bdcd9f5eec736e493ead3ad3a6ea517e4ec3a6525819f6e3761af02828089d5f

Analysis

max time kernel
146s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
01-05-2024 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KLSetup.exe
Size

8.2MB
MD5

7a6436629a7b09b2213589bc671d3432
SHA1

c27069f89a57acea72a1346949406eb7f94cfa52
SHA256

bdcd9f5eec736e493ead3ad3a6ea517e4ec3a6525819f6e3761af02828089d5f
SHA512

71d60f2d4dcf1d92cf5be5eefdab7584ea4bdd9c4bea545bf47749a5b6ad7a4145e3306587447e2a243cfac24f3242a09a20309155a99a7440ec130154457f12
SSDEEP

98304:pEo5z/yF0ULxVuZ6xfqGeUVSO6HVyW2iI30Ge2JW9GU5M0xZE:pt5zqF0KqlXV/luWUU666

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3256	KLauncher.exe
5040	javaw.exe
3240	javaw.exe
3232	java.exe

Loads dropped DLL 64 IoCs

pid	Process
5040	javaw.exe
5040	javaw.exe
5040	javaw.exe
5040	javaw.exe
5040	javaw.exe
5040	javaw.exe
5040	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe
3240	javaw.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2868	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1230210488-3096403634-4129516247-1000\{6B2A2533-8BFD-4136-8806-75DFFAD9ED3A}	svchost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
3732	msedge.exe
3732	msedge.exe
5440	msedge.exe
5440	msedge.exe
5760	msedge.exe
5760	msedge.exe
5132	msedge.exe
5132	msedge.exe
4996	identity_helper.exe
4996	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3240	javaw.exe
3240	javaw.exe
408	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 3256	4844	KLSetup.exe	83
PID 4844 wrote to memory of 3256	4844	KLSetup.exe	83
PID 4844 wrote to memory of 3256	4844	KLSetup.exe	83
PID 3256 wrote to memory of 5040	3256	KLauncher.exe	84
PID 3256 wrote to memory of 5040	3256	KLauncher.exe	84
PID 5040 wrote to memory of 2868	5040	javaw.exe	85
PID 5040 wrote to memory of 2868	5040	javaw.exe	85
PID 3256 wrote to memory of 3240	3256	KLauncher.exe	87
PID 3256 wrote to memory of 3240	3256	KLauncher.exe	87
PID 3240 wrote to memory of 3232	3240	javaw.exe	88
PID 3240 wrote to memory of 3232	3240	javaw.exe	88
PID 3240 wrote to memory of 3732	3240	javaw.exe	92
PID 3240 wrote to memory of 3732	3240	javaw.exe	92
PID 3732 wrote to memory of 2052	3732	msedge.exe	93
PID 3732 wrote to memory of 2052	3732	msedge.exe	93
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 1840	3732	msedge.exe	94
PID 3732 wrote to memory of 4896	3732	msedge.exe	95
PID 3732 wrote to memory of 4896	3732	msedge.exe	95
PID 3732 wrote to memory of 4116	3732	msedge.exe	96
PID 3732 wrote to memory of 4116	3732	msedge.exe	96
PID 3732 wrote to memory of 4116	3732	msedge.exe	96
PID 3732 wrote to memory of 4116	3732	msedge.exe	96
PID 3732 wrote to memory of 4116	3732	msedge.exe	96
PID 3732 wrote to memory of 4116	3732	msedge.exe	96
PID 3732 wrote to memory of 4116	3732	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\KLSetup.exe
"C:\Users\Admin\AppData\Local\Temp\KLSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe
  "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3256
- - C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:5040
  - - C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      4⤵
      Modifies file permissions
      PID:2868
- - C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe" -XX:+UseG1GC -Dfile.encoding=UTF-8 -jar "C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3240
  - - C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe
      java.exe -version
      4⤵
      Executes dropped EXE
      PID:3232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://klauncher.gg/register
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe500e3cb8,0x7ffe500e3cc8,0x7ffe500e3cd8
        5⤵
        
        PID:2052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
        5⤵
        
        PID:1840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
        5⤵
        
        PID:4116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
        5⤵
        
        PID:4732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
        5⤵
        
        PID:3128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
        5⤵
        
        PID:1440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
        5⤵
        
        PID:3224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
        5⤵
        
        PID:240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7048481853646998005,13571727580025940969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
        5⤵
        
