b278381a97cfea52a408b9aae69e5c70aad3ed6dba8489783defcb6b9dead0d2

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftOnly.exe
Size

122KB
MD5

6cb71501e49ec5869f32a71de6aeffa9
SHA1

09dfbc52803b0e9d5e70bb7cf5aa5ece156912fd
SHA256

b278381a97cfea52a408b9aae69e5c70aad3ed6dba8489783defcb6b9dead0d2
SHA512

cda1c94d11edf769f81b8a0d02e2e2c12c699c7e4a31d795f2829cb0f0f70b85e5f0ce39757e5945e61920f374411f7f1c9af730d32ae0537112541b8ca4873d
SSDEEP

3072:QAmiILynqeAT4EQst6Rdl25MdCXbwcPH:Ei2rH48t6k5GCMg

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4748	javaw.exe

Loads dropped DLL 12 IoCs

pid	Process
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe
4748	javaw.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
3236	GameBarPresenceWriter.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftOnly.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2"	svchost.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{FEA56470-7CE7-4E2B-9285-BE4323CF9D16}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{D3A2A3CE-DA45-4BE0-AC05-9DF7417F4FCA}	svchost.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3912	javaw.exe
3912	javaw.exe
640	OpenWith.exe
4748	javaw.exe
4748	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 3912	4500	MinecraftOnly.exe	82
PID 4500 wrote to memory of 3912	4500	MinecraftOnly.exe	82
PID 3912 wrote to memory of 4748	3912	javaw.exe	86
PID 3912 wrote to memory of 4748	3912	javaw.exe	86

C:\Users\Admin\AppData\Local\Temp\MinecraftOnly.exe
"C:\Users\Admin\AppData\Local\Temp\MinecraftOnly.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\MinecraftOnly.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3912
- - C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\javaw.exe
    C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\javaw -jar C:\Users\Admin\AppData\Roaming\.minecraftonly\Launcher.jar
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4748

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:3236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4740

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio10452802928587329.tmp

Filesize
943B

MD5
fb7f42ba95602078a0d6cfa3b8e75d54

SHA1
e31266a138ecf71eaf7bc0a8d95d67e176801eaa

SHA256
276959603f4877f051a423d9b9fa545773ec14ad5f0540ba812e5f47d774ebdd

SHA512
31e55486eab3d88f228860c56e3e210241ddb8af74207ac5aaf72a5da66e5fe942560fed6a8e09920aca18def19271ba60dcfd92ab8f0d53d043b5f9d9f2a0cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1859076440635584286.tmp

Filesize
1KB

MD5
ef00130f06544056be92e11d62b26016

SHA1
4986e8f1b8eb461d495e10743de1f1d057c68111

SHA256
f9651e5fe20b180e7673c39a57836334671cc95f8fbe5fcd0cd32171b00dd9bb

SHA512
d385aa591a88d44c9492f21134645ebf7e9ca208285866d358bb8dc559e50f3093dca3d706c207fb1f481e65afbad5189ebf2dfebc7dd1985b1793b26b3cf3fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3003156716692775567.tmp

Filesize
915B

MD5
5451d03e626a0507039b45184e4689ed

SHA1
5326e22773355ff978349e66b723233673978681

SHA256
f0b0f234d5588ab0a110d2ec1722c63f1bd8cc1f7eb5ac98dd5c54f5af93a647

SHA512
585cb9722390d07b9b789ff90bf1a63346c3ce4e5eca7682cca589b86c22d322781e0a646ae1479149d8798faf6ed043b9c205452dafd963099b0ea3dbedff82

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio4291224902711877573.tmp

Filesize
1KB

MD5
2989664b0c36b1921a39198ea3519b0d

SHA1
0690887fd5a8c24b69a90216080503ef56068744

SHA256
b52ba163fef36e9ce8a88bcf583b360c0c8b7e8d7d56fed98cc530ff46ea1e9e

SHA512
f00c6402ea2ad69e3d481569de502a474ca7ac7fb9a8e68f9682c26480068462e0a625dd90e8cf9459ae6d1f799ad5d54f47939f02ccbfcb333eeb3e6437df27

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio4999389086708737754.tmp

Filesize
1KB

MD5
209ac91de44a05325176e17c8cafd920

SHA1
3b9ef85cac8f210b33ea1120c782926a7d8129a8

SHA256
fcee56a868aa56a2b9579335071e810778fc59f9d94a6b9af0282bbcaa1c9815

SHA512
28f9cf175331857a73eab1306db98c32c8c2ebc8432d61301ecdce1c6233f1711842e9de16b602a3652f0f490bc744dc0cc48ae9ed61e800e7313237e5a3cf8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio759429164740307985.tmp

