9955498358d9923d8765937fc7306061d98732e61c52117340d990759228e57f

Resubmissions

29/08/2024, 10:59

240829-m3m33axfpg 10

29/08/2024, 05:47

240829-ggvm5awfld 10

Analysis

max time kernel
134s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

minecraft xray.zip
Size

148.6MB
MD5

518933d7819991785b536632a774a2d9
SHA1

5a7b287de15c2b01acacf951de8810fe91e73000
SHA256

9955498358d9923d8765937fc7306061d98732e61c52117340d990759228e57f
SHA512

4dc9c3ecbfa641b8cc5e92700120b174922dfdb3b297a6e99aeb8bc7a3234a34fb82fb5ce8d803267f7c7e19500aafe488e3ae9ac95aab87de24e53333ae5d68
SSDEEP

3145728:HpdjR/QpdjR/7FXWBVwdhVTN1IrndBJj+NdtOg:HvRovRUVwd3NurdBJCZP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5308	main.exe
5620	main.exe

Loads dropped DLL 38 IoCs

pid	Process
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe
5620	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	2248	7zG.exe
Token: 35	2248	7zG.exe
Token: SeSecurityPrivilege	2248	7zG.exe
Token: SeSecurityPrivilege	2248	7zG.exe
Token: SeDebugPrivilege	5620	main.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	7zG.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5308 wrote to memory of 5620	5308	main.exe	107
PID 5308 wrote to memory of 5620	5308	main.exe	107

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\minecraft xray.zip"
1⤵
PID:3160

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4900

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\minecraft xray\" -spe -an -ai#7zMap16653:86:7zEvent10415
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2248

C:\Users\Admin\Desktop\minecraft xray\main.exe
"C:\Users\Admin\Desktop\minecraft xray\main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5308
- C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\main.exe
  "C:\Users\Admin\Desktop\minecraft xray\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:5620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_asyncio.pyd

Filesize
69KB

MD5
cc0f232f2a8a359dee29a573667e6d77

SHA1
d3ffbf5606d9c77a0de0b7456f7a5314f420b1f7

SHA256
7a5c88ce496bafdf31a94ae6d70b017070703bc0a7da1dfae7c12b21bb61030d

SHA512
48484177bf55179607d66f5a5837a35cd586e8a9fb185de8b10865aab650b056a61d1dc96370c5efc6955ccb4e34b31810f8e1c8f5f02d268f565a73b4ff5657

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_multiprocessing.pyd

Filesize
34KB

MD5
eb859fc7f54cba118a321440ad088096

SHA1
9d3c410240f4c5269e07ffbde43d6f5e7cc30b44

SHA256
14bdd15d60b9d6141009aeedc606007c42b46c779a523d21758e57cf126dc2a4

SHA512
694a9c1cc3dc78b47faedf66248ff078e5090cfab22e95c123fb99b10192a5748748a5f0937ffd9fd8e1873ad48f290be723fe194b7eb2a731add7f5fb776c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_overlapped.pyd

Filesize
54KB

MD5
df92ea698a3d0729b70a4306bbe3029f

SHA1
b82f3a43568148c64a46e2774aec39bf1f2d3c1e

SHA256
46dec978ec8cb2146854739bfeddea93335dcc92a25d719352b94f9517855032

SHA512
bdebafe1b40244a0cb6c97e75424f79cfe395774a9d03cdb02f82083110c1f4bdcac2819ba1845ad1c56e2d2e6506dcc1833e4eb269bb0f620f0eb73b4d47817

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_queue.pyd

Filesize
31KB

MD5
7d91dd8e5f1dbc3058ea399f5f31c1e6

SHA1
b983653b9f2df66e721ece95f086c2f933d303fc

SHA256
76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d

SHA512
b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd

Filesize
174KB

MD5
6a2b0f8f50b47d05f96deff7883c1270

SHA1
2b1aeb6fe9a12e0d527b042512fc8890eedb10d8

SHA256
68dad60ff6fb36c88ef1c47d1855517bfe8de0f5ddea0f630b65b622a645d53a

SHA512
a080190d4e7e1abb186776ae6e83dab4b21a77093a88fca59ce1f63c683f549a28d094818a0ee44186ddea2095111f1879008c0d631fc4a8d69dd596ef76ca37

