
917dde7d49c4293e52446009766d7a8a4b67ae4e63b5c5a2553faabd5ba66533867b0452675623032453ccbb86f9d552b92f9b179eaef27a9e7272a87ffb8a98

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
eb5a56d5e96df91c90a341549e5d62d2

SHA1
9fbc11719dc3711d84a120fb83cd1a82093fb820

SHA256
2d8d84e4c88395eea27d9af27a88e52094a469d97b5410f66c0f41eafd11fab9

SHA512
10f71bddf7a10c5d81a88b28812237c0a93847597195584a1c40d406775afef49491736ec6dfa067365b411bd421692c68c68deac3fa6fc751de6b62be9896a6

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
e8607555e5403d6491d14c449d615c89

SHA1
b71288f3b7b4edc8726215e0c06ec74cdca9f22b

SHA256
efa0d391ff135d3790409fb03271ecb744434ac3d1668059daf9698148bd8e1b

SHA512
1b77d7ace46d54a50ba7306439e17161fdf68c47c0262029a4e1a2d9fda2c9c9c1db3074a53eacd1040b7ab6391c7fbd67d11009be44e4b1f5ad5c8357c9e7c7

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
21e25004ece2b70d8e3acdcdb7768d7a

SHA1
a411ee62c5a5c229058b029cdb6dee93ab9c3a0a

SHA256
412c4f7c42b42f7682acdd7715a30e2f267631048c7f73787e3744ff9aa47935

SHA512
a1732eb7f28a9d271181458d6211db05fab34d584552cd4a2851a6f40f8fa53ee0bb32d250a3be0f7213facdb7cf4c0d88fb729a0a18630a20bb5d86d503dda8

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
030dd7535586b8f072df9324c58f4a3e

SHA1
960e5e2bdf309f640c45bb4c8edeae704d2c99a9

SHA256
db81744ffd7a969eefe581ebf5b673e6b45d15a5bf305a3ce74db3ff44c1e3b5

SHA512
42520e81763b99ceab09a551bb8a64df4a966471c53ed5b255856c0c5ede926edcdc6451b3d4586793af77aaf63969f1b0eb5c12c467f840a98cc82151be31c1

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
3KB

MD5
89881cce4ea75d111076b5c4541bea02

SHA1
d2e9ef02f22eba12a071774785b19bdd3c0eb2f3

SHA256
446e5cfa75829ed984ee71c081c918650927fcb3a4ad778ab40264c357007f1f

SHA512
9ab34ba37a4e4b274aca7fc95d54f85a4c3e3004c1e15963fde66ab46fcc396a85d34200b420e47698406d998a4c309cc0eecb6cde79ffff26507709a5933215

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\log.txt

Filesize
4KB

MD5
9bf48450f41e8f135f394a1f8a3ce858

SHA1
71ccd976bbf74510b06bebe6ae382a87ee955ad6

SHA256
50ffacd1859d958ac7ad21750475b530b76db43e35c9a9b98f32b93d8fb6afb3

SHA512
4b3312d9940a0a6aa0650f692846541df2bdea85e79cb268328decd6aef7f06062c95e75b2e7ceb731e2f62ec197832ef0a086c294bbfcd9ddc11a3f10f36665

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\tmp.file

Filesize
84KB

MD5
0ae0b50e5e5c0b0829c92bdf9b3157f0

SHA1
0d99f46606fb4eae93074220fd05f4029bbc2cff

SHA256
3cb795036fb275e833d56a615944abc1c43979761e8e879f3db5d9752cd2a6c3

SHA512
cc81bbda16d3fa6a6f3a74f8e8f92f93d626f7671bcb1fb212e2ee68421fd8099bf0b9f2b396def42e66a973c0cb59743e9535308d0c6f5186209f9a0751c7e8