Filesize
1KB

MD5
2bed07565d77ccfc4667116d95fae21b

SHA1
9c7f3a491d9661a12bf89d7ae9345b75d9ad4c0f

SHA256
e1e1f73ab602d09b8234d8942c68eb84375ca276d460d315dc5f1900fb83b455

SHA512
6b1afd130b8087f813c073155ff859be227f9efc674026747ed3555bf9fbcb71eac7b630a64e7b87368c5d0f17b5b4fa46646e95fa2264b61b11c16461f9c44e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\.localcache\0c\0c51e0c3f5d34b57ce6c8eb2d5841b46

Filesize
602B

MD5
26eccd3de9f1f4a024973d843713fa0c

SHA1
acfd99e19f234eb8fc6e7f2c9e1344c4faa8dbce

SHA256
d6ca78f780a3dd0270e87d087cd834a6134b5a6925733fb6fbe77c4c804dcc55

SHA512
f13dde682fbf57b36c9c262d8db9d362f92fe404046473ea32d2d3d25c1ceb55e8caae4c4416221231c0f716fc69ce4612b39c46a3bf67598c821cd18069ea97

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\.localcache\c6\c65f609ab9fc0dc5ff4ad6f142279255

Filesize
325B

MD5
2d63e2ba413151e4e716982bab5499dc

SHA1
5c626ec3174f9a22a50e13a65a9aa4de6bf1fb78

SHA256
30a9ce6282fd9c588f182ca4166c144240fc94888f87d411212819db8dbb24d1

SHA512
c0958f654b54b48bed77cedef08cfb1d56c8227fd233b90bb9436e21f97ba8b846f4c5393d989bd0581511575b5cd4185e3b0f2b46d01757b5b3fe1739fcb853

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\.localcache\cf\cfd9f9c34fe2009701de2d6a4bb6c1b5

Filesize
72B

MD5
787d7e8901baadc684c605e4f8d487b0

SHA1
5a43b81ae91b4454120cbe17f8c203dfc0313494

SHA256
9d277889fc9e642ced670f41a87a47164c1b827535967b67faee6d6ea1b2b529

SHA512
5da82d989f6d6366bf424da2733732a3e3761c99f8e01c5cc0a0dbb06d0546805d226534d2ab6472b46c42d0b070ecf2e8f5a817e5896e2aab2caf3869d40de6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\awt.dll

Filesize
1.4MB

MD5
727db926e0e032ca5d96f485638693a1

SHA1
10307fc79c713c55d831557f73e7a64dd5eece17

SHA256
863341b363ef99625f76347a421d49a971e690f7a66f21fa7f897eca41166d2e

SHA512
b2da4046ad30dda95caed3c143c2c45df13e919888f5fd4bfadb7cce8e92c99f470bc9f98b0a651d14f4d0a17615b3c3e01e44376c12af4a81f016dbb643dd4b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\fontmanager.dll

Filesize
282KB

MD5
12067360463ff63529d6d32ced1b9ccf

SHA1
488793b89446fb1ea578567825215fa0ab00d4bd

SHA256
fadea3e7f60dd9b76683d671c5a29842e9a765ce33009efa082aae3c068b12ba

SHA512
47f8940df0d9b667b6148043bba362e7e270f713fe6a29cde75c21fce0142ac19a1a43c99bdb184edc6ad80a012874da4369cbf517e690c449fd7e0e0feba124

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\freetype.dll

Filesize
648KB

MD5
d44251fc3507457916dec3b7323aa6d4

SHA1
c8294acd9cf669bd2e1cc825f87f216c4101917e

SHA256
15300e85172e621abf2aa45acb62696174f269f55c6907e0455d385607972f95

SHA512
02cce27063e3cad4dab2c793ac61a1484fe6479841d2bcb961eb3e0ed2f30504c1f2605db05bcf1bb2f92e0fa7e2c6040d7f5639c6fe29f5baac6b506a6eb04d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\java.dll

Filesize
156KB

MD5
c15b283310fcf536e39d816db8349990

SHA1
3db459debe6ebb1cd186e6b34687c62311367546

SHA256
12687c8b9bc286807d3bcff6c26465a483900b05aa0da6d15871ea5e9a1ed96e

SHA512
6c2193ad240a26fe12481057d9ce274c0bdd6e3f9491d9b7c611cff1fb5fb8aead309136076511c1e8037e2bbc5f930ea396f7ddfc1c08256f0356967b97228d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\java.exe