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_tkinter.pyd

Filesize
64KB

MD5
e38a6b96f5cc200f21da22d49e321da3

SHA1
4ea69d2b021277ab0b473cfd44e4bfd17e3bac3b

SHA256
f0ebdf2ca7b33c26b8938efa59678068d3840957ee79d2b3c576437f8f913f20

SHA512
3df55cdd44ea4789fb2de9672f421b7ff9ad798917417dcb5b1d8575804306fb7636d436965598085d2e87256ecb476ed69df7af05986f05b9f4a18eed9629e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\psutil\_psutil_windows.pyd

Filesize
65KB

MD5
3e579844160de8322d574501a0f91516

SHA1
c8de193854f7fc94f103bd4ac726246981264508

SHA256
95f01ce7e37f6b4b281dbc76e9b88f28a03cb02d41383cc986803275a1cd6333

SHA512
ee2a026e8e70351d395329c78a07acb1b9440261d2557f639e817a8149ba625173ef196aed3d1c986577d78dc1a7ec9fed759c19346c51511474fe6d235b1817

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\pydantic_core\_pydantic_core.pyd

Filesize
4.8MB

MD5
690702355f29deaf8bad019fe8be4bd7

SHA1
fbd12b4934e0c7a0271eabbc45af2511b37193bc

SHA256
1f763dbdef13beadf8fc2e4abf4cfed64c3c458730484dfea53e2b12b1fb081e

SHA512
e796e446c56222111e7a1b78d1e389b130d7406eaf66024acac8d57109f201298c93b9ccc3e09c4ccf9f60a4d75a59c417dd3919079dd56be832880aa73ac00d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll

Filesize
1.5MB

MD5
966580716c0d6b7eec217071a6df6796

SHA1
e3d2d4a7ec61d920130d7a745586ceb7aad4184d

SHA256
afc13fce0690c0a4b449ec7ed4fb0233a8359911c1c0ba26a285f32895dbb3d2

SHA512
cf0675ea888a6d1547842bcfb27d45815b164337b4a285253716917eb157c6df3cc97cba8ad2ab7096e8f5131889957e0555bae9b5a8b64745ac3d2f174e3224

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\watchfiles\_rust_notify.pyd

Filesize
626KB

MD5
d80913d424824ec83c37c1e751fea3c6

SHA1
92f3043a57db50a176f463980eb6952d8552b7e7

SHA256
f2e8144c8385536027444a35870a8878694568769fd72292397e2144647ebd91

SHA512
2b6d2363c1b13a243b62cc96156adcec093516328c089128bfeef430cb89291e4c06410c33ac606903de4421a7c1e0fd0675be01fa322cbbabf7926a83db00bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

Filesize
508KB

MD5
0fc69d380fadbd787403e03a1539a24a

SHA1
77f067f6d50f1ec97dfed6fae31a9b801632ef17

SHA256
641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc

SHA512
e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_decimal.pyd

Filesize
251KB

MD5
cea3b419c7ca87140a157629c6dbd299

SHA1
7dbff775235b1937b150ae70302b3208833dc9be

SHA256
95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5

SHA512
6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_hashlib.pyd

Filesize
64KB

MD5
d19cb5ca144ae1fd29b6395b0225cf40

SHA1
5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4

SHA256
f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa

SHA512
9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_socket.pyd

Filesize
81KB

MD5
e43aed7d6a8bcd9ddfc59c2d1a2c4b02

SHA1
36f367f68fb9868412246725b604b27b5019d747

SHA256
2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a

SHA512
d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_uuid.pyd

Filesize
25KB

MD5
8f5402bb6aac9c4ff9b4ce5ac3f0f147

SHA1
87207e916d0b01047b311d78649763d6e001c773

SHA256
793e44c75e7d746af2bb5176e46c454225f07cb27b1747f1b83d1748d81ad9ac

SHA512
65fdef32aeba850aa818a8c8bf794100725a9831b5242350e6c04d0bca075762e1b650f19c437a17b150e9fca6ad344ec4141a041fa12b5a91652361053c7e81

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\_wmi.pyd

Filesize
36KB

MD5
bed7b0ced98fa065a9b8fe62e328713f

SHA1
e329ebca2df8889b78ce666e3fb909b4690d2daa

SHA256
5818679010bb536a3d463eeee8ce203e880a8cd1c06bf1cb6c416ab0dc024d94

SHA512
c95f7bb6ca9afba50bf0727e971dff7326ce0e23a4bfa44d62f2ed67ed5fede1b018519dbfa0ed3091d485ed0ace68b52dd0bb2921c9c1e3bc1fa875cd3d2366