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\tmp.file

Filesize
52KB

MD5
d40e6ab843c087174f531c92ac300260

SHA1
d6cdfba8368b1f6ca4403a6997b68dbe43b6c73f

SHA256
63bab72f24e7200fb377b6fcfd0765ed40a96a148a4ac96f0cab3404b261a704

SHA512
a7e1ccf5780f8cddd0f21ec608e1c1d2560ebdbc20c3956aa98d6cb866f9678ebc48a65ab5eb468e136405e86384d293e58e9c40c14ad395ff6b953187aaac68

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\tmp.file

Filesize
99KB

MD5
3ffa08a31d49c6343dbbaadf0a55f8e8

SHA1
8b49e98bc5a4a1197b172c26d7828f2df234b905

SHA256
d34afc386b04241b167d0e1497311d99932599d3ad6cc7bdc2bc179e79176616

SHA512
d029cfb66a86682c5d077b72055d60c574034a6c8077cfec08870d5c81c69704a1fac93c934818876194c479b032b8063d9bbec94ce8ed2d980c4315de847238

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\tmp.file

Filesize
99KB

MD5
26d204e2c1f14050fb2b1e03b81977f3

SHA1
02d60b34266b97dbb08d8a184695545147b4ba32

SHA256
34d8659acc4ee81df6fa1aaa39816e0ac2ca57eb352ece19aa10a059bab12a9a

SHA512
8b09a64f4d45dd5062c3b83bc8831ff5274de3e3405d9982cd8a9e6ce18e92a55d36d268f41bb38fb5638f22ae42b0eb41c76fb67e5f1e4a8ba443677cc3ddcc

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\tmp.file

Filesize
64KB

MD5
05021b18e453e43ab48bbde2982a4f56

SHA1
6b4abca2cc0f80da3db053b4a1aef0688d359771

SHA256
128bad005e24bcbdd686a8fc83008c5a27b00fdce21338ed43e5b2f9da1c8cfe

SHA512
9fb0da104aefaf8b56b1958aaf96df8e4661d5a6d53069d7c921aeefc1114fd802c1d61b6cdf5707fec0bc5d0eae5a062ed2a6ad1abea621c88260f61464cb40

Download Submit
C:\Users\Admin\AppData\Roaming\Minecraft_Note_Block_Studio\tmp.file

Filesize
64KB

MD5
6e8fbce27a79b038b09d36a18d6070d0

SHA1
e74bb64ba99dce2b0fb381de65eff8f1b633b1e0

SHA256
36405ae8f875eec449557a0870af6af51f7b15eae355dab266a3a161caf96cea

SHA512
1595560f2f47a4e606988aee9ee1d54fcaa1503fcf3ed161e3589fcb4a037b95d67762142fa105a7f3c3633b2613abf54df5c6cf8c2ebead389b82b7fe7b111e

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\UI\ding.ogg

Filesize
22KB

MD5
6ef4a2ae431184e1d335bff05f75909a

SHA1
2614e83a7c7588dfd8182ba67c356c3cc80ad993

SHA256
def1e3c5b8ca6b03ff4ea10c3435c295b1bfd4ea1f508e5d53c3ddca584490c3

SHA512
35285c8b28189180cdce463ea996a81b0086437c59b1f90c65b7f24f19f8529d9bdb11c79cb0334717aaad27fbabe7346b30b0c6764b083f3705f10547635bfa

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\UI\goback.ogg

Filesize
10KB

MD5
d32bc56b9794a7d177d78542e9004c33

SHA1
71991b8316c687a139dea4e51a2322b633cb13b7

SHA256
03fdb588d83d0423be9b9d1cc064db946db0439f241df9857e1cebf5d2ae82e6

SHA512
b86bea969bcf05d854d07a93db25d0ecf33713e31102dbf39e3fdf9efc8a47aa5f59a150f8e7c0b844d4538bf6d97a712d8136d718c5ad379722f38f512e0a4f