        PID:5056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://klauncher.gg/register
      4⤵
      PID:3132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe500e3cb8,0x7ffe500e3cc8,0x7ffe500e3cd8
        5⤵
        
        PID:1408

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://klaun.ch/minecraftmain
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffe500e3cb8,0x7ffe500e3cc8,0x7ffe500e3cd8
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,7803183398948744070,10796572505623315899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\732af9938ce57146.timestamp

Filesize
76B

MD5
3666ac90cbec7f7b28d14e6362834806

SHA1
a790768d453c7d2cad80cb1edf4b2096bed111c6

SHA256
ff22edba3522135df7e3ee5748ba384e71d7c8e99c8cb45a7594671409239fc0

SHA512
40ae8a6df126ad6309100e72c1aba6a71c4a24d41862fb3de030e977e364109422635ce7f1cbd9879c6c7f11bea6756ac7a0f9428ce96b1307011bed6158f43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9c8de40f2a0eb5a4f2d84cd8f088c9b9

SHA1
b9df27d0b14641ed5b1cc21860366c734de69720

SHA256
6d23478239a6a7e5dc5b1275d71a0dc69b50715433474797c2da1d0ddcc5d929

SHA512
a91da46a2ee5807ce6f78c4b34d762647b97bccec9e084a9aa03a97ff43b019bf6c2f8eed0021eb303f8b0f363c53a6e9e3354fdb35479a60f236234eb723a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
041e874a26bc72b1c0dcc8f884b69fea

SHA1
d254bd60d2b8d11ed7f789abf0afa6f57fd3a588

SHA256
5ea49e0d195c5b651041e3c5c2ca4cb09bbe09ef5188d85da235dfcf8c2d7b7e

SHA512
df5feeb2ebbd36415db268855260d7d42f20164831ff958e1389e5c9df7e5bd2506c30b2bf2a138050222cf719209068ed285372700f642b17a7d1db3d4dfe53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
250ca23890011e54859affa2bf3cb9bf

SHA1
f9495b2ce3dc044e39c031fa174ecd03df8a9a14

SHA256
24f95fbc1da5509a26c7227cf6300edd690840a9ff5229c065e551d9eab5dcac

SHA512
52a6ace480cbe270875c92b2c760e034c3db32a870cbff5a689417969ee0cfaaedd80881cde3e11dd366202c85bf96ceef03532c17b417f7c0209af36f9a856d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
b49849ff15012645a99b1e1944dc3b53

SHA1
95f8b2ee99e786e17888d251eb1ed2181c65b9c0

SHA256
0bf294ed6c75cae98f3881d7d5d78f7cb0611482ecc7517517744e33c1288eec

SHA512
0f27933f54480620792fe1ff6aa688941a1d6d0fe51fd95bcd0aedfa282ba6fb46afab476a09520bec6d707cc22653420d4d0722814a30420eca31531539dcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
193B

MD5
99ae22c3441935823773507e91d038ce

SHA1
29dc5ca8ed6b844aae14c360526cb4c3677838c1

SHA256
a862ee17d7503f740784dc7a4dd81c458bc4ca5e18af54b104d51bbb1b518bf3

SHA512
f715252d5a32c50a11147d416b430028a02b9fd748d14d20754b5d1412f2a97daf770321af3d9a06255698d88d9265782bd6d1017ee82407eaf3ff3a13206691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6c4d2812d008fa67cd7f95209ae28f3a

SHA1
f7e42e2b7521ab408f554c8ad8f163fded208344

SHA256
2e03a7b0ab9a8699654eb86e4a15cee2bc1b72c49fb632ab6b37b18acd0ae96a

SHA512
431ffc5605802bf30adc2190b3bd8cf4ff7c2ae045dc639f64b3b392b21b63e8167ac049f8abb2ca0c22aeabc4c86fe0af062b60f6fe514016880f5de7507a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c3ea11e4604a028033d2a2a70cb0895

