xenorat | 6958e71ec05520b33c77de4fdfca9fb56c41699a0b47af066fca79e5df70eb73

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftModPackBedrock.exe
Size

447KB
MD5

7ffb057756968e3f079a8495fcdf3f29
SHA1

12f35b1e806a0246fb3d6bb7d43a86903f319a41
SHA256

6958e71ec05520b33c77de4fdfca9fb56c41699a0b47af066fca79e5df70eb73
SHA512

77c069eda9de18f967666e9ddc1daa5e3a8f14dfd01c2c5e4756b981ae879d87b8cf02fb7029f5d451ecffc951ab78e5474196d90a52c2057f2c733527ab821c
SSDEEP

1536:Rw+jjgnaoH9XqcnW85SbT+uIDMCLsYaZ69ImcWxoGhvvvjtTTTEKY55aaaaaaaaJ:Rw+jqa691UbT+BMrKImcWnTTT4v

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

Minecrafr_Mod

Attributes

delay
5000
install_path
appdata
port
4782
startup_name
MinecraftIsCool

Signatures

Detect XenoRat Payload 2 IoCs

resource	yara_rule
behavioral1/memory/2320-1-0x0000000000330000-0x00000000003A6000-memory.dmp	family_xenorat
behavioral1/files/0x0007000000023465-6.dat	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	MinecraftModPackBedrock.exe

Executes dropped EXE 4 IoCs

pid	Process
932	MinecraftModPackBedrock.exe
2056	MinecraftModPackBedrock.exe
2284	MinecraftModPackBedrock.exe
4788	MinecraftModPackBedrock.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftModPackBedrock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftModPackBedrock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftModPackBedrock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftModPackBedrock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftModPackBedrock.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725454148044363"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5084	schtasks.exe
2280	schtasks.exe
2320	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 932	2320	MinecraftModPackBedrock.exe	82
PID 2320 wrote to memory of 932	2320	MinecraftModPackBedrock.exe	82
PID 2320 wrote to memory of 932	2320	MinecraftModPackBedrock.exe	82
PID 3604 wrote to memory of 948	3604	chrome.exe	86
PID 3604 wrote to memory of 948	3604	chrome.exe	86
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 5012	3604	chrome.exe	87
PID 3604 wrote to memory of 3520	3604	chrome.exe	88
PID 3604 wrote to memory of 3520	3604	chrome.exe	88
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89
PID 3604 wrote to memory of 3252	3604	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\MinecraftModPackBedrock.exe
"C:\Users\Admin\AppData\Local\Temp\MinecraftModPackBedrock.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Roaming\XenoManager\MinecraftModPackBedrock.exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\MinecraftModPackBedrock.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:932
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "MinecraftIsCool" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAC7C.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdf313cc40,0x7ffdf313cc4c,0x7ffdf313cc58
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4700,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5044,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4972,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5304,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3496,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4540,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4480,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5660,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5156,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5792,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5952,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:1772
- C:\Users\Admin\Downloads\MinecraftModPackBedrock.exe
  "C:\Users\Admin\Downloads\MinecraftModPackBedrock.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2056
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "MinecraftIsCool" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8013.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5556,i,4057754193339615059,15629325191447846354,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Users\Admin\Downloads\MinecraftModPackBedrock.exe
  "C:\Users\Admin\Downloads\MinecraftModPackBedrock.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2284
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "MinecraftIsCool" /XML "C:\Users\Admin\AppData\Local\Temp\tmpACD0.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:2320

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4112

C:\Users\Admin\Downloads\MinecraftModPackBedrock.exe
"C:\Users\Admin\Downloads\MinecraftModPackBedrock.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
88aab36a0fdbacd665e93d9a8809841a

SHA1
b263eec30099022497c79410bb0e49040a430e63

SHA256
e1790276a7a109510176dd89be312e7f5e6e626961e44bdbdade87adf01b5a07

SHA512
78012398b91caae06baa63870522c5f270a289d909c1a5a1dd1c2541ac7f7d70165f9b52f0f8e4b4bd22327c933988127d09de3d9c38f72a746e061f0e03f9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5b1c7797c08715eeacbafbbf7b87f81e