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\UI\hide.ogg

Filesize
8KB

MD5
7ec1cd0178870357e31e12c5ad181b05

SHA1
9b1dc4e7ac1e28f016e0916c20e850ec012ee86d

SHA256
55caf558c184af7c10f6c55dcf63e404641e4ee59bfaaf903d98de32b14ca929

SHA512
582150bce201e813d5277c9f90cd4adbb192a87ee0740343eccb483d202dd394ab59e24af8b121adbfe9786923da8717c3b72bd93277b938164cfd916451d716

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\UI\invoke.ogg

Filesize
7KB

MD5
17bcc4de3189df1806d07a49f6c78cca

SHA1
e9dd4b5dc46214ce7679a2083a5fc6ae2d72572d

SHA256
e1ec786747a43928be80bebdcf134f390b847664243f7e65f0e06cb78532543a

SHA512
0cc955022d5cc27ed66ab45423becb77b8bcb10de36e50f7d00fe3a2d11b181c1048e34706b859eb758abe5fa78102b307dbcbd14b8b82571ed51adcbc4e416f

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\UI\metronome.ogg

Filesize
7KB

MD5
ed3df8612e16bcbff1c92b8f53979e86

SHA1
dc9a2767ba84146a0053045f98fbca4ccd8a2e32

SHA256
80d311bae48a9753c529bc826b55a80065a09e7bbc93a273a5baf5e5964646ce

SHA512
4604e4803091bdafeb58052d585ba0ffb5614faeed0d972f76d22b71cdf4a5b939095929c42f676ecb54acb2ea3a6387e7ab3333b9c1972ac27aad8bce3d2b32

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\UI\metronome_click.ogg

Filesize
7KB

MD5
07a248eca3f21013cb3723b74252d061

SHA1
1d5ac8dee4a10193f4eb27b249b36677811745a3

SHA256
a78206330947a04fc17c87f29ae95c50517a2a14beaf1cc57b8b02d2fddb7dee

SHA512
fd22b1a55b7595a1e8d30704b284073cf2662b0a84ade916ed58efffc53ae00cf31fc4afb998a0d4be1fd612cd2ec412e93442c8bf9f4b021babf11c65b30c82

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\UI\show.ogg

Filesize
10KB

MD5
b01234519c5ba70f5461890ac8934a14

SHA1
71bc4b63b141208113ee7a0df5752ba980655116

SHA256
5d4c9b42b994c2d1812229ed3388fad190884bad374f22f655a99215355de51b

SHA512
d7feae0c1f69ef842c046d48a3d55a6c054a0ece154068fc7282ef921194b04f120c40c23313df5ab9bca128a285a53db746e458978539443e15c17a093577ff

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\banjo.ogg

Filesize
12KB

MD5
fc0ae6b81dd61d6e7662b44f9715c02b

SHA1
9ac8fb7e3a96a287bcc1440d8307711262abff51

SHA256
06b4e1927947bf2152d2d552099f753b2842f2419632f8effa1bad48d03af5f7

SHA512
a35886f5dd95ac8f092826995ba89b9290472207d851ccacafc17b925cb41215d08c25bb1191cd29fb406af1d7890ed9882a98554b80f2c82292e12cf302d3ed

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\bit.ogg

Filesize
11KB

MD5
37c995c84cc80426756d2971eb7f6fa6

SHA1
890be7c19b51611c9f834e35177f1c407bcf8fbd

SHA256
6f5948e882931aaaab6a2396e0fb77228929481150fc0b822e4ac0d4c6c3bcfb

SHA512
772aaab6d7dfcf56a7c8c2da30d2591919e25cca6645c8e398df3fea69ab66934dd67130b89ed36e0660491c771e34e1b215c563023419e7d50f63005dea8748