SHA1
48b3900e4a8393d2819d57ceff24b5e24fae639a

SHA256
ce8c4014fb741560a6084ed430f5a9a3fad57c17873a43992c47ce8dd656a89a

SHA512
707ca71299f86fe739e573a71493de821bac405af38cbe7deb08bd9975aef07deb43aea8d725eed3abfe0f60e3d89e3aae49e06c586be848856735986454f57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
206249acd714a26357385f0ae975238a

SHA1
39bad357aab2e76cfe694e9c94cdc0cfe38e9dfc

SHA256
cb22e76a8d2f1466cf9d3347bee53b636086db39b4d8e15a3dc735c610d90797

SHA512
0cef1f90c0d515dca174baf5f6e9910049e0207308475e7be101d4d1d21b1534f5fab939c939011dea2b75a604f7d76aaef415c8ff9c00f49ba9abcc513bda07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e54fc321592f66b68aaf02603c836f26

SHA1
a2be86c18e5c91209f80e17de04be412b4532e8f

SHA256
c85c54249c6e0ab037fb8f1847a9ca71cc1c0e6b04b3704dfd6bd5e23d726a16

SHA512
c6998deda23acb1806bb90968754a7aad3678ec4a65cb8d5ad41029e86f4a296ef6aa4035076e7fc01a6fd696a8122dbdccf104c007154c0362d5f7efb2e57e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c113012753e6e228814e031de96de7f

SHA1
d072d8832e8ef5d49c26fd63e546f49096aa1f52

SHA256
8a7ce16a343c1ac94159b1b556b7e7c5a09f9e6484d4214a888bf2a30f718d09

SHA512
73c848f5d8d3bb0365e63226339b11d1fde74364401348eece42c13a1760711cb35cf3c9b2c93f48cb9a0868748c2a2478e4e545f99b51bbb4ec0563b0690140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
afbf84fee725243b8ba4c3ddda13babe

SHA1
6c0dfbd5949e99cdf80aa7a6c99b5086485ae641

SHA256
1ac557d62f19fbf8aaf875e698fd0cc1bd8f948cfcdf3eb52c8c832e0425660a

SHA512
726a3c650e6d998d41b96daac396d4cd48080bdb79d9ef108eb23bedfbaf352214a30ea1cc5602cc01861f1a2b5f2c764340e82f63faaac3388438261f264547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92d93097fa9fc9788826252b353135c2

SHA1
e2c9f065324aeb23aec56231cb2c3916aac59ea6

SHA256
860cd13f50ab14feab8fb596d94e0eb2c970c8a6455aa3765036695533fdf4eb

SHA512
3c79ba35afe987ff60e6ffbae707bbcee59c1908fe214e92ceaa085be740bd8aa60c0973df82f0206e56e51e5edd96a488bce9cee40ad7f930e78a92d9d64832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc1d53943902a690a7330b2373fe6500

SHA1
a70df63f450afced85cd4e6f1082af4108c034b8

SHA256
190f9b12e2f315ed3b31fcbe2c1fc520283745fba7d67fb3b390d0cc13b22ec9

SHA512
eb538604e190e10a02bdb1a742ece26358798b97cff157ee74738a17d40a3ada6c7669c59aa5be57062e8425a11375909336a356a87e2b92bda57441216be284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cce2d69d2afdae13c7225e73dd30245d

SHA1
99a7a1aed0c0ee5dda0b62bf58c224189f7aa7cc

SHA256
66a269397e9461668ea96acf4e55a405cf28edcc4c12b624f0f349f51541c048

SHA512
61edefc77feceb9a82ff689ec43433daf7919b985045d2baa251d893c29ab2840eb783aaf5a591dc38d9ae1fa9bec98bdac0c602529a9b40890da9a78654292d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF3018944829020258040.tmp

Filesize
138KB

MD5
a3de2170e4e9df77161ea5d3f31b2668

SHA1
6484f1af6b485d5096b71b344e67f4164c33dd1f

SHA256
7b5a4320fba0d4c8f79327645b4b9cc875a2ec617a557e849b813918eb733499

SHA512
94a693ab2ce3c59f7a1d35b4bcc0fd08322dad24ce84203060ceceaf3dac44c4c28413c28dcdab35d289f30f8e28223a43c11cb7d5e9a56d851eb697ff9b9b6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF3027181403975501472.tmp