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\main.exe

Filesize
49.2MB

MD5
2e666cf8cb68c5814a094ad6aeb03785

SHA1
90e96b7ca0d55288ddeedfdba64d57da25bad4e5

SHA256
519b6911cea9bcf2d4d41658c3eab7576116e25eb2f021e3d217f28c885214cc

SHA512
7f7bae611e1539139d5eed070a0a57822dad703654baf7788628322212af7754096b748aa4a97a94a174e0d59eec8185e1a556636f3e82a506ddd9e4a7b97109

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\python3.dll

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\select.pyd

Filesize
30KB

MD5
79ce1ae3a23dff6ed5fc66e6416600cd

SHA1
6204374d99144b0a26fd1d61940ff4f0d17c2212

SHA256
678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0

SHA512
a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\tcl86t.dll

Filesize
1.7MB

MD5
3ae729942d15f4f48b1ea8c91880f1f4

SHA1
d27596d14af5adeb02edab74859b763bf6ac2853

SHA256
fe62ca2b01b0ec8a609b48f165ca9c6a91653d3966239243ad352dd4c8961760

SHA512
355800e9152daad675428421b867b6d48e2c8f8be9ca0284f221f27fae198c8f07d90980e04d807b50a88f92ffb946dc53b7564e080e2e0684f7f6ccc84ff245

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5308_133693842202132992\zlib1.dll

Filesize
143KB

MD5
4fadeda3c1da95337b67d15c282d49d8

SHA1
f49ee3256f8f5746515194114f7ef73d6b6141c0

SHA256
28484bcea1e387c4a41564af8f62c040fe203fe2491e415ce90f3d7f5c7ab013

SHA512
45634caf9d9214f0e45e11a1539d8663b45527e1ae9282558b5fdb8465d90b0fabcf4c0e508504427a597ba390c029bc12068ac17d842fd0fcbb1886d252c6b1

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000014

Filesize
20KB

MD5
dd62255c6e72b80ce88a440481d3d22f

SHA1
17758b8673c033ecf7c194e5d1190bbf9516c825

SHA256
16921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249

SHA512
19cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_00001a

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000039

Filesize
20KB

MD5
9708e5224c10eb91f435950128a72070

SHA1
cc66f87dad487f1db80dc78942a7016d26725ae9

SHA256
834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d

SHA512
8a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\Default\Extension Rules\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\GrShaderCache\f_00000c

Filesize
20KB

MD5
0113702f0a24ef090ae11d9814d5661e

SHA1
c721ab2d92fe849bd40b9ab12d1022c18dab5a26

SHA256
f54c77c3b25b532636b9a4971552f85e4599e0f061bbeb1cfac61f9e116649c9

SHA512
150e87683cde4249a6257f49bbdaa5388ccaabd6c89187f0f1cdbe9bc64197715ef2d7d958d9819d65a9c8762bbafd935c0d54d4dda4b6ed4538ebe5c0c8b236

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.54\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Users\Admin\Desktop\minecraft xray\RATNERA.exe.WebView2\EBWebView\hyphen-data\101.0.4906.0\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Users\Admin\Desktop\minecraft xray\main.exe

Filesize
23.1MB

MD5
465ee748fad55ade44706c32fa8c51ae

SHA1
ff026b7184428cc3db6fbed0d163d9e57bb803ff

SHA256
c28946bd171f2f963a0a095747becfb93593391483d52cc2d2ae130301f3aa52

SHA512
6ca2b73978c9fbd731c631d7dc588b747a9a9bf01aec5d2f5f27563e6c18f7dcd2bad28be4f038cc92f96f3b8234d81a30d60649efec13b569bd5a18bf6ddd41

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_000074

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_000087

Filesize
44KB

MD5
f88c45ae77b9befce21dbc50533facc1

SHA1
9595c88afcaa990b2181d3b6de76f1a74a24bdc1

SHA256
844b9136c818a4feb00d058e007cf271f665358435fcadbd6cae21ac053a7d1c

SHA512
48b6d72093a916f0e99845948171ec547d60901ca1b9aef949280e38ef0ec52ce41afe059621e2924f80135858772d636103dda5596c99df33a03ecfe883d78c

