42ceb113fa069345bbb34ccbe04664a8bf17521f793e104a83002f07e15e02e5

Analysis

max time kernel
1800s
max time network
1590s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
01-08-2023 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KLauncher-Installer.exe
Size

8.4MB
MD5

877050bc5baf4ba18c94b215f293a3cf
SHA1

57fad8d44772a61e05d0fdb801ca7a5e5f0c4c83
SHA256

42ceb113fa069345bbb34ccbe04664a8bf17521f793e104a83002f07e15e02e5
SHA512

20d4ade62baf01c29e8f3b69e6c55fa236b50e72f64c1f7685149f777132947f85658071401d502563e4feffef8fc2910f85c05474865312c643be7b46706645
SSDEEP

98304:SiRxvVu3wMWPYjmVbPbGe7idO6HVyW2iI30Ge2JW9GULDvVAlZn:9ufu1lsV/luWUULDvVAlZ

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Executes dropped EXE 4 IoCs

pid	Process
1416	KLauncher.exe
1016	javaw.exe
3440	KLauncher.exe
1612	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe
1016	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2264	1016	WerFault.exe	73
4880	1612	WerFault.exe	76

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5d3c6ccda0add901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a2eff0c0a0add901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 546952c4a0add901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\Certific	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.msn.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\Certi	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "394545479"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{08BE6528-978C-47D1-AF19-4E8708A06763} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
3356	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1692	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1692	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3104	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3104	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3104	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3104	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2544	MicrosoftEdge.exe
1612	javaw.exe
3356	MicrosoftEdgeCP.exe
3104	MicrosoftEdgeCP.exe
3356	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 1416	4896	KLauncher-Installer.exe	72
PID 4896 wrote to memory of 1416	4896	KLauncher-Installer.exe	72
PID 4896 wrote to memory of 1416	4896	KLauncher-Installer.exe	72
PID 1416 wrote to memory of 1016	1416	KLauncher.exe	73
PID 1416 wrote to memory of 1016	1416	KLauncher.exe	73
PID 3440 wrote to memory of 1612	3440	KLauncher.exe	76
PID 3440 wrote to memory of 1612	3440	KLauncher.exe	76
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 2132	3356	MicrosoftEdgeCP.exe	90
PID 3356 wrote to memory of 2132	3356	MicrosoftEdgeCP.exe	90
PID 3356 wrote to memory of 2132	3356	MicrosoftEdgeCP.exe	90
PID 3356 wrote to memory of 2132	3356	MicrosoftEdgeCP.exe	90
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89
PID 3356 wrote to memory of 1552	3356	MicrosoftEdgeCP.exe	89

C:\Users\Admin\AppData\Local\Temp\KLauncher-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\KLauncher-Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
  "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1416
- - C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1016
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1016 -s 120
      4⤵
      Program crash
      PID:2264

C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
  "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1612
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1612 -s 1412
    3⤵
    - Program crash
    PID:4880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:824

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1692

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1552

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KFR0RUGG\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z51TN6D3\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

Filesize
18.4MB

MD5
c9cc120a6dd3f9b081f8645a39b27488

SHA1
82d87a41435c61ff1c55106d683612fbcad54b85

SHA256
4c3f151876d2a3f51081eb77bd8894ed54a29d49acf0572a4370e8936948f891

SHA512
e50319547e9eaa03a102dc118f0b3dd46efd71e974b61dfb06b4a684ca213931ce5214b207210a9c76986bff97924cf489f09a8830d2fc14f36a6d06c9cfeec3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

Filesize
18.4MB

MD5
c9cc120a6dd3f9b081f8645a39b27488

SHA1
82d87a41435c61ff1c55106d683612fbcad54b85

SHA256
4c3f151876d2a3f51081eb77bd8894ed54a29d49acf0572a4370e8936948f891

SHA512
e50319547e9eaa03a102dc118f0b3dd46efd71e974b61dfb06b4a684ca213931ce5214b207210a9c76986bff97924cf489f09a8830d2fc14f36a6d06c9cfeec3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
2c146bc8d73b8944f35506241b9953a9

SHA1
ac64abd745418cea35c0506b9cb0331b171b51ea

SHA256
89384f8f64a9b7f67c8deccaa721e2d76b8a17026d8083630859ed0cd1a9b58b

SHA512
02713948a156baccb2e7c38646193e82fef65400c086644866b698bc3e0a8c155a8eab829463e3868ce2b8a06608c5ea6de1e390bff976c5f92e2e42dd6c04f1