Filesize
66KB

MD5
99c471b10eb25b8f0f1fe76a04926b0f

SHA1
807f89e70ccf186bde048c8a51a5c2d668190797

SHA256
9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c

SHA512
cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5786600925648452517.tmp

Filesize
66KB

MD5
794162f5ab873e624c2e8adaef34aa73

SHA1
5e631244b866752f9232e170ed81ab94d252ac42

SHA256
b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c

SHA512
d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF8299809076064952388.tmp

Filesize
67KB

MD5
945426f5363c482553695c661ebc75a0

SHA1
feb3a62b783c6cba5175e957c6a4d1564e6de534

SHA256
b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622

SHA512
12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna4863140705191733158.dll

Filesize
248KB

MD5
a57eb3837a7aa2b6f87cf3373c072712

SHA1
943cf0cf176a96c11b773d78a6e761be15ac08b0

SHA256
2475272f129a0b36bd9bf5ed732aef70d9d9ca726ae2518588cebe298561dce8

SHA512
57465c188bac732ab27c283e7469af82ca5393a5c0e144e1e4bf8823ccfa812d3528b31e3362b670ab97f31421ea7addfbc6589d4a997e0855d61a98ed385834

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.exe

Filesize
18.4MB

MD5
82345958a39e7b1ad0b14ff2adeecaf9

SHA1
56e29f91f3ca1d5a3712e339ea5ac70f2904fbf7

SHA256
5fdc5fd46f4fbd5f1377c9cde1370b34bef76aec16f7ac3bcb89a1ee59329f99

SHA512
1182da48e1be07c2b21036336446e4af55dfc4f4fd1602701cf2a2c56ead437d9be5d994948f7b863215cffe1b627ff4331e4635db12f9eaf9d6ea7b6bf98ea2

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
07ebe4d5cef3301ccf07430f4c3e32d8

SHA1
3b878b2b2720915773f16dba6d493dab0680ac5f

SHA256
8f8b79150e850acc92fd6aab614f6e3759bea875134a62087d5dd65581e3001f

SHA512
6c7e4df62ebae9934b698f231cf51f54743cf3303cd758573d00f872b8ecc2af1f556b094503aae91100189c0d0a93eaf1b7cafec677f384a1d7b4fda2eee598

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
11KB

MD5
57193bfbccefe3d5df8c1a0d27c4e8d4

SHA1
747f1d3841a9175826439d37e2387a4cf920641c

SHA256
f5025e74de2c1c6ea74e475b57771ac32205e6f1fa6a0390298bbe1f4049ac5d

SHA512
68ad2750e0282fb3ae8d40ac7e22dda43b2073342bb160c20d81d61c69b08a6e766756b432c71cc65e99cdafb70152d53563f0b02708fff84dc3e9f376d51c99

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
557405c47613de66b111d0e2b01f2fdb

SHA1
de116ed5de1ffaa900732709e5e4eef921ead63c

SHA256
913eaaa7997a6aee53574cffb83f9c9c1700b1d8b46744a5e12d76a1e53376fd

SHA512
c2b326f555b2b7acb7849402ac85922880105857c616ef98f7fb4bbbdc2cd7f2af010f4a747875646fcc272ab8aa4ce290b6e09a9896ce1587e638502bd4befb

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
624401f31a706b1ae2245eb19264dc7f

SHA1
8d9def3750c18ddfc044d5568e3406d5d0fb9285

SHA256
58a8d69df60ecbee776cd9a74b2a32b14bf2b0bd92d527ec5f19502a0d3eb8e9

SHA512
3353734b556d6eebc57734827450ce3b34d010e0c033e95a6e60800c0fda79a1958ebf9053f12054026525d95d24eec541633186f00f162475cec19f07a0d817

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
2db5666d3600a4abce86be0099c6b881

SHA1
63d5dda4cec0076884bc678c691bdd2a4fa1d906

SHA256
46079c0a1b660fc187aafd760707f369d0b60d424d878c57685545a3fce95819

SHA512
7c6e1e022db4217a85a4012c8e4daee0a0f987e4fba8a4c952424ef28e250bac38b088c242d72b4641157b7cc882161aefa177765a2e23afcdc627188a084345

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
0f7d418c05128246afa335a1fb400cb9