SHA1
c1656fbf764fbf41442f22c07f1bcd48033c3829

SHA256
32f1005f6a5d09b17789ebeba6d29da16da665830333b243a0881e24f5517d2c

SHA512
7124cea17992fbca3be79630a710aee9ca5ec22180046028da699b7fedd96dafdb453e0e930464156ff45ace142be57fd262733b4139348da7eafbfa16fc709a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
d80c4eab1d524d571c6069ac5a11afe3

SHA1
29ddb14bba1534e77b5795407e1ce68fb6990366

SHA256
7078a569c8f70c714cb5bc138d71607f208c1381a3f6461de8d88b23cf058154

SHA512
9aac857cf1ecaa5252f40675dc6c28612ee64cd8e8326205695c7708b514fe0d56811d08909bffc333ee6da2708ce1915988da86fed0e7b1caf782d0681bc976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3015e8e0c08f737af5f2c651be429e7f

SHA1
de5f5da4f585018071ae3f568fd745981587c02b

SHA256
1825622a97b02634f6a7d461eaa03fd969b93c662beb21e6514cca332206a0e2

SHA512
da71d7f7036edc7cdce9e424af9f88e27e523cc13f47f2247997504261414c3593adcde75821ab9edd3ee903ea60d7db0ff2b0d9705b767391b4f35f3bcdb4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
104297316f7fcc6d6f2fc266e5d47eff

SHA1
920c1cee40f2116fb29ac88e10c2b391c3de52d7

SHA256
226e22fa0cc973de14854c15f4a4b5a16f2c7917583e698c3f098db96a2e5632

SHA512
fb0b6f99a80c129399b8bed4749399616f09b3de41a83a6faf2c0a490f703b0499d6794bf4770003210a87ec95a6bfa49b5b5f4df4e427fb7bd7a51937f83279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8c1e81fc32d6a2a5d1df824012a46df5

SHA1
b329df37009948e419cd7067c29b650e58ff2a58

SHA256
d25dc24d8813769ac96401a52c1564ee433069657df03743f84b7007aebcd4e2

SHA512
f8d3f01a80b4089b6082a98977fa16731214d1c401cba82d10d6b612954a410cfcb8581376b397a4e048d5c67ef171403122900be4911f4ba18a450b1fd7c38c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5bd1f94f645941814aed34280113e9df

SHA1
135d27570ebef1347f22dcd3ed0695a65ebd1783

SHA256
df277d56dc66c3dfb2cc2db1ab0bde9bd2b1f851a36c5cc87cdf169fff832808

SHA512
4c12edbcceb98133ca0129a0ff30d29c2c4bbe2f437c3aed7f69f28cb46e2f4b1d0435f935b80f9974bb9ed41016fd68eb226d1f349d40ecf739e44820d2f806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
2a3bed4c9d520cb85c811bed8331c9f7

SHA1
31f7e54285fd385c11202174c5eea9cd7d93f51b

SHA256
d8b00d88cefb234aa52478f3acc18b29b1eef7fd5ad9941b3223671a74e78aa0

SHA512
bbacf00954e80544e46edf6f5354047f0aa2746432ff95206ef5d7a943ceaa5332686e3199bdceede7eef65972933bb1ba6d0862ee75a46eb41296ac7d3bb5c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
f7f67ff0ca15e97488ff80780bae760f

SHA1
71f6862666fc48fdad7cbc9c99c8e6692be6d185

SHA256
634e405aea9d6333d85065172495525b701fa527975b364853515376b496b8e3

SHA512
85e22df4a5b4d2c5197480f479a98c680b2bd109635c36ca212d2164b246b87aeed475d892c86e129d6931943bdbd0bdbaf637367ec6ec59385bcc935ce6def8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
46192523d6d0296289c91707285d09bd

SHA1
9c0d0c61255098fad602fa755146a01d09a0ecc6

SHA256
e6126a822b9b1816d2783a4cc5b276eb2e2fb3596309583501cd7cd43fc46118

SHA512
4cbef426495a33429160f3d6fa68f8b195414a3ec8f81c7e55d6496de70b0148d1dd6f4b284f08427680d008954013f9f259435982c119ac9336cfe075ea7f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
54fffebe0fb40a95617f7d60807f9e88