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\cow_bell.ogg

Filesize
8KB

MD5
5176e06171f58aac7d4b7fb9ccb6c479

SHA1
a69ab2376207659ed24a427d15997bb7fbcd5286

SHA256
7a18c945ff55914a4f51ddf6ecb012140cc737e63931947377c940e0d66474b7

SHA512
37f823b2f98a8ce021ddd8242768d8c5054148fee63ccd28851f65b99442126e6eb224208358893ac6f76780b0f00217e9334026665178f222fb33cdc371fc5a

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\didgeridoo.ogg

Filesize
11KB

MD5
2d131d3e670723bb298365e8c425dcbf

SHA1
316d979f27d24b28a43ed4d7cfaf1e8c1f899f7b

SHA256
7eaecdb39733fa5d1db91ec93fdc745a2cff9d0d77afdcbcfa9bc12568d542aa

SHA512
8a34cab0a28f6ad49c86da6a3b03397acd51e435732f9b09acbc1d93c5843ca428638b7c16c76bf680d7ce89ac336c346fe6a625079b293a6393353592f6f511

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\iron_xylophone.ogg

Filesize
9KB

MD5
9f0ae0bddb2c043a33bf3059cf471716

SHA1
10d20bc6c141437a898f73ec631e26efaf36f0b8

SHA256
0a7ef8406f4ad4c5037aa1ecb7a9bf02cf34e86bb0bea46596eef147458b156a

SHA512
81893c3a3dacfc33da965544c0ba0713cc887eff28a2c6f31317115325ad03e5a3b033bf6a9d010b2687c23512ffacf6000c477ae16394db0f9993a7c90e61aa

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\pling.ogg

Filesize
6KB

MD5
5e0a5ea2841f4d371d6ca345b6a3f3fb

SHA1
20d06589bd5ab81a73989bdac8ca59ecd4d66932

SHA256
d7e3638d4c0fba4614f24ba94d6380935ae2341536d76989e44f00ffd94a1459

SHA512
68c2ce97f947c1ed6ad1230691ff5564d7f272977971a4e713260d6391fdc668e9093a07f9b4573db4b0715575b539e13f46ed86260b40250431c7cf98a3db99

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\Sounds\xylobone.ogg

Filesize
4KB

MD5
609a67fc153334f4d4be788413eaf0a0

SHA1
fbb465497e651221535e74a08cbdf990520c8394

SHA256
bd9c7af0c25f7033bff3026f6133e33d7b4d26d5ab689b66376cae090df95dd0

SHA512
61bfe5ec21b93bef7978b675b25edbba8d462e56a3d1f9a8a5b8a90e20bd92755d468ddcb7879c4e158de4fbddca638e7984080ed96556754afd3c9a0782abb9

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\Data\icon.ico

Filesize
42KB

MD5
6f86a39c1881a24fcdc0aa911505fcdf

SHA1
379bc3cd2fa4a0de5c792e9d3ed1af0847d7caf1

SHA256
2c0980c79bbb4e0949d295acc72f89498f95f94385724f1a9daa1deac1585abc

SHA512
cd3fd28b15ace0128e7c56b34ec645fe67838585da3a0e97c41ff2a60439a96d39cbac8ba7f312c27d23e87458267fb5d8f20efb23dcad6ea217a1c2933cf4ad

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\data.win

Filesize
14.3MB

MD5
67db0fd00922e8fe157e51eba4573c89

SHA1
775c07b61009698e362623f7799489d58f28ea57

SHA256
74a101aa5a281a54afae2c9f7aef638b777683faf7d0fca8794090ee56337b59

SHA512
922b2e7703b26cd3b15dc3d17aa07ad5e6c37c37ea83bd76a5f8ee72534417220952cf41a5157ac84d36bb28d6860649dd41592af39290c3ccf472a8eda80fad

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\options.ini

Filesize
242B

MD5
58eb1cc7ebcdb205844583fec8da4a4b

SHA1
bea4a606400dab8dc0d69d5b59c9e97cbf1c8c59

SHA256
d6c1b46b1070c3a84ec39f85f319d82481730a4d6f4c9ab7465475c68ca7c8a9

SHA512
b3bb758311a4c82c8597deb8fbc95b7f344dec109d60d374089e1a7079a2e001dd51b21f5c3f533cabaf88ad06813fd85e0305076b32026c5e19429d1c259e28