SHA1
f6313e371ed5a1dffe35815cc5d25981184d0368

SHA256
5c9bc70586ad538b0df1fcf5d6f1f3527450ae16935aa34bd7eb494b4f1b2db9

SHA512
7555d9d3311c8622df6782748c2186a3738c4807fc58df2f75e539729fc4069db23739f391950303f12e0d25df9f065b4c52e13b2ebb6d417ca4c12cfdeca631

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5a72a803df2b425d5aaff21f0f064011

SHA1
4b31963d981c07a7ab2a0d1a706067c539c55ec5

SHA256
629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086

SHA512
bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
721b60b85094851c06d572f0bd5d88cd

SHA1
4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7

SHA256
dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf

SHA512
430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
11KB

MD5
d1df480505f2d23c0b5c53df2e0e2a1a

SHA1
207db9568afd273e864b05c87282987e7e81d0ba

SHA256
0b3dfb8554ead94d5da7859a12db353942406f9d1dfe3fac3d48663c233ea99d

SHA512
f14239420f5dd84a15ff5fca2fad81d0aa9280c566fa581122a018e10ebdf308ac0bf1d3fcfc08634c1058c395c767130c5abca55540295c68df24ffd931ca0a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
11KB

MD5
73433ebfc9a47ed16ea544ddd308eaf8

SHA1
ac1da1378dd79762c6619c9a63fd1ebe4d360c6f

SHA256
c43075b1d2386a8a262de628c93a65350e52eae82582b27f879708364b978e29

SHA512
1c28cc0d3d02d4c308a86e9d0bc2da88333dfa8c92305ec706f3e389f7bb6d15053040afd1c4f0aa3383f3549495343a537d09fe882db6ed12b7507115e5a263

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.dll

Filesize
162KB

MD5
583e8b42864ec183c945164f373cb375

SHA1
5ec118befbb5d17593a05db2899ee52f7267da37

SHA256
9bc9178d3f4246433fe209a0f5ca70e77568e80c928268c78f8c8b00107ce6ed

SHA512
1feaac37bac19bde93171ebda2e76a65e9d5472a503b05939f6977b3a4d94d131298f3989dd048d7617ecd69cf09db7ac986fc39f0df9f56c84ea01726d0c898

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\java.exe

Filesize
285KB

MD5
1562e15220d8771fcb11b9a5b234a970

SHA1
50ec8e4e7125bda147a1b2ccc2b2827db2dc3479

SHA256
366199821c1efede3f7112d21da045fd6bf38b56fb3da1ae9d6493c4ddc1861f

SHA512
a07873f0a5381d202a6439a3245dd51f405cdcec4a9d40ff6ffdd4670a3b218008f7288a89e2a7455782c677d4c661bda96e62f813ce7d8c1f20a6c4c7c2b31f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\javaw.exe

Filesize
285KB

MD5
122e34bfa3146ef9ae5a51fdc744353f

SHA1
f0cc2294fe150a4cceca8a3da8615edcc4eb20e4

SHA256
dd2169db3358ccdf4a4a185e4a22955c989eaa3b9d3e0e6025599b8fa173c968

SHA512
306341e00598f02a70d3edc6ef666cb64982f1e31e5c0a1304977a1700c95395c1c7f0857ae8056853370eced0bd2aeafc72da804a65f98c1422929b7c431700

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\plugin2\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\server\jvm.dll

Filesize
8.5MB

MD5
36e3e370db5f0b66689811b41f1a8445

SHA1
7fcbe290c3a6a0827b77af78115a1b4bc834d685

SHA256
9f28a06990d2ed1d14130072109e37e733b3a7d4922e325e679dd4d917741550

SHA512
f93bc4ca946e383ee1edfef3c7b5574585d23d660a4cc3db5b6b203f6111a3fe1f245d583ca53852888ac67812fb6efd0d121d0643180875baeb0d7b811d4db9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\verify.dll

Filesize
55KB

MD5
0fcda2fc9a161614e68d74f4d9eecc2d

SHA1
d3734149ff561209aa9e851ea958012e20ce41da

SHA256
b1cf5a699d1a48691c2fe8dfad1c8c8aa1c4013c52b4107bad905faf037ddffa

SHA512
5402af47558721f084f5f05264e160bd43ebe265c2d2e3b415c2a0ea7bf9adf7aebb76e2c12dcf93ae5bf10d00f4c80aa3a97f35c02eb3279df9c675f3a037bc