SHA1
a71ed068ec3fb84c3a24ed963a709fb120f634e8

SHA256
d4ce15814acdaaa360e71f1bdd5bb803fc360e57bf5047c87b1c2cd471ba4506

SHA512
4972efee8f124bff993e5abc7c1de557c568c84744202cbf59f7cb844c89cd7e30fda38c5a3c8364049bd5edeefe0954b3f869e2459739df8f6a5ebc02d9d075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63b128ffbf6568790879ced93acdf389

SHA1
14b62957a87b0b2fad47a599e73f752a4c4161e0

SHA256
867ee430dc5c5f642110f5a6aaf83af489df985ed2ea578fa6b6c1f9578fec70

SHA512
62014022aae97ceeebf6596eabef601b963c8cd3ec63d5bf402541b0beb5f06c861af02dba6b4567c39f4d0d16625707ee42a006b9dd3633e54e2fd1865aff2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0acfffe0ca7e7417ff8d0cd67790a10c

SHA1
8c1c1fc43d5a67939da747415b01e673712d918b

SHA256
d61a39d33f71b66afc877c45248e2f04d18bee17881abf77e34eb33f32b3e57f

SHA512
364c8ba44fda718e199875ef32204e806e33808018396859e3d79d45adec683bf5376b6d67ba2c75cfed94423de74841ced2aef467013a60f42917df692dec27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df714fd0e1e663d8783b9ae6ac375502

SHA1
186b11a7d7bf4a63ff6f6aa8c61140f46d47c923

SHA256
3ed193517d220da68e3eb0eaed3ea514c28fe2f8285a1b5938d340d3b2ee66e3

SHA512
6c44b47f6761ac66d30eeb405db137d51b3244fcb14c4d5689a179468051feb674b8b2086ada89e5f1924cf758987f36eff4580e500b02cf6a9f0c882c22b110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0062369a8da47139f63a4d6b56354e3f

SHA1
633ecbe1d176673f32689fadaf3ebdcb645881d2

SHA256
30e671980e27faf5a1a7ccee0d44e737e78366e91a3ce20351a60cfcba950220

SHA512
29746b940dc23ce3f95e3f9c93b07b1b84f76c18ee7a70400b9291528826a83a59df9094853326089ac593fb09087ecde386c1aa84751c4215fceaa52f801d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b7ff3cb0dd64386079ac97d0aa19ed79

SHA1
90a3f4c352dfd759dc084c04d25bb66ba18bad3b

SHA256
f31b996586ca150e0d1a5ef729e227943886e33692928ce43d03eb956c08d55b

SHA512
18d14a56827b37eed3b6c1d1a424bf28e208631f1a7b69038cad89f3310636bd962f4bc7a618aa86200406bc1a0f4e486edab4e642860a80bb9b6eba0a978e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf148e430896c44729814d40f744c20a

SHA1
ddc1bd3fb17d32e7c2f1a20bc17fa438256cb050

SHA256
37f7bb8ad92fe93bae83178f61f5d63f6c3bf36d9bdf9ebea8891ac8d730f2b9

SHA512
992c73d4b561de95301982c6a04a02ab560767dccac17817877a10d3d42b19fe3aaec78f7aadf4067d4a2d0b0fe07e4f8eef97d8979266e6d71814a10a3ab644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70a7ca767b81f3dc651de236c3867159

SHA1
89992babd034e3c259c86668b69660952ede53a2

SHA256
0ab5c34501335b08b0adb6647b7c6896bc901cf6d7f778a590e62c6060d927b1

SHA512
c4e750972e8b5a3fa38aa7b7746116d291aaa0bfb97aeaffd0d8a4aa759dd8b230708fb7d0952b8889a7a42eab9ec3ea517da7cd509efee5cd23611f586b2a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e4a450597922eb82ddc23faad31054a

SHA1
ad7e11953da7a7b199aaf104fdda30bc0603a43d

SHA256
37e1b657137f6ffafce9e563ffa8f24193219f67282636563b6b949978f26651

SHA512
d8e2dcffa1e8a1b6b4f610f8f79a6b416aa4d6b22e3ffbfe437502765c0409f76d4ef7e2b4f3898d7a02dbd42466157c30e5a3956d9439c34ee45e563bc31814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ed6cf4a6a3514a1dd2b59f985d9f283

SHA1
010db184532889aafa9c75dfbc46aa1564a325a5

SHA256
94a53285ca4c329df333eeee7dcfc3910f123e5ce031451496099f2b4c963940

SHA512
2b109e1cc7ec47d1981bdd767e827039881f64730fc5e8c9e99f033f5418cf004c64e0ae16f85308c1c28e713c930b91b54d6876c7479c1e40f83545bab9466f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9194c921b56d89674eb6e618749fe610

SHA1
48f8df1c4f622bf8bdd0b8d2c30ed107f691378a

SHA256
53bfe35a28be1a3167878b9add5acbf4797812d035beb154601d5a0b176685fd

SHA512
3e29329525b16c6409582f7797316db515154641f217152e8358eab534497e4d7c7a8250a930f530b5bc8b09254e512fa035db82f7bb6ac909e6f5a6a301b2f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
9f662ab30ac358e7ca062a0782fcd972

SHA1
a523fa052ffbf1cc7c17577baebb90e0b10a0182

SHA256
1684e9173db5bdc857b1af321c5d7fde618d0e07a56cc1d2d6d2fff29253e17a

SHA512
88825ca6aa106b29aae491084943b4e3d539333ac6f04cdb1c7dd8b59a8e2c3ffaf1a7fecbf9871466bcbc7cf7ac96d33336f572f9c1dd38fac387f0affc2f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
a9f512639f1b8b9197fbb767ea8e2609

SHA1
09b0a1417cd59d04fc454094751d870eb409e7df

SHA256
ff7d7c0aeb2dc889b9d642bce202357d21a171ae952095eb7469fb10e8d0bee8

SHA512
52db76cb68dd015430d65f7fa5a6adf643a371299699256ad92908f0213a166694e39f4e8c711769f135b103135685f7caf469920eb2987c2af41430b6fb6e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MinecraftModPackBedrock.exe.log

Filesize
226B

MD5
916851e072fbabc4796d8916c5131092

SHA1
d48a602229a690c512d5fdaf4c8d77547a88e7a2

SHA256
7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

SHA512
07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8013.tmp

Filesize
1KB

MD5
4b33ed3a0e2c092acc0b2628af9dc349

SHA1
7db91f36be664e7f012ddf5fd30a8c43bd01aa89

SHA256
cc4319a23fce2644ac6a55f81db3e761317d67df0d149237f015cb0c019c00dc

SHA512
92238b4b20dbbf2aa8b55b79a2745e342542bde5956b84d970a2a86ace2abcd9174f4fb1d12bdfcbad4cc8ce1c7e008d97e4c2d815aa6613a1d928fd6a11442a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpAC7C.tmp

Filesize
1KB

MD5
f5f470e2965b765e7c01ea26fe92674e

SHA1
3eb9a3518ae95beb592ad893575de7dd50964e7c

SHA256
31f19df246c4b2abf6e11a2d3ea489b2838373a67b935c290995a196133e5f3b

SHA512
a1438093fcd68693532fc81a1be84002761aa85c6f0095cd7d9cf918008adca7ea4868fe4d47639fe0cddbda598b2db56539712e3417f7a3a48dd24d879e5891

Download Submit
C:\Users\Admin\AppData\Roaming\XenoManager\MinecraftModPackBedrock.exe

Filesize
447KB

MD5
7ffb057756968e3f079a8495fcdf3f29

SHA1
12f35b1e806a0246fb3d6bb7d43a86903f319a41

SHA256
6958e71ec05520b33c77de4fdfca9fb56c41699a0b47af066fca79e5df70eb73

SHA512
77c069eda9de18f967666e9ddc1daa5e3a8f14dfd01c2c5e4756b981ae879d87b8cf02fb7029f5d451ecffc951ab78e5474196d90a52c2057f2c733527ab821c

Download Submit
memory/932-57-0x00000000751D0000-0x0000000075980000-memory.dmp

Filesize
7.7MB

Download
memory/932-58-0x00000000751D0000-0x0000000075980000-memory.dmp

Filesize
7.7MB

Download
memory/932-14-0x00000000751D0000-0x0000000075980000-memory.dmp

Filesize
7.7MB

Download
memory/2320-0-0x00000000751DE000-0x00000000751DF000-memory.dmp

Filesize
4KB

Download
memory/2320-1-0x0000000000330000-0x00000000003A6000-memory.dmp

Filesize
472KB

Download