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_000188

Filesize
63KB

MD5
7ddbde8dabe31eadf6b216954bb6cc8b

SHA1
effaaa96e8fd4813865b60af30e98b92170a4aa8

SHA256
c4d9638bebfdc9d06bd1aeb8d771434ee59e79806d55a08471630c06792566e3

SHA512
044828c2efe09651fbd05d6d8beabe196168523f1596b01509f785dc368039555f8094b546d3da4ec5fbe37bc026fee4dfdb867d54328b01e2fa9dc305f30d32

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_0001e9

Filesize
69KB

MD5
6214385c2fb6af65684dddef76c14a63

SHA1
93d044a679caa18785defd18f6827cc350827355

SHA256
ca6ec2bb152b9be2abe589adefd91fe0e562403ea9c7bc7b8a4e024d5ebfd057

SHA512
f16388bfa7154d5de8528303faf1fdd49021cc3bc84173409d478b0bff32e77640a93010683dba2060b7ac84d3a067e998d76307885c903733c0f7ef983d9a53

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_0001ea

Filesize
22KB

MD5
b7a414aca6f44081e63cdd01815b9177

SHA1
87fd57a788718715d68dfcb4a1e915ee7368cb77

SHA256
41b59f1f36fb0c3eeffa6f2d98dcc6a708f55591a4bea49edfa3f23743fe511b

SHA512
fa693da35b25a0b2045235a512c21ab3e46c9331d25e78f211f351ca7e02c3995ef0efb3da64449c8b08cab4fe2d8eb6f3d9f7b947e3573df2218fb0aff9dda7

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_00026b

Filesize
40KB

MD5
230ab95d87a717be265134072eb17c25

SHA1
71a3d3dd6f952057ba0c6025d39c9792ff606828

SHA256
3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068

SHA512
9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_0002fb

Filesize
35KB

MD5
e4089a0bffccd8461e5358770aca3573

SHA1
db69b22c67d16e612c9b14ad6ff18cbe5e682386

SHA256
7e4581065f406952a51d0e67be7b2b9259059d91d6f1e0439757d825a6ed2935

SHA512
ad2c0b57e2d571302937d92a570a1147bf57a9229a4b5c90f63a6b233abe2aa13e163169f0586d3d55e9d087e4c4cb4e448ff2192a6d3e4798bb92fea1c8c389

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_000301

Filesize
23KB

MD5
c6f2d5a4ab2716725f9127cf39559ca8

SHA1
80d76d63557135c2a4ddbd2802a2b14197a08894

SHA256
c07dc0be7377eecd17580a3b5e2aaf957902ecb63eeb8d5be6116be36fa4271c

SHA512
3f82e3b4dc0b623bb96a3edefef0d83a02cbf0f1346ca09d8a851de1dfcdafc80b92e0ce9df7988b443396128d499f466713c88cbfc58877594f36b0f770e57f

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Cache\Cache_Data\f_00030a

Filesize
34KB

MD5
e68dc41937e75b392b26998acb2d09be

SHA1
b3ffd33f790eb21b8bae1c6c8f93c85765fc4e91

SHA256
e4b53b7fdd39514df81e6bb419cb980f00cbb8c95cd421f17cb702faf18af513

SHA512
68eb5da95eca580e9d3040ea91717300e810e26cfed80f0765c2edc2e983d102671c358792c72c680f9a621304cfa542bb116cac9f6f1dc2fa28e39201210425

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\GraphiteDawnCache\data_1

Filesize
264KB

MD5
ff5cc398caba97cde6b5a2202a3d3e22

SHA1
b8c27882436266b8c71dc07ee899257d9924bdb8

SHA256
cffe48171a535bcec3116d9ee68b71b71288d3720804064ece25bc73f71f52b7

SHA512
ea5e586e0a96ad2ff611f56b2636c241d1f9ceee7053389d2270bbd7eef9f47522e555f72e0a9c7a9c24e12626addd209f15d9e69fa449b1f692ec218bc4ba4d

Download Submit
C:\Users\Admin\Desktop\minecraft xray\rat logs for vulnera\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
memory/5620-4990-0x00007FFE3C100000-0x00007FFE3C12A000-memory.dmp

Filesize
168KB

Download