Filesize
197KB

MD5
bc2485f754f7aba9e2c065dad4b6c97b

SHA1
1fd103e92f626abeb077ba40d597ae20457fe61c

SHA256
35fd53f7d8599398d9bb16f8129c64f5c3a84b76eddf5516decc5e254738b301

SHA512
34c648cf64bf81e5a3a9ecd3f2e63d45e298ff52e2f46e9d1256efdca0442069652bdf27cc4ea8eff6b5597990a439d7ab1f6177a0d27c699b3391b1bfd787f8

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\javaw.exe

Filesize
198KB

MD5
8131448b215660cd2d2c65b0287d7574

SHA1
685e9e58d6e1916858b240304efb2ead7e2ed653

SHA256
64f881236ad745961c6abf1dcb28c2240ecf31af9f3d3d04d860ce7d45ffa1c8

SHA512
ec0c4e0728a8ebf21c5430294de30f9bebafd1e12e134ad5327d6dbba11c941c4cf897eedfa12a45467615c2c983e470b4a9c4861a447d39f94a5359854bae1c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\jpeg.dll

Filesize
160KB

MD5
f9c826eac0348ef113ae9246fa5820be

SHA1
7d9ea71afebb71e35732885fb5c0cf6383572254

SHA256
b01813a9b4e524f58512b565edcee62f10102ca109b30d1c9177672a07daa6e5

SHA512
791395394b4360ac807c704ea9f6eadea03f9a7f4bf7160d033af5e66f2f04bf0eacaefc7ed774a9abc19f1a604e60f094e6ae3c9fed909ebba23db37c8524f1

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\management.dll

Filesize
36KB

MD5
19d59a754ebab198b3ad3502dc6ac9b8

SHA1
5559fa7d56177305d273ba26feb83e189378e4d6

SHA256
b5d06f15841dc4226ec62dd17a059bc7e7c09f32cb6786185f651c643a9f78cd

SHA512
497afb08143e866aa4bf62da737c20f2c84c99b28c4c4c939b0a020c14cfe67cdeb0b509f9fc85d699d5e0e1d4e1c5ff7ecf18d688e5c0262684cbef3faf51f3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\msvcr100.dll

Filesize
809KB

MD5
366fd6f3a451351b5df2d7c4ecf4c73a

SHA1
50db750522b9630757f91b53df377fd4ed4e2d66

SHA256
ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

SHA512
2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\net.dll

Filesize
96KB

MD5
1c5ae3178f47607de9674521c4ee26f2

SHA1
f8991b430a2b8ded0982595e0ac50a2b9623d30d

SHA256
08f3a8c065d952fcc5cae7a912adc46fe4d02029207b170feaae5410784fc851

SHA512
b070cf3563025e6105acf04c872eb234b5891c99ed50db91050b329de55c9ee4339d3f2fdbac184901e6869c861d3cfe079d9eb88bd786183e3f7937b84c8cb8

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\nio.dll

Filesize
59KB

MD5
44caf09544edb1c1a23c2c176d5f158e

SHA1
35ac012bbd0bf776640987b2e1be3b8f0cd3d18e

SHA256
52445b77e22d3859dbf2d8734eac52812d35915ae46898181fd26e89ea30d42c

SHA512
6e48610adf9bdaafeb959613a939b605e363518cd6c942926f6e21895dde03d54dc68f2406982fd7ed5907965c98ccd9cf96edb5056a58debf3b4fd9561b3c83

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\server\jvm.dll

Filesize
8.6MB

MD5
2bd9330f2caff97fe12f4a330ae1f107

SHA1
3ab7e69839c584a16328d773a657245e19f32847

SHA256
f8473f869f6ce88126eabb6ae4b1b765caf2780faabfb734287f33fa9af9df1e

SHA512
aa3b99ac1ec80e4dc665ebcd5262cc6818f62734e9063ecf4b1bf6ec099c391d1eeb26108677a841b28ec2c558322dc3b114b75206d0aee196f659a263540c46

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\verify.dll

Filesize
48KB

MD5
38bdc89172aca98a8df57cc6b0e5e8db

SHA1
2448538975c6daf00f4014d166ebb014d2374e8f

SHA256
981dafa227a6ff4e1bf9a38d94800b28f1e39adc6fe5f76b9362206bd7346ebe

SHA512
9fc3d626948f0990a311e3710786f6028e66cf75d6926c3d433526a349c93492cf7b7b1bfe7499eb88970e5342fd0201b58b7f227bfc009057dea7517b67b29f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\bin\zip.dll