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\python38._pth

Filesize
158B

MD5
1ac6cf5c1f686b48939424b598d82ee3

SHA1
460049165816c080633ea9f700a8ef73461ae889

SHA256
5ea86fe3de9597ff19d92be00b1811b8bcab94220bf42d44f70959940a300dd9

SHA512
395ba5ed6dba5d784b45288969fda19e97ce985b7a68850af2589b45773db401456876e22d0d3a8db661fdc21fe3767d2527be5b9f1f5eefd909b42fb9af3aaf

Download Submit
C:\Users\Admin\Minecraft Note Block Studio\python38.zip

Filesize
2.4MB

MD5
665c26e3fa7037526fc25420295354dd

SHA1
8ec4fbe9a7c40546ebac6f45c33789fc34b2a048

SHA256
825b1dc6a156b7e9f76f0f5d46d835ed530435dbf92062ca4faf12bd67785320

SHA512
3454de653881eb0e7cfd89d40a41b2eb112e330990a0ef3807a52cdb4e0f362864f2a90308ecf871ce15cbe5ca75deaa77367a4455f85c7e0bfd8f5b2a10196e

Download Submit
C:\Windows\SysWOW64\directx\websetup\dsetup32.dll

Filesize
1.5MB

MD5
a5412a144f63d639b47fcc1ba68cb029

SHA1
81bd5f1c99b22c0266f3f59959dfb4ea023be47e

SHA256
8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

SHA512
2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

Download Submit
C:\Windows\SysWOW64\directx\websetup\filelist.dat

Filesize
111B

MD5
d6f81567baaf05b557d9bc6c348cb5f1

SHA1
0c840165fcd34d996c85b6b44b00c7206bf772b6

SHA256
e60413bec64775bf1933ef4f9673c8bcfbe0ce71e950fd589bbd14c0f9a00359

SHA512
09b84cc9199592821d7de38cbe24332097b276bb25b6d09f7dcdc3a6b17369ee944a6f8120f13ea6a5c15eb759a90d7ce29cc845a5c0680ff2fa53e2623171e2

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

Filesize
515KB

MD5
ac3a5f7be8cd13a863b50ab5fe00b71c

SHA1
eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

SHA256
8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

SHA512
c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

Download Submit
\Users\Admin\AppData\Local\Temp\nsyEABD.tmp\System.dll

Filesize
12KB

MD5
ea00e2678e4679ba28b0f560baec9776

SHA1
f9b647b1ab50cc2de981757ac914a5787bccd95a

SHA256
60d4a86f65e141d4b6b778e5f448a0c818bd2fa28db7b9dabc1395d354b19cc5

SHA512
2ee7a4a0af955ba376c66d13e626ca135b2afd13277a006f523eb2fdc1133a12ea35b065a8c119843fbe82f89190cdb2b769329af14e4313a2419b739b27337a

Download Submit
\Users\Admin\AppData\Local\Temp\nsyEABD.tmp\nsDialogs.dll

Filesize
9KB

MD5
940e349c4d672436816e31d816ccdfbd

SHA1
ac25298f9fe271f59a0bd0cc6ec4640097d5e9ad

SHA256
edf47cfe918669f95b3aade7335ef8b33ae9d36eaf2be2f364d0d94637117d10

SHA512
5711fc585cc36138891d02c466c09ada345003e910d89a34fa0b54b67432bec4b6fec549ad8d2a9c4a17bf3723f1a60219a424a237bc24a0912c6bec886f14d7