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\bin\zip.dll

Filesize
87KB

MD5
2ca64779a19ba733a408edd9511b7c37

SHA1
99ad8571bc8cd48efba19a48066c0f0dd321ecc1

SHA256
c3c3365932d865e111972184ae12dc3853dc7e5d6df2f474dbeee5faead92cd3

SHA512
0822bb0e4d18115d325f3981ad15cb036d5a9f845d2c68975c5e9164b5fbdab0fdd4e882d3b8001f58271b7b38cba9bdc1299ccfab00ce0321f396aa8bf248a5

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\amd64\jvm.cfg

Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\charsets.jar

Filesize
2.9MB

MD5
a5b8d1a15884d8450ec905fc08d6e1d2

SHA1
472cdfe3f3bf1e719e3bc73f008f26960d2a74fc

SHA256
94e16e5ba8033fc3cd2a2e731b6326958dfe7c9b70fd4826eb2c0709a656d83d

SHA512
3eee8ff3e969161d551903a1687db379f516ddfe4bec35c508964012a58895a45a36d4efcd06a60448f3ec764c4f3dd7e317445c32e23b8c888b68361747e330

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\deploy\messages_zh_TW.properties

Filesize
3KB

MD5
880baacb176553deab39edbe4b74380d

SHA1
37a57aad121c14c25e149206179728fa62203bf0

SHA256
ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620

SHA512
3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\ext\jfxrt.jar

Filesize
17.4MB

MD5
a9e2afe2fc2021722cc9e765d8a2be27

SHA1
4164322b24de4d7be44c4b44356ef14d4b3301b7

SHA256
af1d155cba160133100b9d8da4f524f32ce6ef18a9329a668d37248ce62ed46c

SHA512
6ed54c05d1163c7646431c4d7946fb21a927c66f18c79e53096b0f739061ef17038c27a987f154ed45c18daea21c0d2029412911a1ae3f9cb7515cf757fb6b63

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\ext\meta-index

Filesize
1KB

MD5
af03d781ec85caa0f45e6e29830ce112

SHA1
ef3dd2f731903182e47cb83cdf275f5f0e58b3db

SHA256
8c55ed28260fcd7fd4e5d68e871a735148c01a711545602c2c26aa9d6653c05c

SHA512
df080f8c206ba125f5ce4129640fc05e9fc5b00fd87fe08866bbc7b67f5caa3ec2792dd874d49253a70ea0a9c3856c2e8ba4c39728656854a290cfdf6ba683a3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\jce.jar

Filesize
120KB

MD5
99247d1d5370a784e438416e599abe36

SHA1
2f958cccadeb2d991e41edccece08bc1a64368cf

SHA256
f5700ffd6842bff801307c09e02ce3ca9792eb2cd4d34e79563bf77ff44ae531

SHA512
e3380e411f1b7219df659cbb4691cf3cd23c66f4af428f3b71539e579b6c2ce8209fad949f3909337a89282fd5c1d1eacf2a1acc34ff129c69c7b0bdb1b65a35

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\jfr.jar

Filesize
566KB

MD5
9868c5f7a74f603107ecdb43a367d91b

SHA1
6b5499786196c71c7c2ff63d1f15d70b4c0164a8

SHA256
8660a4dd44225c06a79afb5e8015a74cd610c50c777b4b2737008d179b69dd83

SHA512
1740c646cc0b83398ff0aa6c7b297cd4882840c9cae28fbac4914617764cc21c2026539b7eaf9209fff8d3b1df89a09299021f43910c07e434060434461daa8e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\jsse.jar

Filesize
1.7MB

MD5
6b4188fce8bf2334732741b2f3c3c864

SHA1
95dfc9d9709f9b6e7fce99bc02a3bc7d1fde75d8

SHA256
46599d42d2c0b9bc6484a5b2d5a53bb5d9b238bef9c87f006acd61cc52bdb0ff

SHA512
59cbc0820e01fcf7a62675aa9bece9afd2ca20c3cca4b7033394c398e669b0b7f7ec5ac97486fecfb6fa48187b7faa0fb1fb5987e93c6a0a5e85e99b9ddda590