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
20KB

MD5
7a55e51d07e1f15221eb11479adbc53f

SHA1
8d8e2beff4dfa78372201b26a67b9dc4b116290f

SHA256
f901b0bc8c00b3afc80e151e6f54b18f7672f932602c304fbfeedd5aa3ad63c8

SHA512
e89c0e45014abdaf7548de0352949c4ad496d97cad2f9e2f6c83a90f853b7b71354b9abbb957eff89076df79bdc9cc1c431b6f35875550bfb4198c3a68124197

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
20KB

MD5
f0c9c56f56ffa3adc548173569dbd793

SHA1
220a56b84cdb8cd403483d3f6b4bb526fe198fd9

SHA256
12d801992bbb09d43bb90330bb96e77bf12e669c325dda4b5235942221c301c8

SHA512
28e24a2ccedfaf01aef615c1df7f8c76ff0eb06d992eb1b422f902d6d96357ba6a353e31ca9b1fd305e7de7a437ee6a7f2f01bfdf27c4a88c805693ae2b6352c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
20KB

MD5
02d669afdabfe420598041b848b71158

SHA1
25c0fdbc04ffcd570db041d02842d7530afeeb6e

SHA256
64a9ac181fd91b79270bf01759749394f57be171436ed46f43d165325bb82067

SHA512
5321290ec277fca8840e6c9cb7e77d39e820b1d98ef9c29040efaf2a7628c023209c936e08abfb6962a795130874544db25e1bac0d16256a1ebbca0fdcdaa81a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
20KB

MD5
944a33d971704ff815a6c90733d0a72e

SHA1
7d8b9f68a3983a1b86bf4bae085cd5ca6f464921

SHA256
44822ae123a3d6c3a8bdf9a4d65a4dc89eb31004c72fcfcefa1dc3a53ff3eab0

SHA512
4d93dece856a24e50f12a53155e07f1aab501b17e7bbfcce205e1b37d2799caf3681b1770c522ba986ac3badba59d5d95a7526fe19f86a7b0d3d933ea73754e2

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
fec01082bccddadad0814f30b43ab078

SHA1
a6f6d9b61bb743651d3f65824d06427ca492c120

SHA256
c15dacec228f40ce4c5b9d69bba5e6627bc484c6e9d6550a76db6f332e9f7734

SHA512
c6039c366cb47ca31c7501423384afc0678a07abeb0ca1d97ecb5aa3c3e3acf84c9551dea1e56d1dbd4472dab70eed1c79d1c0612ba2730327ce6d0dc151c441

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
20KB

MD5
31ffff2c6539b3d2f575500300b93d6b

SHA1
e28e8919150fca0cb385f55a4ec4d23058d92fbf

SHA256
6dcbdab7fa8cf66f4a05d1f5166bed33cd88bee1d37af6128f18184e6c301709

SHA512
716f42f0dc530774665982f189a1fbf0371aceb4087de67e5b677cb18a687900c73165a57ae8229b53744e2490d4f04a54686e09da3b5d8705e1df5b804fe27d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
20KB

MD5
c7120579bb8f56f8cd4e0d329ece3e9d

SHA1
0b35862dcc9654fc4ede338c26d0368c112d4ba9

SHA256
2e00c0176952d7c009b93c40949f91f0ab367a1b274ee78b736bf563f0344da3

SHA512
6172179c349f9952e6fb47a72a459ee29563a511d9da2a16a265625f1d8ca40ff9bd52f78a26d29b5297e7413bfa22a9797df2934a68ea551d0ab45914ee7822

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
20KB

MD5
1144ced0d8198c39f62fc71c1ecf6cb1

SHA1
43ca991199a46ca1860f8a295209dee6d32d040d

SHA256
d4d86e560a22d833fcdf0ba165d3bd3f6059e69830f4d2f9748af08905b2d4c8

SHA512
006b420d4513fd2be1e07f7512891275cb76243fd4d49855836da53ff779fa695b9bd5661fa16b1c8f83d8cec6342c9719def8d3242431b13e803bdbc2d81e4b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
2acf6db396a86e2bef9d6ddf6919581f

SHA1
c67615b97b74776fa64407e7644f92cd14336cbb

SHA256
655bade7ff61f01a803e7532082b14ae354442b0f65ef8164f824d0cfa033e6f

SHA512
9a804bad2a9f220281cd3c20dbc96c023819da96cd24341c597a9d076b5fd176ec9da8e6a227628156827294cfb460e78d41eb053e133b1038a305c996453a36

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
54d2f426bc91ecf321908d133b069b20

SHA1
78892ea2873091f016daa87d2c0070b6c917131f

SHA256
646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641

SHA512
6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll

Filesize
159KB

MD5
534291e0c9e545e5a8366ce722edf218

SHA1
a86677d8dfdc830a1584a42e4fa1a2b0f2b54829

SHA256
f4cb9778927c11672832dc1d0f17aa8cc43ac4366a4633cb41f49795369cf943

SHA512
b0c099018ab0c1451bce5dff03ffb764af8b00e746ed99ba6d5fe851295e671888def9389b5d8abd0c3d1d194c2eed785bb0558f7c1ec493cac9a90890d42ff6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

Filesize
266KB

MD5
ae3d5cbfd177ce9478f6b332711aa4f5

SHA1
dd01deaef2cf0777df364a848400791b3aad5eaf

SHA256
54eac482e71440e7665a255f8fb9a7dd87b102a21df69e140041c70c86094122

SHA512
77e4781bc77892646c74ebca547070235c131b59c8356d7afef2e83b05bd20ccba4c653e755e78c9d3c40b5100ba90374ee93568c74c579883afb3f51614b5f0

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

Filesize
266KB

MD5
ae3d5cbfd177ce9478f6b332711aa4f5

SHA1
dd01deaef2cf0777df364a848400791b3aad5eaf

SHA256
54eac482e71440e7665a255f8fb9a7dd87b102a21df69e140041c70c86094122

SHA512
77e4781bc77892646c74ebca547070235c131b59c8356d7afef2e83b05bd20ccba4c653e755e78c9d3c40b5100ba90374ee93568c74c579883afb3f51614b5f0

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll

Filesize
8.2MB

MD5
3b5c805a34d58ac6b6d68250c90d9379

SHA1
c928b3f8623e93f55347e656cfec092122c2abf5

SHA256
d84fcc3e4b2c305a3e64cbb2ee5144b130cd2f4c5344418cb8a2d15a6f0dfb6c

SHA512
ff86cf5054dce4e7c22e0c766939b99c031a38de00969becb3538e3c3c6d86b17331a3472860415fac80a1376c0b303bb9c5a1466ae15b073402002fd678db20

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\verify.dll

Filesize
50KB

MD5
33d1d00ce402b2476b07d052e9e3f3f2

SHA1
ee0e2463f6a6f3bf81b2672b477bb7d3075e55ac

SHA256
ffecbddc143e26eaa4fd1443c398d0d701386eaa9b44914382cb37a436a37c8b

SHA512
12ff925b740013504b587929b96b06afbb6b4b8e521c52d2a744faef265e298dc6286c654c974569ded3a80f75c86650141a8d3c1a0bbf6e0d22d788b12523b2

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\zip.dll

Filesize
81KB

MD5
e983a8420fa2050f58a3a552a234fcdf

SHA1
11a4b3c0da976408b5676c71751fae06bf309538

SHA256
0cdfc0521e1a1f6a428a818a0b208be2dbfa9001b3a83887876f27367fede8d2

SHA512
a5c4bc6a9acf74608feefad4d8a20fb4fa247a0eeb1318b3df35a45a13ffd9c542b4819844169703dc23b5058dcdcefa825e611ddbe8192fe64c09469583538b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg

Filesize
1KB

MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\charsets.jar

Filesize
2.9MB

MD5
1e83ac281184855b3d24aadda74c1b8f

SHA1
c4664d09655b6a8470f35c8533b823c904f0037d

SHA256
de1726c486d967d3c0cbc0c5f82aaeb1b733a662f64f79fda687b74ef1aa822a

SHA512
06c9f5d225a21155805ea09fc637076eb1661dd35838753d89d04e9f3a05133e8f47d05cf7a21d0b4308c08a803749e4a99634f0b23495e6e2de8184a50ac3d2

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\ext\jfxrt.jar

Filesize
8.6MB

MD5
b6ef6446adfd159292e8a842d9d85a4e

SHA1
ee79596d6b347bae878d252573fd73a3b4d89f0d

SHA256
3bf8c7dc84d914e5617110fd0a035dd000c244b9ea3f95219758fccaca409955

SHA512
cbd9a073c9987c4303bfbcb15e1e416e285826ea6dc68ea20b48ab1f9093c9a3b1087ea08b209baad9da776ae0e1d04bcb3219bc3419b83f857e7a9216d80a95

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\ext\meta-index

Filesize
1KB

MD5
071ae8c0fced64e14493dcc7e2c2aa13

SHA1
87809e4bbf0a671573f4887704452fe78fc7a51c

SHA256
10f12969e5200b2a91612d5d6c83391793c4b8bb8391697cf6d5e912e226970c

SHA512
29d28417b9a69878884c38d78b8dff0af8c1eb3f7948facf54f8f77ef6836e9e03c51214b65532527d10b8a5eab5b1a10bfc025b99a8455c9af9b6fd03739f4b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\jce.jar

Filesize
95KB

MD5
9023c2dbafa3e48dbf7d116fc22a94cf

SHA1
cf33e79b53494a23e843577406b38b9fd04267e2

SHA256
346b463104e01f763f07e7dcbc3d8533b482ac9d04b8240493bad73fd491a220

SHA512
5aef96b7821a9830c27be3644fac81b2fd5ab6a168a4edf2d95b384d15c7724229fa181ae7ff5fe0a06c6de9f9a1ff50da6fc31925a30a3a49b97a8614515971

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\jfr.jar

Filesize
869KB

MD5
af53ae36e004d62db185686aecef9d53

SHA1
f65856f3937c7332587eb818c7ef85c72d8c7675

SHA256
1ee8e1044f79a221bdb22930cefe76eae9e35d4823114ee7b2a11269a3fdc7a2

SHA512
09d57b4934089853ca6c970a0c6800a8db5a809a7c9d02c2dcce6c4bc1fdf48378329fb7d6b7b6167422c9685641e3145373b817711b64785ca2bd9dcf195fc8

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\jsse.jar

Filesize
1.8MB

MD5
986a9b387fddd0544c150004010b6038

SHA1
bd348ca5aecd0615088f8c5c1a652f723525a5b2

SHA256
e8295af39be030d1210a47b9bd1995c6cdd59045471b44af1d96c4ae9b44e383

SHA512
8a6386be12a9b455f21abbaf086db3444a913f8879e4646f5210d0b7fce0bad2c6aa64beadcbb10715b8dae6264c6655beb6134e9846a4ddcc5afc1ba3efe222

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\meta-index

Filesize
2KB

MD5
d8b5af464dff2656d7d9383201dea865

SHA1
c133fc85000b3a9494c3c203fcc2b3d4ee96a580

SHA256
3bde6c2508fa3e957441afd375cc2153385cb77aab753ce5f5670850a874a6f5

SHA512
60d1d8e2f1120f37c43990ee9cc2e63d71554e30ca7f87afa9f53de9199f24a20f123fa07f4c7dccb4b149c140c445e51d7b46578f200fbe1e6e37c4bb7d866b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\resources.jar

Filesize
3.4MB

MD5
eebd6e63b8488ca6d3d916c4116b20ba

SHA1
76d4c53fb1bcb8e4bb6165a9c65871ec35148741

SHA256
ac52f3b3a7508850a70934d13e440fff8ab084b254637d56c4e578513cd7e4fb

SHA512
d589d6534927678e7779a951fb458dba88300a84fbcda59d0188d20795f941eed63c16e0825c1babfce0af243ab04555c119de78b0e7201994fc61408f902420

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\rt.jar

Filesize
60.4MB

MD5
269e2c03916d8abd5345dd2ce7a8f522

SHA1
688c067eae27c3e2a9d5be7a95bc0365939681cc

SHA256
a6f890be56b0eef9261090495eb5330592efb4d43888065be2f731e3f6428013

SHA512
0b667a5672282597299c6ae328ed5a6faeda461a3db8c1252c0bc3c842497354324d18c27d6c0b2bacc473a1a69d60a1b0d5b3e641f7754b780375dd3607725e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

Filesize
622B

MD5
5aa573a5e3d4c8bb18ee8b4abad69b7a

SHA1
f1cb2c17cd03d5a810c2f9f76387ced631516f98

SHA256
2c7f85a3f9ba39edd5badd3e300c99abbb0ac0592d4b04c5312038032acbea60

SHA512
459b94d1f7c2d8385df837b5b196b2b209dbf25949b033b407e72cd3ea984b0918f11e6d4bb70b979165b4508ad8e5e3ae55dbef740f04ee0b00e5247c838e9a

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
2c146bc8d73b8944f35506241b9953a9

SHA1
ac64abd745418cea35c0506b9cb0331b171b51ea

SHA256
89384f8f64a9b7f67c8deccaa721e2d76b8a17026d8083630859ed0cd1a9b58b

SHA512
02713948a156baccb2e7c38646193e82fef65400c086644866b698bc3e0a8c155a8eab829463e3868ce2b8a06608c5ea6de1e390bff976c5f92e2e42dd6c04f1

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
2c146bc8d73b8944f35506241b9953a9

SHA1
ac64abd745418cea35c0506b9cb0331b171b51ea

SHA256
89384f8f64a9b7f67c8deccaa721e2d76b8a17026d8083630859ed0cd1a9b58b

SHA512
02713948a156baccb2e7c38646193e82fef65400c086644866b698bc3e0a8c155a8eab829463e3868ce2b8a06608c5ea6de1e390bff976c5f92e2e42dd6c04f1

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
20KB

MD5
7a55e51d07e1f15221eb11479adbc53f

SHA1
8d8e2beff4dfa78372201b26a67b9dc4b116290f

SHA256
f901b0bc8c00b3afc80e151e6f54b18f7672f932602c304fbfeedd5aa3ad63c8

SHA512
e89c0e45014abdaf7548de0352949c4ad496d97cad2f9e2f6c83a90f853b7b71354b9abbb957eff89076df79bdc9cc1c431b6f35875550bfb4198c3a68124197

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
20KB

MD5
7a55e51d07e1f15221eb11479adbc53f

SHA1
8d8e2beff4dfa78372201b26a67b9dc4b116290f

SHA256
f901b0bc8c00b3afc80e151e6f54b18f7672f932602c304fbfeedd5aa3ad63c8

SHA512
e89c0e45014abdaf7548de0352949c4ad496d97cad2f9e2f6c83a90f853b7b71354b9abbb957eff89076df79bdc9cc1c431b6f35875550bfb4198c3a68124197

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
20KB

MD5
f0c9c56f56ffa3adc548173569dbd793

SHA1
220a56b84cdb8cd403483d3f6b4bb526fe198fd9

SHA256
12d801992bbb09d43bb90330bb96e77bf12e669c325dda4b5235942221c301c8

SHA512
28e24a2ccedfaf01aef615c1df7f8c76ff0eb06d992eb1b422f902d6d96357ba6a353e31ca9b1fd305e7de7a437ee6a7f2f01bfdf27c4a88c805693ae2b6352c

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
20KB

MD5
f0c9c56f56ffa3adc548173569dbd793

SHA1
220a56b84cdb8cd403483d3f6b4bb526fe198fd9

SHA256
12d801992bbb09d43bb90330bb96e77bf12e669c325dda4b5235942221c301c8

SHA512
28e24a2ccedfaf01aef615c1df7f8c76ff0eb06d992eb1b422f902d6d96357ba6a353e31ca9b1fd305e7de7a437ee6a7f2f01bfdf27c4a88c805693ae2b6352c

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
20KB

MD5
02d669afdabfe420598041b848b71158

SHA1
25c0fdbc04ffcd570db041d02842d7530afeeb6e

SHA256
64a9ac181fd91b79270bf01759749394f57be171436ed46f43d165325bb82067

SHA512
5321290ec277fca8840e6c9cb7e77d39e820b1d98ef9c29040efaf2a7628c023209c936e08abfb6962a795130874544db25e1bac0d16256a1ebbca0fdcdaa81a

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
20KB

MD5
02d669afdabfe420598041b848b71158

SHA1
25c0fdbc04ffcd570db041d02842d7530afeeb6e

SHA256
64a9ac181fd91b79270bf01759749394f57be171436ed46f43d165325bb82067

SHA512
5321290ec277fca8840e6c9cb7e77d39e820b1d98ef9c29040efaf2a7628c023209c936e08abfb6962a795130874544db25e1bac0d16256a1ebbca0fdcdaa81a

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
20KB

MD5
944a33d971704ff815a6c90733d0a72e

SHA1
7d8b9f68a3983a1b86bf4bae085cd5ca6f464921

SHA256
44822ae123a3d6c3a8bdf9a4d65a4dc89eb31004c72fcfcefa1dc3a53ff3eab0

SHA512
4d93dece856a24e50f12a53155e07f1aab501b17e7bbfcce205e1b37d2799caf3681b1770c522ba986ac3badba59d5d95a7526fe19f86a7b0d3d933ea73754e2

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
20KB

MD5
944a33d971704ff815a6c90733d0a72e

SHA1
7d8b9f68a3983a1b86bf4bae085cd5ca6f464921

SHA256
44822ae123a3d6c3a8bdf9a4d65a4dc89eb31004c72fcfcefa1dc3a53ff3eab0

SHA512
4d93dece856a24e50f12a53155e07f1aab501b17e7bbfcce205e1b37d2799caf3681b1770c522ba986ac3badba59d5d95a7526fe19f86a7b0d3d933ea73754e2

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
fec01082bccddadad0814f30b43ab078

SHA1
a6f6d9b61bb743651d3f65824d06427ca492c120

SHA256
c15dacec228f40ce4c5b9d69bba5e6627bc484c6e9d6550a76db6f332e9f7734

SHA512
c6039c366cb47ca31c7501423384afc0678a07abeb0ca1d97ecb5aa3c3e3acf84c9551dea1e56d1dbd4472dab70eed1c79d1c0612ba2730327ce6d0dc151c441

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
fec01082bccddadad0814f30b43ab078

SHA1
a6f6d9b61bb743651d3f65824d06427ca492c120

SHA256
c15dacec228f40ce4c5b9d69bba5e6627bc484c6e9d6550a76db6f332e9f7734

SHA512
c6039c366cb47ca31c7501423384afc0678a07abeb0ca1d97ecb5aa3c3e3acf84c9551dea1e56d1dbd4472dab70eed1c79d1c0612ba2730327ce6d0dc151c441

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
20KB

MD5
b5060343583e6be3b3de33ccd40398e0

SHA1
5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb

SHA256
27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7

SHA512
86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
2e8995e2320e313545c3ddb5c71dc232

SHA1
45d079a704bec060a15f8eba3eab22ac5cf756c6

SHA256
c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c

SHA512
19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
20KB

MD5
31ffff2c6539b3d2f575500300b93d6b

SHA1
e28e8919150fca0cb385f55a4ec4d23058d92fbf

SHA256
6dcbdab7fa8cf66f4a05d1f5166bed33cd88bee1d37af6128f18184e6c301709

SHA512
716f42f0dc530774665982f189a1fbf0371aceb4087de67e5b677cb18a687900c73165a57ae8229b53744e2490d4f04a54686e09da3b5d8705e1df5b804fe27d

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
20KB

MD5
31ffff2c6539b3d2f575500300b93d6b

SHA1
e28e8919150fca0cb385f55a4ec4d23058d92fbf

SHA256
6dcbdab7fa8cf66f4a05d1f5166bed33cd88bee1d37af6128f18184e6c301709

SHA512
716f42f0dc530774665982f189a1fbf0371aceb4087de67e5b677cb18a687900c73165a57ae8229b53744e2490d4f04a54686e09da3b5d8705e1df5b804fe27d

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
20KB

MD5
c7120579bb8f56f8cd4e0d329ece3e9d

SHA1
0b35862dcc9654fc4ede338c26d0368c112d4ba9

SHA256
2e00c0176952d7c009b93c40949f91f0ab367a1b274ee78b736bf563f0344da3

SHA512
6172179c349f9952e6fb47a72a459ee29563a511d9da2a16a265625f1d8ca40ff9bd52f78a26d29b5297e7413bfa22a9797df2934a68ea551d0ab45914ee7822

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
20KB

MD5
c7120579bb8f56f8cd4e0d329ece3e9d

SHA1
0b35862dcc9654fc4ede338c26d0368c112d4ba9

SHA256
2e00c0176952d7c009b93c40949f91f0ab367a1b274ee78b736bf563f0344da3

SHA512
6172179c349f9952e6fb47a72a459ee29563a511d9da2a16a265625f1d8ca40ff9bd52f78a26d29b5297e7413bfa22a9797df2934a68ea551d0ab45914ee7822

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
20KB

MD5
1144ced0d8198c39f62fc71c1ecf6cb1

SHA1
43ca991199a46ca1860f8a295209dee6d32d040d

SHA256
d4d86e560a22d833fcdf0ba165d3bd3f6059e69830f4d2f9748af08905b2d4c8

SHA512
006b420d4513fd2be1e07f7512891275cb76243fd4d49855836da53ff779fa695b9bd5661fa16b1c8f83d8cec6342c9719def8d3242431b13e803bdbc2d81e4b

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
20KB

MD5
1144ced0d8198c39f62fc71c1ecf6cb1

SHA1
43ca991199a46ca1860f8a295209dee6d32d040d

SHA256
d4d86e560a22d833fcdf0ba165d3bd3f6059e69830f4d2f9748af08905b2d4c8

SHA512
006b420d4513fd2be1e07f7512891275cb76243fd4d49855836da53ff779fa695b9bd5661fa16b1c8f83d8cec6342c9719def8d3242431b13e803bdbc2d81e4b

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
2acf6db396a86e2bef9d6ddf6919581f

SHA1
c67615b97b74776fa64407e7644f92cd14336cbb

SHA256
655bade7ff61f01a803e7532082b14ae354442b0f65ef8164f824d0cfa033e6f

SHA512
9a804bad2a9f220281cd3c20dbc96c023819da96cd24341c597a9d076b5fd176ec9da8e6a227628156827294cfb460e78d41eb053e133b1038a305c996453a36

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
2acf6db396a86e2bef9d6ddf6919581f

SHA1
c67615b97b74776fa64407e7644f92cd14336cbb

SHA256
655bade7ff61f01a803e7532082b14ae354442b0f65ef8164f824d0cfa033e6f

SHA512
9a804bad2a9f220281cd3c20dbc96c023819da96cd24341c597a9d076b5fd176ec9da8e6a227628156827294cfb460e78d41eb053e133b1038a305c996453a36

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
54d2f426bc91ecf321908d133b069b20

SHA1
78892ea2873091f016daa87d2c0070b6c917131f

SHA256
646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641

SHA512
6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
54d2f426bc91ecf321908d133b069b20

SHA1
78892ea2873091f016daa87d2c0070b6c917131f

SHA256
646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641

SHA512
6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll

Filesize
159KB

MD5
534291e0c9e545e5a8366ce722edf218

SHA1
a86677d8dfdc830a1584a42e4fa1a2b0f2b54829

SHA256
f4cb9778927c11672832dc1d0f17aa8cc43ac4366a4633cb41f49795369cf943

SHA512
b0c099018ab0c1451bce5dff03ffb764af8b00e746ed99ba6d5fe851295e671888def9389b5d8abd0c3d1d194c2eed785bb0558f7c1ec493cac9a90890d42ff6

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll

Filesize
8.2MB

MD5
3b5c805a34d58ac6b6d68250c90d9379

SHA1
c928b3f8623e93f55347e656cfec092122c2abf5

SHA256
d84fcc3e4b2c305a3e64cbb2ee5144b130cd2f4c5344418cb8a2d15a6f0dfb6c

SHA512
ff86cf5054dce4e7c22e0c766939b99c031a38de00969becb3538e3c3c6d86b17331a3472860415fac80a1376c0b303bb9c5a1466ae15b073402002fd678db20

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\verify.dll

Filesize
50KB

MD5
33d1d00ce402b2476b07d052e9e3f3f2

SHA1
ee0e2463f6a6f3bf81b2672b477bb7d3075e55ac

SHA256
ffecbddc143e26eaa4fd1443c398d0d701386eaa9b44914382cb37a436a37c8b

SHA512
12ff925b740013504b587929b96b06afbb6b4b8e521c52d2a744faef265e298dc6286c654c974569ded3a80f75c86650141a8d3c1a0bbf6e0d22d788b12523b2

Download Submit
\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\zip.dll

Filesize
81KB

MD5
e983a8420fa2050f58a3a552a234fcdf

SHA1
11a4b3c0da976408b5676c71751fae06bf309538

SHA256
0cdfc0521e1a1f6a428a818a0b208be2dbfa9001b3a83887876f27367fede8d2

SHA512
a5c4bc6a9acf74608feefad4d8a20fb4fa247a0eeb1318b3df35a45a13ffd9c542b4819844169703dc23b5058dcdcefa825e611ddbe8192fe64c09469583538b

Download Submit
memory/1016-1113-0x000001F384250000-0x000001F384260000-memory.dmp

Filesize
64KB

Download
memory/1016-1006-0x000001F383F80000-0x000001F384F80000-memory.dmp

Filesize
16.0MB

Download
memory/1016-1111-0x000001F3841F0000-0x000001F384200000-memory.dmp

Filesize
64KB

Download
memory/1016-1114-0x000001F384260000-0x000001F384270000-memory.dmp

Filesize
64KB

Download
memory/1016-1112-0x000001F384210000-0x000001F384220000-memory.dmp

Filesize
64KB

Download
memory/1016-1109-0x000001F383F80000-0x000001F384F80000-memory.dmp

Filesize
16.0MB

Download
memory/1016-935-0x000001F383F80000-0x000001F384F80000-memory.dmp

Filesize
16.0MB

Download
memory/1016-946-0x000001F3826C0000-0x000001F3826C1000-memory.dmp

Filesize
4KB

Download
memory/1016-1084-0x000001F383F80000-0x000001F384F80000-memory.dmp

Filesize
16.0MB

Download
memory/1016-987-0x000001F3826C0000-0x000001F3826C1000-memory.dmp

Filesize
4KB

Download
memory/1016-990-0x000001F3826C0000-0x000001F3826C1000-memory.dmp

Filesize
4KB

Download
memory/1016-992-0x000001F3826C0000-0x000001F3826C1000-memory.dmp

Filesize
4KB

Download
memory/1016-1078-0x000001F383F80000-0x000001F384F80000-memory.dmp

Filesize
16.0MB

Download
memory/1416-911-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1612-1016-0x0000018AE8ED0000-0x0000018AE8ED1000-memory.dmp

Filesize
4KB

Download
memory/1612-1117-0x0000018AE8ED0000-0x0000018AE8ED1000-memory.dmp

Filesize
4KB

Download
memory/1612-1022-0x0000018AE8ED0000-0x0000018AE8ED1000-memory.dmp

Filesize
4KB

Download
memory/1612-1038-0x0000018AE8ED0000-0x0000018AE8ED1000-memory.dmp

Filesize
4KB

Download
memory/1612-1148-0x0000018AEA6A0000-0x0000018AEB6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1612-1147-0x0000018AEA6A0000-0x0000018AEB6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1612-1149-0x0000018AEA6A0000-0x0000018AEB6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1612-1079-0x0000018AE8ED0000-0x0000018AE8ED1000-memory.dmp

Filesize
4KB

Download
memory/1612-1107-0x0000018AE8ED0000-0x0000018AE8ED1000-memory.dmp

Filesize
4KB

Download
memory/1612-1086-0x0000018AE8ED0000-0x0000018AE8ED1000-memory.dmp

Filesize
4KB

Download
memory/1612-1146-0x0000018AEA6A0000-0x0000018AEB6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1612-1140-0x0000018AEA6A0000-0x0000018AEB6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1612-1129-0x0000018AEA6A0000-0x0000018AEB6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1612-1122-0x0000018AEA6A0000-0x0000018AEB6A0000-memory.dmp

Filesize
16.0MB

Download
memory/2544-1076-0x000002D4670F0000-0x000002D4670F2000-memory.dmp

Filesize
8KB

Download
memory/2544-1040-0x000002D468600000-0x000002D468610000-memory.dmp

Filesize
64KB

Download
memory/2544-1017-0x000002D467E20000-0x000002D467E30000-memory.dmp

Filesize
64KB

Download
memory/3440-993-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/4896-122-0x0000000000DF0000-0x0000000000DF1000-memory.dmp

Filesize
4KB

Download
memory/4896-916-0x0000000000400000-0x0000000000C78000-memory.dmp

Filesize
8.5MB

Download
memory/4896-419-0x0000000000400000-0x0000000000C78000-memory.dmp

Filesize
8.5MB

Download
memory/4896-133-0x0000000000400000-0x0000000000C78000-memory.dmp

Filesize
8.5MB

Download
memory/4896-126-0x0000000000400000-0x0000000000C78000-memory.dmp

Filesize
8.5MB

Download
memory/4896-125-0x0000000000400000-0x0000000000C78000-memory.dmp

Filesize
8.5MB

Download
memory/4896-124-0x0000000000DF0000-0x0000000000DF1000-memory.dmp

Filesize
4KB

Download
memory/4896-123-0x0000000000400000-0x0000000000C78000-memory.dmp

Filesize
8.5MB

Download