Download Submit
\Users\Admin\Minecraft Note Block Studio\ClassLibrary1.dll

Filesize
7KB

MD5
b0d15029f723c97e016ab382ff026efd

SHA1
a02e4e7deab0f44ffab1a7f1bd41007aa09d5a1e

SHA256
80e8cb8e2296644f976e8950162983b41d177ce70ab172311694be656ce95af3

SHA512
3e87810af9eda7ea26ce0096ae42507b456bbc20b2452ae204256e1e89df4166c6003bdcc35824ef3503c10101f1deedff63b3daf16b3e569692099d666009d7

Download Submit
\Users\Admin\Minecraft Note Block Studio\Data\audio.dll

Filesize
9.9MB

MD5
48281fa7cef5e979bdad2033ca01597e

SHA1
dbe549038db219f5c5b075f69c747d5d561b694c

SHA256
6c57a4dcbe8fcefbbf811df428c5b7ee5be2c40df0e242351f7c627f772725d4

SHA512
3c9285071db125ef6ef093e8ed96effac74ce9edc4c7d069bb013b554731af4728b9e67383eb62009727bf9ed35b1462cd892aea3a72a28395c2e7da7164891b

Download Submit
\Users\Admin\Minecraft Note Block Studio\Data\file.dll

Filesize
370KB

MD5
71823ef94ce64e72783720f689d7658a

SHA1
510a78755e555b099514c31975069443729f2fab

SHA256
c4ea167d8ad20110a12870b6c232fc38a84cc2911de2688f72a961e22264ff1c

SHA512
11a1bcbffb83ae05a82133034a11a8285ab15ddc62dba2f49e01dc53844394d6e97b6fa143d2064eecefbc847cf669d9a39d5f5985922667f8ade2ca3326b08e

Download Submit
\Users\Admin\Minecraft Note Block Studio\Data\midiinput.dll

Filesize
102KB

MD5
88345bad6f4bbbf87146663d193e1fb0

SHA1
eeabd096a5fb90b741161791de125446071b20ef

SHA256
b595335a3cf6493f093e9c183a0ac735d2c3e3125fbfbfd04e4984f36496de1c

SHA512
2b963bce749202a829b8595cbb164623b47f0ebaaedf1788fe2d35937d75517309b40d4f17ecb893b81752a2212c6584aa8db51113ec68cc2c223e6875ba17c4

Download Submit
\Users\Admin\Minecraft Note Block Studio\Data\window.dll

Filesize
81KB

MD5
0ffa9a91901802310213d0ec9f021b85

SHA1
499fae22c319923543419e245fe1f15582d9428b

SHA256
c688b9b6d985c575d851547937baca2619f11a23897bbd88637eec311fb7e20c

SHA512
1ddc8755667b5b0ccf6d7e03f35ef1435bf00a121c8b31c78bad1dff072f413fb46845a643ef06085d3d8bd2a27433746fef1ec760fff1a0e786eca76e8d5e21

Download Submit
\Users\Admin\Minecraft Note Block Studio\DialogModule.dll

Filesize
267KB

MD5
451b7a3b34b2f89245ca6f0d2bded607

SHA1
e7115371c0d475a2ba2ddd8d5b3e6dbcc74c2332

SHA256
71796350026238175c0efdaf82b208fc585e6c7d96fae234348f4a2e5ad5bf31

SHA512
3f17e26e617887071635eaa519e699025b6182f502c13cbd60ab7d0af0260b8aeba77272dca2428de5724a2d36552e34518cecaca2fb4207fb6594aa345810bf

Download Submit
\Users\Admin\Minecraft Note Block Studio\FileDropper.dll

Filesize
177KB

MD5
c841727e1c610af87da95b9e64a31eda

SHA1
203bf4ecf14215488bab547d81a8fea3af754bf8

SHA256
b13f402b984388b8dc627eafef301b7141f2da48defe517fbcd662bedfacb050

SHA512
eac05fab9f0eb3326399ec7918e2b177940e0beebcd0f0e7f3257aebca00c4752da6e36870277ac4f1ba67255105a87ba55cc08c6ec9c40f85da0fc95d0c5463