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\meta-index

Filesize
2KB

MD5
689c0cbde7697f43642bf1134f4b70af

SHA1
307db1c4a9570f01479dea98f6b5bd33a1deb759

SHA256
6bd7ea02b9456a3730755e76d4ee1ccc04c524e93366cd74d7f42ac628d4ec77

SHA512
13afe0797d9c2c7ab8721fbedab42225b41f45059a9167c046a11e1bf6e03ad82accaed42884dff335b66ec41d3608d0d0bd06582af51634a81550c81baff2fb

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\resources.jar

Filesize
3.4MB

MD5
181737fb6fbc7447670c89c22262199c

SHA1
11150f5ba9782d8550fd1a3d6eee889a0ca66da0

SHA256
9dafdd0afd9f6aab6eec3f130d0c85bf5507b8535b063e17c8fa4924773470b0

SHA512
8daad658207f9e8fd937254c453fb4be8b488cc061ce9e41df83fbd228193da9007feed3bb3ff12188c41a6b733d2851933d276d68d03f8edec3c3de602ca60a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\rt.jar

Filesize
53.3MB

MD5
644137cf0708bdcfadd32296f28c2c70

SHA1
f42ada87824f49449a94c5e3ff1e0cbcb3d445af

SHA256
bf417af0d7b3c7894d3515371fbbb7ea581e084bc2e4acb99709aff564f2a5c6

SHA512
b438cc97a3e18635a33681c5ca8aa680fd89b40557ae5f20b3715a43dad7d96d5be57e87e01acec2f849e51fbf4cdf6e88354cdae84e3f3b9b8e1e051c3acb0c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

Filesize
7KB

MD5
12f971b6e65cbc7184701235469f0339

SHA1
06cb165157c5e0078b872c48707a1328b1dcba19

SHA256
84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8

SHA512
58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json

Filesize
863B

MD5
948d3cca384481a58ac63f74409bc7b9

SHA1
af37e36c2884cd135967aa4e212a92e0fb6e4ad3

SHA256
e64493d6a85923d1bff4acf28904e4edc5ac133a9a3dcbf41cd06416b2addee4

SHA512
4ec2f1ba9fbc25ebad356ff147b8fc65145b140f697d4e282b2965780087fc8d1ec55a7e4046407bef667fbe9b2bc020c83fd9ff92177a6ea0b3869c3dda717d

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3232-1419-0x000001FA8FCC0000-0x000001FA8FCC1000-memory.dmp

Filesize
4KB

Download
memory/3240-1264-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1367-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1430-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1401-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1267-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1394-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1392-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1387-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1384-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1382-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1375-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1374-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1371-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1418-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1339-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3240-1299-0x000002AD6B440000-0x000002AD6B441000-memory.dmp

Filesize
4KB

Download
memory/3256-1218-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4844-0-0x0000000001700000-0x0000000001701000-memory.dmp

Filesize
4KB

Download
memory/4844-1206-0x0000000000590000-0x0000000000DD5000-memory.dmp

Filesize
8.3MB

Download
memory/4844-27-0x0000000000590000-0x0000000000DD5000-memory.dmp

Filesize
8.3MB

Download
memory/4844-5-0x0000000000590000-0x0000000000DD5000-memory.dmp

Filesize
8.3MB

Download
memory/4844-4-0x0000000000590000-0x0000000000DD5000-memory.dmp

Filesize
8.3MB

Download
memory/4844-3-0x0000000001700000-0x0000000001701000-memory.dmp

Filesize
4KB

Download
memory/4844-2-0x0000000000590000-0x0000000000DD5000-memory.dmp

Filesize
8.3MB

Download
memory/4844-1-0x0000000000590000-0x0000000000DD5000-memory.dmp

Filesize
8.3MB

Download
memory/5040-2338-0x0000015410820000-0x0000015411820000-memory.dmp

Filesize
16.0MB

Download
memory/5040-1207-0x0000015410820000-0x0000015411820000-memory.dmp

Filesize
16.0MB

Download
memory/5040-1210-0x0000015410800000-0x0000015410801000-memory.dmp

Filesize
4KB

Download