Filesize
77KB

MD5
a9040ad98ad82934efbac3de57f9acc2

SHA1
904e1b26aa21b7e7c065706ac4065ec43310b2a0

SHA256
cf661a6d7172f64f3a7d9559eba32c3363ea26a913ae56420a0a184a42198320

SHA512
848678c637349d59b5947a50ae6736882b260f00b31ed6b39d205a28bd9d9415e43bc7499c8cc5b3f1dc2b6b476f964583aa3bdb8fffbc6f35f363bad3d694ae

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\accessibility.properties

Filesize
149B

MD5
2ed483df31645d3d00c625c00c1e5a14

SHA1
27c9b302d2d47aae04fc1f4ef9127a2835a77853

SHA256
68ef2f3c6d7636e39c6626ed1bd700e3a6b796c25a9e5feca4533abfacd61cdf

SHA512
4bf6d06f2ceaf070df4bd734370def74a6dd545fd40efd64a948e1422470ef39e37a4909feeb8f0731d5badb3dd9086e96dace6bdca7bbd3078e8383b16894da

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\amd64\jvm.cfg

Filesize
1KB

MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\currency.data

Filesize
4KB

MD5
eca8c4708672c29c2d10342225022f8f

SHA1
f09a8c2799109dcbf797e977d45ef31d83842b8d

SHA256
09fcc77f1584e4222553f7ae6b6d4e6735d7950fa0dd1a7fdc8b91aba0f53915

SHA512
859eb295b4922eacdc73e11c2f09ba44cd4c0557f282bf3344d90f57ed7151e36bcc343d42dcaca4d24a8814af1c27216e13df8f4a2d79a8f57557ba5a0266d0

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\ext\meta-index

Filesize
1KB

MD5
ffe4d339a01ad17b62b5709b38a66ee5

SHA1
955c728639ec81d6ab1f6b415dc281dd51b0bdef

SHA256
73fc0ecb48496a5ee9537ec5f9330493f0813e8f651314331ece07da43b87206

SHA512
fa03e1d9b8bf729e04174adc3e65c5d9175d893ab5e2505ee371bfb51366d18f49dd3ddc03d0958f639d5a137794e9beadf8b4ef13c144204340f235433fc462

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\fontconfig.bfc

Filesize
3KB

MD5
48b8858d27494a66594b59695d6dc60b

SHA1
1d3bff1e17ef6b5563cbd0762c2867b36fbdad95

SHA256
3f1792188ae901eca47b64728776d35095dc0220d5c929d0da99a2427877c3b2

SHA512
5d814990cff9f787723c629e22b30a2abfc9c8df0a712c2a7cb7b11ec52ddb083cb67c2158eeea2cc03d763aa308c9a271ac7cb7c88a96e4e4c029dd95b7656c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\jce.jar

Filesize
95KB

MD5
71853f0b9352a5ea4697200b78b65205

SHA1
5b0bd0b8693fc7ed5700ffc4c089817d37b8255f

SHA256
e331d24d47deede7164b9b5f905c2eb7ed9df714b07bb4af459b877dd9de8d64

SHA512
104a0df5b3bb77a554b18a8e8c9cea2736ff39c25d1b429642a10d1d921ce1f4252ef4d9adb0b503502992e56a50fb39d65f90ab8127269f108f9914a8e22a7f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\jfr.jar

Filesize
869KB

MD5
7ef806b5ec0348af9b96f41ed73aaff7

SHA1
3d8a836525359a90dfc0ffbadf8f4331661ea38b

SHA256
0c7554c024988c374f81a526b87f0122859f3c95ebf04873376f78a08248b909

SHA512
b5c7a77332f778face35c595194efda65dfa6769ec4c6693d6b17377de277b92f46bb6340e5d9b527326baa84a586efb5039f1c257630e474277fa85929b8ea6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\jsse.jar

Filesize
1.8MB

MD5
cbf284982135a044d03ed55be4c9c7e5

SHA1
e899862a6908a7396bbb5cee692f16235d79d5a3

SHA256
e7276812869dcfb88747ff32584983b6fa95cc1ca48f8a59eda86029c38b0dee

SHA512
c876bf4546ba61717ec8b1867f9600f9a74f3bd43bb950b851e31c54fcee98cd9853258bf460650d483ab3b75a9ff2231d66c8a50f088857e8b868f9db931ee7

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\meta-index

Filesize
2KB

MD5
568cdfa1dbbfb0322c1deec272704ac6

SHA1
122a8a3c7c612d9ec613c673078707c30e5ff295

SHA256
a20767d8f612a84b037e96a4094f0ce3b03c41921a5f49d2d57b508a809be837

SHA512
5cf92e845d073a73cfda3d21bcd1f4a398bc4f7ba72482f8bd7efed4fc3f136bb60344dcd85613484d9ff150083f587102fd9bbc6f3e74dfec72be4f70edf90f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\net.properties

Filesize
5KB

MD5
8bc6628d01bad30798440cc00f638165

SHA1
fd9471742eb759f4478bb1de9a0dc0527265b6ea

SHA256
31ce7ce29c66a1696a985a197195b5e051b2c243ea83e9d1de614f0c4b4f7530

SHA512
8da3439774a07a6309f985d1a29dda5383975bbdf6b8e2809bab69a2c44f65d3de2a546231ed6e183864193f834c9a7042fdcc4ee10181d0bd3891363032c242

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\resources.jar

Filesize
3.4MB

MD5
8ebcc8e887aceb4730dabde8d9be30fe

SHA1
11edf4de7c57e611e3b0592ae8d14851eab0656c

SHA256
21c5e43eb5c462cfaf8bc001d52d158b7a43b684885054d3ee7aee112b688999

SHA512
8c61a19cfee3e50b4de4f9d75484c442d81576a922aaf14d412db3192161adf30b8d79f9d55dec66d7298d0bd79b0b74400114816d204d6aebe3b36bacb8b9d4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\security\java.security

Filesize
49KB

MD5
0bad2b7d641170ef24f1820892db1895

SHA1
3032321dac0eedad0fd39ecbcfde67cd2136518c

SHA256
1d1c9591ebe5c4c679ccec83daaa66a223c2c5304801b37602f95a3671701426

SHA512
afbf39c08043ee163a253c3905822be0368bf836da495e3bd088d4f47a1c5c7306074d8dec366be02a8d1e62d70ec70d89fa85267b8203e5a3257de95f266108

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\tzdb.dat

Filesize
105KB

MD5
d3c29c477eafbe2950bc4ea93c619aa0

SHA1
1c275dafb9da0ab8d25154d88c3eb7ae8ac2fc11

SHA256
abc6173b8cf82bf50d9a142e6d44b944b3dd84c2059010b578bac5f31c08ca78

SHA512
16b4c591c1f25da10eb80dbd6e0dfcd7cbc16ac19aac2bae6ee135ef44b1b91297921de989d9be2e883ae58d51fcbcea92fa8663c28e70b489c74eb534140ba5

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Java\lib\tzmappings

Filesize
9KB

MD5
62bc9fa21191d34f1db3ed7ad5106efa

SHA1
750cc36b35487d6054e039469039aece3a0cc9e9

SHA256
83755efbcb24476f61b7b57bcf54707161678431347e5de2d7b894d022a0089a

SHA512
af0ddb1bc2e9838b8f37dc196d26024126ac989f5b632cb2a8efdc29fbce289b4d0bac587fe23f17dfb6905ceada8d07b18508db78f226b15b15900738f581a3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraftonly\Launcher.jar

Filesize
1.3MB

MD5
e02b46089345b17d7211f1a570ab4743

SHA1
48d2817eb28e79e5a9487520d6e2a45df8377a8e

SHA256
8c9b3aaa7bfb6650c12d9570df7547f6f82c6b7718aeed4315b91d1eb17bd0b2

SHA512
31d233442e4728f321eefb2dc9a74571bac2336fb117f5d8ffbb53455d6f13f5f1da89d126b16dbb5e32377506f99a2d70473641ac12e9dec7bf586c1ee9cca6

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3912-211-0x000001E34D150000-0x000001E34D3C0000-memory.dmp

Filesize
2.4MB

Download
memory/3912-17-0x000001E34B8A0000-0x000001E34B8A1000-memory.dmp

Filesize
4KB

Download
memory/3912-34-0x000001E34B8A0000-0x000001E34B8A1000-memory.dmp

Filesize
4KB

Download
memory/3912-38-0x000001E34B8A0000-0x000001E34B8A1000-memory.dmp

Filesize
4KB

Download
memory/3912-176-0x000001E34B8A0000-0x000001E34B8A1000-memory.dmp

Filesize
4KB

Download
memory/3912-41-0x000001E34D150000-0x000001E34D3C0000-memory.dmp

Filesize
2.4MB

Download
memory/3912-87-0x000001E34B8A0000-0x000001E34B8A1000-memory.dmp

Filesize
4KB

Download
memory/3912-3-0x000001E34D150000-0x000001E34D3C0000-memory.dmp

Filesize
2.4MB

Download
memory/4500-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4748-459-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-460-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-428-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-444-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-378-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-283-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-239-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-233-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/4748-210-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads