914d9923c7fde7a120b5f74a9e701656b5807346de737bd2073d28c78d413ac0

Analysis

max time kernel
334s
max time network
349s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
14/02/2023, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

X Minecraft Launcher.exe
Size

147.3MB
MD5

fdd496a77d058b34d5feced6b583a15f
SHA1

ec4d54e49d9704b87f2755edefcaf1fb04ea7f6f
SHA256

62372f42a5d26effd3e53aebf542b08bc52b487030b1850085196360d996416f
SHA512

a2f86770d4118ea5034855cc403cd873544995558eab05ebf381ffe282cca31d5ca0352257706fc2027bea87e8e99828ebb9be71010dc605ad932f38e8416a3a
SSDEEP

1572864:Z/38p53ic9tZ4K5MTYxdX00W3h/uORAbsIsdStuFpAB48vSFYcK4QkGux:hEG0MH1ikxx

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\International\Geo\Nation	X Minecraft Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\International\Geo\Nation	X Minecraft Launcher.exe

Executes dropped EXE 1 IoCs

pid	Process
2036	java.exe

Loads dropped DLL 12 IoCs

pid	Process
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
2036	java.exe
2036	java.exe
2036	java.exe
2036	java.exe
2036	java.exe
2036	java.exe
2036	java.exe
2036	java.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
4820	WMIC.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\xmcl	X Minecraft Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\xmcl\URL Protocol	X Minecraft Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\xmcl\ = "URL:xmcl"	X Minecraft Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\xmcl\shell\open\command	X Minecraft Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\xmcl\shell	X Minecraft Launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\xmcl\shell\open	X Minecraft Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\xmcl\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\X Minecraft Launcher.exe\" \"%1\""	X Minecraft Launcher.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
2220	X Minecraft Launcher.exe
2220	X Minecraft Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeIncreaseQuotaPrivilege	4820	WMIC.exe
Token: SeSecurityPrivilege	4820	WMIC.exe
Token: SeTakeOwnershipPrivilege	4820	WMIC.exe
Token: SeLoadDriverPrivilege	4820	WMIC.exe
Token: SeSystemProfilePrivilege	4820	WMIC.exe
Token: SeSystemtimePrivilege	4820	WMIC.exe
Token: SeProfSingleProcessPrivilege	4820	WMIC.exe
Token: SeIncBasePriorityPrivilege	4820	WMIC.exe
Token: SeCreatePagefilePrivilege	4820	WMIC.exe
Token: SeBackupPrivilege	4820	WMIC.exe
Token: SeRestorePrivilege	4820	WMIC.exe
Token: SeShutdownPrivilege	4820	WMIC.exe
Token: SeDebugPrivilege	4820	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4820	WMIC.exe
Token: SeRemoteShutdownPrivilege	4820	WMIC.exe
Token: SeUndockPrivilege	4820	WMIC.exe
Token: SeManageVolumePrivilege	4820	WMIC.exe
Token: 33	4820	WMIC.exe
Token: 34	4820	WMIC.exe
Token: 35	4820	WMIC.exe
Token: 36	4820	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4820	WMIC.exe
Token: SeSecurityPrivilege	4820	WMIC.exe
Token: SeTakeOwnershipPrivilege	4820	WMIC.exe
Token: SeLoadDriverPrivilege	4820	WMIC.exe
Token: SeSystemProfilePrivilege	4820	WMIC.exe
Token: SeSystemtimePrivilege	4820	WMIC.exe
Token: SeProfSingleProcessPrivilege	4820	WMIC.exe
Token: SeIncBasePriorityPrivilege	4820	WMIC.exe
Token: SeCreatePagefilePrivilege	4820	WMIC.exe
Token: SeBackupPrivilege	4820	WMIC.exe
Token: SeRestorePrivilege	4820	WMIC.exe
Token: SeShutdownPrivilege	4820	WMIC.exe
Token: SeDebugPrivilege	4820	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4820	WMIC.exe
Token: SeRemoteShutdownPrivilege	4820	WMIC.exe
Token: SeUndockPrivilege	4820	WMIC.exe
Token: SeManageVolumePrivilege	4820	WMIC.exe
Token: 33	4820	WMIC.exe
Token: 34	4820	WMIC.exe
Token: 35	4820	WMIC.exe
Token: 36	4820	WMIC.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe
Token: SeShutdownPrivilege	1932	X Minecraft Launcher.exe
Token: SeCreatePagefilePrivilege	1932	X Minecraft Launcher.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe
1932	X Minecraft Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 4144	1932	X Minecraft Launcher.exe	67
PID 1932 wrote to memory of 3460	1932	X Minecraft Launcher.exe	68
PID 1932 wrote to memory of 3460	1932	X Minecraft Launcher.exe	68
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69
PID 1932 wrote to memory of 1444	1932	X Minecraft Launcher.exe	69

C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xmcl" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1484 --field-trial-handle=1716,i,13392943052220957015,14696704163390144467,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:4144
- C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xmcl" --standard-schemes --secure-schemes --bypasscsp-schemes=video --cors-schemes=video --fetch-schemes=video --service-worker-schemes --streaming-schemes=image,video --mojo-platform-channel-handle=1896 --field-trial-handle=1716,i,13392943052220957015,14696704163390144467,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  PID:3460
- C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmcl" --standard-schemes --secure-schemes --bypasscsp-schemes=video --cors-schemes=video --fetch-schemes=video --service-worker-schemes --streaming-schemes=image,video --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2800 --field-trial-handle=1716,i,13392943052220957015,14696704163390144467,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  PID:1444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic logicaldisk get Caption,FreeSpace,Size,VolumeSerialNumber,Description /format:list"
  2⤵
  PID:4044
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic logicaldisk get Caption,FreeSpace,Size,VolumeSerialNumber,Description /format:list
    3⤵
    - Collects information from the system
    - Suspicious use of AdjustPrivilegeToken
    PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  PID:3300
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:4528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "REG QUERY HKEY_LOCAL_MACHINE\Software\JavaSoft\ /s /v JavaHome"
  2⤵
  PID:3948
- - C:\Windows\system32\reg.exe
    REG QUERY HKEY_LOCAL_MACHINE\Software\JavaSoft\ /s /v JavaHome
    3⤵
    PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "where java"
  2⤵
  PID:4196
- - C:\Windows\system32\where.exe
    where java
    3⤵
    PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -version"
  2⤵
  PID:5032
- - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -version
    3⤵
    PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c ""C:\ProgramData\Oracle\Java\javapath\java.exe" -version"
  2⤵
  PID:3980
- - C:\ProgramData\Oracle\Java\javapath\java.exe
    "C:\ProgramData\Oracle\Java\javapath\java.exe" -version
    3⤵
    PID:4712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\Java\jdk1.8.0_66\bin\java.exe" -version"
  2⤵
  PID:4504
- - C:\Program Files\Java\jdk1.8.0_66\bin\java.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\java.exe" -version
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -version"
  2⤵
  PID:3416
- - C:\Program Files\Java\jre1.8.0_66\bin\java.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -version
    3⤵
    PID:4732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c ""C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -version"
  2⤵
  PID:364
- - C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -version
    3⤵
    PID:4720
- C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\X Minecraft Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\xmcl" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3824 --field-trial-handle=1716,i,13392943052220957015,14696704163390144467,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\java.exe" -version"
  2⤵
  PID:2052
- - C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\java.exe
    "C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\java.exe" -version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
11530ac24030824836f046e448c5648f

SHA1
1245ff8c15453daf920577d0b781ea843fd52be6

SHA256
a0d5b65f86b5adaa9ab4284b50a104adf6320032fb3e9a7d176869c2ccef51d0

SHA512
9c88d7965b9cf8f9ee9a45817239867a5fb1e086a3c4ac42881a84a01ba65e92b73949209040901fef2da36d97b1354da7699213a254d312ee58107fedf81e48

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
11530ac24030824836f046e448c5648f

SHA1
1245ff8c15453daf920577d0b781ea843fd52be6

SHA256
a0d5b65f86b5adaa9ab4284b50a104adf6320032fb3e9a7d176869c2ccef51d0

SHA512
9c88d7965b9cf8f9ee9a45817239867a5fb1e086a3c4ac42881a84a01ba65e92b73949209040901fef2da36d97b1354da7699213a254d312ee58107fedf81e48

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\VCRUNTIME140.dll

Filesize
93KB

MD5
ade7aac069131f54e4294f722c17a412

SHA1
fede04724bdd280dae2c3ce04db0fe5f6e54988d

SHA256
92d50f7c4055718812cd3d823aa2821d6718eb55d2ab2bac55c2e47260c25a76

SHA512
76a810a41eb739fba2b4c437ed72eda400e71e3089f24c79bdabcb8aab0148d80bd6823849e5392140f423addb7613f0fc83895b9c01e85888d774e0596fc048

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\java.dll

Filesize
133KB

MD5
7e32397abbc7a355abf9076deb34a27c

SHA1
b92581cd891858644756921c781bbab5a85349e5

SHA256
8c34973081bf021ba14a5be50702ccec37f6dc4657c33af5240a8f0fd13be628

SHA512
6ad2a15311e7f253616172ed5511fe3ea2790fd4b416972362fd2b475d7e54ea6a99962c136fcebf2fad3a2b3ed8459e74aec799888e42c7e72fa7a43fde8f5c

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\java.exe

Filesize
38KB

MD5
0a2b4e28fb35922b4fe8b2b6bcf89103

SHA1
bc0c8cc28a1398b71d83281118e44c2e6e529607

SHA256
3a7d9763859da605bb2f722379fed21d468810eea52e4a5ecf7f4bb7c7a1406d

SHA512
8bb15e95f79efa251af54241b00f149cb584b9c33cdbb0ae46bd85b989c50c09e900a0639732f3b30c1d4ee5ab3cd374b71689081ad18a78ed7ffc5903f748da

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\jimage.dll

Filesize
23KB

MD5
ef27ba957a4010db01af14bef9ac4648

SHA1
f6d79ae0f70db32058e3966075cad4cd66cba680

SHA256
3551c254835f8341a963c576989567deb5bfb49c34e7aed45d6be68576921625

SHA512
dde0302178eb876d2703e28ab467b5c51e52fae348eb66f01b4d0d7568f259f3d917cbe49c56952ca47f4b0b295ba4fa56fdc7394f05bfe7e42ee29bf58130fb

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\jli.dll

Filesize
75KB

MD5
e5eec73245511f15cca3fab7ccfd2561

SHA1
3b503195aaa6b80ceb0daabd12c0785ab423daf6

SHA256
a8a40b62795c4cf0e8ac4cf34b7d456a281413a964d18e2d1024965992bee552

SHA512
8d2f47f58da4cbcdad57ef4f70b1cb1781bc3e4c56400ad512d6b614ba6b579ef8cfb31f53046b3607d05be14cdc26be34dcc1d0549967f4012535ea31d0540c

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\msvcp140.dll

Filesize
550KB

MD5
4b6ba0947f115ae9fd3016d26d57abb8

SHA1
aabaff269c8777bd93ae8962472ced3eb63439a1

SHA256
254df96324d019a7c4213abd4178944b8bf2873d0c3edc1835d4c668f83d7c37

SHA512
5b531ffbfe19871fa5d327566e7d97fbe693ece91f0945f457e92988c17d07c2dc595e12e4cbf3e48cb0c66460316af2a72e042cda8bb612791b447b51975509

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\server\jvm.dll

Filesize
11.9MB

MD5
c8d74c07d2c8a162ee904382fa80e5b9

SHA1
45a07bb7b661aa1df85cc01b201eb99015540530

SHA256
9230e84183c672e28e1a3633c79538fbd990131ab7916b1374a372dc749443b5

SHA512
7383ce803811f679c8ee62ff72f16b6aec2180c11697363505ad115d853589b3a3d1187205dccdc4ba6d88ea5d2948764f45779fd272ab18a818927207ef646a

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\vcruntime140_1.dll

Filesize
35KB

MD5
4dc09ca657822c2e8160255f767597df

SHA1
d1a553e6cad4600020113fe2887f5deb0db588c8

SHA256
922124ba0821aa864a0261ed88bd25f8e40f94c24d00d389e23cd9ab2bfc6ba4

SHA512
1504a4c32aefb58b20bfeab4f6e45ddb1b4feb08cfc9b6098b0e0b8d770d2ec5cd53a0506f212a2d4f406a1f6aae5bb03bfe8b87f55a61671e9cbbf684d77e19

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\zip.dll

Filesize
74KB

MD5
5d927819d07a01f0d12e58bb2c70f44b

SHA1
e8cb672714216fedc87c6cd0d4185ced1ba8e4be

SHA256
596fddb31d68d212e34eeb4b5da9578e9783ed1c4a3523bf898f4470c36a15ce

SHA512
e1d2cd13865aa783e006403ef6f9cfda7ff6c54cab9746c10d422d006cdfaaeaa96d9b1f2fd9fa201fc312dd3da4fb8e864a1b4e0e3e7b6590be237ff33dae20

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\.xmcl\jre\java-runtime-alpha\lib\modules

Filesize
60.8MB

MD5
00d57373cc4d960ae79034df74b34db8

SHA1
b9a2a9054c157a8ab20175f6e031f1604e112a30

SHA256
62a1c9272a929827bed9689e24fb3f080e825c071372b95df98fcb582371ee7f

SHA512
d875439a0702549257af3c153686eaa548bf4eeee8566bc6768aca0fdc251d167921bf85b67c1e387509cb0e13eebb12596a98e2bcbf62ab22c522df86693fbf

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\java.dll

Filesize
133KB

MD5
7e32397abbc7a355abf9076deb34a27c

SHA1
b92581cd891858644756921c781bbab5a85349e5

SHA256
8c34973081bf021ba14a5be50702ccec37f6dc4657c33af5240a8f0fd13be628

SHA512
6ad2a15311e7f253616172ed5511fe3ea2790fd4b416972362fd2b475d7e54ea6a99962c136fcebf2fad3a2b3ed8459e74aec799888e42c7e72fa7a43fde8f5c

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\jimage.dll

Filesize
23KB

MD5
ef27ba957a4010db01af14bef9ac4648

SHA1
f6d79ae0f70db32058e3966075cad4cd66cba680

SHA256
3551c254835f8341a963c576989567deb5bfb49c34e7aed45d6be68576921625

SHA512
dde0302178eb876d2703e28ab467b5c51e52fae348eb66f01b4d0d7568f259f3d917cbe49c56952ca47f4b0b295ba4fa56fdc7394f05bfe7e42ee29bf58130fb

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\jli.dll

Filesize
75KB

MD5
e5eec73245511f15cca3fab7ccfd2561

SHA1
3b503195aaa6b80ceb0daabd12c0785ab423daf6

SHA256
a8a40b62795c4cf0e8ac4cf34b7d456a281413a964d18e2d1024965992bee552

SHA512
8d2f47f58da4cbcdad57ef4f70b1cb1781bc3e4c56400ad512d6b614ba6b579ef8cfb31f53046b3607d05be14cdc26be34dcc1d0549967f4012535ea31d0540c

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\msvcp140.dll

Filesize
550KB

MD5
4b6ba0947f115ae9fd3016d26d57abb8

SHA1
aabaff269c8777bd93ae8962472ced3eb63439a1

SHA256
254df96324d019a7c4213abd4178944b8bf2873d0c3edc1835d4c668f83d7c37

SHA512
5b531ffbfe19871fa5d327566e7d97fbe693ece91f0945f457e92988c17d07c2dc595e12e4cbf3e48cb0c66460316af2a72e042cda8bb612791b447b51975509

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\server\jvm.dll

Filesize
11.9MB

MD5
c8d74c07d2c8a162ee904382fa80e5b9

SHA1
45a07bb7b661aa1df85cc01b201eb99015540530

SHA256
9230e84183c672e28e1a3633c79538fbd990131ab7916b1374a372dc749443b5

SHA512
7383ce803811f679c8ee62ff72f16b6aec2180c11697363505ad115d853589b3a3d1187205dccdc4ba6d88ea5d2948764f45779fd272ab18a818927207ef646a

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\vcruntime140.dll

Filesize
93KB

MD5
ade7aac069131f54e4294f722c17a412

SHA1
fede04724bdd280dae2c3ce04db0fe5f6e54988d

SHA256
92d50f7c4055718812cd3d823aa2821d6718eb55d2ab2bac55c2e47260c25a76

SHA512
76a810a41eb739fba2b4c437ed72eda400e71e3089f24c79bdabcb8aab0148d80bd6823849e5392140f423addb7613f0fc83895b9c01e85888d774e0596fc048

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\vcruntime140_1.dll

Filesize
35KB

MD5
4dc09ca657822c2e8160255f767597df

SHA1
d1a553e6cad4600020113fe2887f5deb0db588c8

SHA256
922124ba0821aa864a0261ed88bd25f8e40f94c24d00d389e23cd9ab2bfc6ba4

SHA512
1504a4c32aefb58b20bfeab4f6e45ddb1b4feb08cfc9b6098b0e0b8d770d2ec5cd53a0506f212a2d4f406a1f6aae5bb03bfe8b87f55a61671e9cbbf684d77e19

Download Submit
\Users\Admin\.xmcl\jre\java-runtime-alpha\bin\zip.dll

Filesize
74KB

MD5
5d927819d07a01f0d12e58bb2c70f44b

SHA1
e8cb672714216fedc87c6cd0d4185ced1ba8e4be

SHA256
596fddb31d68d212e34eeb4b5da9578e9783ed1c4a3523bf898f4470c36a15ce

SHA512
e1d2cd13865aa783e006403ef6f9cfda7ff6c54cab9746c10d422d006cdfaaeaa96d9b1f2fd9fa201fc312dd3da4fb8e864a1b4e0e3e7b6590be237ff33dae20

Download Submit
\Users\Admin\AppData\Local\Temp\2d74964a-1fe7-46cd-af04-d7649d549321.tmp.node

Filesize
73KB

MD5
0edb862a68c0d694d71134586c05b482

SHA1
b9981669ae6cfbc8f550e4ad82e020781fea3441

SHA256
84c66b80f6bad7ab18fa6f62cac8e3b01623853d7de2325badd6141473be77aa

SHA512
31040ce541dd7c849e97ee02b11d0b7f577f8d7b7f63ca93ea5c11700fb1dd619fd3b807bfca906630340486eba23d3bc1e6c9f66550abfce21d914dcc2767de

Download Submit
\Users\Admin\AppData\Local\Temp\4eca57be-e144-492c-8567-c53772d1dd6d.tmp.node

Filesize
4.3MB

MD5
3628d6b272c926c434848ff2677a081e

SHA1
8ff2faa7919a9848bb109e6958246b4c207525a4

SHA256
f051cc30cfbe0b76a0d80ac2843b6c356559f8672814e17caf9e791e74a1060a

SHA512
b3d9bff44b89de9ac86a0e1b088887aa6a52e7ebb15d6b66752aeb02c76cf226885ba51c595e8f4078cec7c1138a2c56fcfc9e3060fdd4204493e613fc8b7dfd

Download Submit
\Users\Admin\AppData\Local\Temp\6a033eb9-2a4b-44ac-aa1a-055bbe95f280.tmp.node

Filesize
691KB

MD5
c5c99144e2e1589628e14999ba59ad73

SHA1
9c80f8de6b5cdaf38677d5368b5287bacb9e465a

SHA256
90e35de89ab5e5f9290e4ff1bbadcf221a82b2aa0d9b922187dc980adff3c831

SHA512
0bcb99953397c6604d8e08bf2ba89248ee82f92436c2dcc779157b65227b0e1350927273a1b6d150a9db914d0a8830680df05ef651ee291b40657a3025a721c5

Download Submit
\Users\Admin\AppData\Local\Temp\b88a12f9-42a9-45cc-b848-5cee200eaa42.tmp.node

Filesize
497KB

MD5
b3b26cf1cf99c49d123dab7fe2cb164c

SHA1
95c052362013133592e7a51cae5dfc5bc56d83f6

SHA256
803183d01ea9ace8bd35bc03438311321fd16d7eebab19e716cffc05c05fecf8

SHA512
46d0f3209966a5885c2a907ffb49f23ce863ed6907bd27764ce2de7824aac0d3a349ab79b4752da6d389ab48b6f9de30e3d4e0e3de78c6a138f0fcb248ded6ea

Download Submit
memory/2036-248-0x0000022255FF0000-0x0000022256FF0000-memory.dmp

Filesize
16.0MB

Download
memory/2036-250-0x0000022255FF0000-0x0000022256FF0000-memory.dmp

Filesize
16.0MB

Download
memory/4712-222-0x0000000003030000-0x0000000004030000-memory.dmp

Filesize
16.0MB

Download
memory/4712-219-0x0000000003030000-0x0000000004030000-memory.dmp

Filesize
16.0MB

Download
memory/4732-179-0x0000000003070000-0x0000000004070000-memory.dmp

Filesize
16.0MB

Download