Download Submit
\Users\Admin\Minecraft Note Block Studio\Minecraft Note Block Studio.exe

Filesize
15.2MB

MD5
f59330f3e9be9f9b700a387d73b4bd20

SHA1
f426bc953200341d073cf836ff806756f9315035

SHA256
766cc85b942faa30fdad76ced3b0ef1af2b09edd74eab09c6384db6f3bd7bdab

SHA512
373d2773d9e64ffa8e88f3bd9a4b5ec661856c99ef8f1421c38c548baee1348cbe4057128e6457790156820830fb358792a78bda6a07e465009d3afb676a3092

Download Submit
\Users\Admin\Minecraft Note Block Studio\NekoPresence.dll

Filesize
60KB

MD5
4bf22144e0cae4f5fd4d5dce771e653a

SHA1
e797aac2e6727657b041fe4bbca0221916e095d5

SHA256
6c27390f1a332a42a712162f6e2750177cdc37f58bf1ef7a25ab6c4650edcfce

SHA512
d6c1cfdd4be65f003af8983d2281befaa94bfc8dbcc12bc2c23f149ddf54e9fe878bdb54cf2de3ea6a8a0caa7c098303dc8e1527634fc82457f9637266033be5

Download Submit
\Users\Admin\Minecraft Note Block Studio\pygml.dll

Filesize
80KB

MD5
0f476d1eb02ab2e2a6fb8a5e74f7a3fe

SHA1
8cbe497127deed82e13fdffc948a48cb6b6a72b3

SHA256
fcd4486c4e8a8278d6ae26f4d2b23e0ecd4c5b4d0b60457f3208876637154416

SHA512
d4ab4eba2384e2e222fd7b902986bebda68784db4b234c90631faa2eed9290c00e9cfafb87b261ba525f4da43c9036d013ac873757e0e134d50ce6df0c3dfd9a

Download Submit
\Users\Admin\Minecraft Note Block Studio\python38.dll

Filesize
3.9MB

MD5
9f8e0de6e7d4b165b4a49600daacc3b1

SHA1
8cf37d69fdaf65c49f7f5e048c0085b207f7287b

SHA256
a9675a91d767095c9d4a2ae1df6e17bdb59102dbd2b4504c3493b0bcbed5ef55

SHA512
3201b7adf94d3f4510e0b39b4766d1314da66662819fd6de5f5f71956750bb4fdf4228b6e1ad9d4d3bc1fdeb99b7414ed2eff0374aaa3216b67eeedfb8673b48

Download Submit
\Users\Admin\Minecraft Note Block Studio\uninstall.exe

Filesize
90KB

MD5
f5646188f5baf7bc59c700b7c01befa1

SHA1
5f5a3c36742a327e48d9f98f6438b20965ee84eb

SHA256
937e3c58a791330c0e035916a9966cfab6f5e9deee0d44be8d4e144073a77206

SHA512
285ef47515b49e235630df5d4f64fb6a394ffd4e285f2624a738d4d515ec9e85679834610d60e5a4c314124cf31bedfd41c685f8d19a690d13896a6dfb5564c7

Download Submit
\Users\Admin\Minecraft Note Block Studio\window_set_icon.dll

Filesize
79KB

MD5
522fc21b6cfb771e2a1180b9df822fcb

SHA1
c81946d5753b32fd2e4e282a1c5cc6a7eabf86a0

SHA256
ba5d14484827c3b7ee03b68dc46a6022993c39735376f10c3f559c96955705f1

SHA512
2a6d2df6abb8e5ee3b23f0adfa84ba87aa52fbfad3a8087510e7e1e2220824c0ee8e7c44efa4fbd6e47ec3778e2160677c3788c6e999d132cb7fd9d0976a2fa7

Download Submit
memory/2464-3918-0x00000000FFF40000-0x00000000FFF50000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads