adwind | hxxps://mega[.]nz/file/lXMRiI5Q#5-BD17JqOSul6jK8kOjWsrdqBs40zwcNjj2O-J3axTU

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/lXMRiI5Q#5-BD17JqOSul6jK8kOjWsrdqBs40zwcNjj2O-J3axTU

Score

10^/10

adwind discovery trojan

Malware Config

Signatures

AdWind
A Java-based RAT family operated as malware-as-a-service.
trojan adwind

Class file contains resources related to AdWind 1 IoCs

resource	yara_rule
sample	family_adwind4

Executes dropped EXE 1 IoCs

pid	Process
5524	java.exe

Loads dropped DLL 64 IoCs

pid	Process
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe
5524	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5704	icacls.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
70	checkip.amazonaws.com
71	checkip.amazonaws.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 49 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	java.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000009c6e09240a1da018fda13b445a1da01711c0e329ca5da0114000000	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "3"	java.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
2512	msedge.exe
2512	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
2068	msedge.exe
2068	msedge.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: 33	5056	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5056	AUDIODG.EXE
Token: SeRestorePrivilege	1804	7zG.exe
Token: 35	1804	7zG.exe
Token: SeSecurityPrivilege	1804	7zG.exe
Token: SeSecurityPrivilege	1804	7zG.exe
Token: SeDebugPrivilege	5588	taskmgr.exe
Token: SeSystemProfilePrivilege	5588	taskmgr.exe
Token: SeCreateGlobalPrivilege	5588	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
1804	7zG.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe
5588	taskmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
1520	OpenWith.exe
5524	java.exe
5524	java.exe
5272	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 4132	2512	msedge.exe	82
PID 2512 wrote to memory of 4132	2512	msedge.exe	82
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 3952	2512	msedge.exe	84
PID 2512 wrote to memory of 1052	2512	msedge.exe	85
PID 2512 wrote to memory of 1052	2512	msedge.exe	85
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86
PID 2512 wrote to memory of 2864	2512	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/lXMRiI5Q#5-BD17JqOSul6jK8kOjWsrdqBs40zwcNjj2O-J3axTU
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff62e646f8,0x7fff62e64708,0x7fff62e64718
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,228426878820584300,451394280417261451,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6460 /prefetch:2
  2⤵
  PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2392

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14971:78:7zEvent6708
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Sorillus\Start.bat" "
1⤵
PID:5412
- C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\java.exe
  jre1.8.0_361\bin\java.exe -jar -noverify Sorillas.jar
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5524
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:5704

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5588

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\xcvbc.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
51946b30fb42c8742fde8aac416d31f5

SHA1
1bae85e73c38f8d189df0bed1a0434a89a592f9b

SHA256
768dd39d6d80111061619535851cc612ceefd1041576834579c56b3bbc8bcd59

SHA512
a8c9c70f2ef626b8fd1ee8d207f7561f4d57055d1fbd7f2020b5366f4be8833cc09998867f564f3b04583b4b95b68448d4ea34e87b4f1dd44685cabb0f1b1b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
774bed67c1d808a6602e7e81ec95800e

SHA1
d5262b01993c206b2b806a7ab48c54bc91006e07

SHA256
93f1fa19d0b47fb8548b2c80a54d0750d649cb2dc33b220c9ee28db90b07f097

SHA512
7674818dcd0e793519b11a11188dcfae9cd0f945755e7ee1fb15f763b2210ac1f65c5c3941ebdf13e5dfaaa5f7f89fd2fef22eaf96869dcc30a3c63ccc426779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7ddd9601843b29f35b646aa41792488

SHA1
c76fccb7beb45d5442c5277f51edb63bd210e911

SHA256
b7adafd11a3040b6a80ed8414bbec57cbb48089db48f122f0729873216966995

SHA512
cf8119d37cef6a73b9462ccdb7436641b4a283aa303441b7d2cf4a159d21e0b45bd869189e9c010a63c02cad20afd9bb63091b893f545bfa03a7d3ab63f3fe71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2762328ee36d24cd0e79fd42068ab1a0

SHA1
ee973f3d903ef72b2311504ba46a4237a3c7217a

SHA256
f3246dc12675c109dcd9422ef0b9505bbd5347592e16d81ad1dfb493aad2aa2f

SHA512
dca3a56d71f407ce7c8a29835a4609de905b9a95877d26c06530e55431d400074841743d77c202049b78835110aafbc15b577bd7784b7756cfa45f4efdba8cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fe4698c967aaceeedbdef774bc4d3bce

SHA1
74d22346d43a54df8d071b7af6d3810a8404da9c

SHA256
72c1b4cc1702299be06ed90d5fc02f7c74889103fd66de7728de79deb3153d60

SHA512
c984bfceccd952b1f8db8ad47465bf557412ab4e8230a177316ff15ec31216ee59fe8e3474ee4f9db009248e5aae1e24c8bc85f5f3aa5bdb0082976b14aabc19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5791b1.TMP

Filesize
48B

MD5
d38f1aeb9a66563a27758033337ce42f

SHA1
d4e72a37c2ac283b5b19d8c9df1eee455eef4364

SHA256
6cb0814cf49df6a183aab0c965c4c5f608c8a6c144a350e77e520aa5721d38af

SHA512
6e9c02ae13dc515a1dfed2126199f2223dc8d66fbc13433586ffafcf01caa9b21b6295e68a3a0f900f05ced2da5ca3a3d7f2b5305d4501e3d253d8de44ecd0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2858ccc00f85d2c13e5e4b99edbdfd66

SHA1
dcb6a79004cbd7c59b87e64c1f9f20e208d55d42

SHA256
cb54cece5407ff2b8cb97c7e04c60634b1e3239c6d731eec4e0d3fae8dcd3406

SHA512
aee5baa8ce1b1786fe7f625b0e2777203f57afc1daf97a8bd58bc42a602fd9deba4698c8c5984d1d05d0c673a6d895a2a425aff0eebd2d653ad670a7d053195b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8f53283f3c7a65c34677f67440adf6b

SHA1
e7b97e4116a740a566bc2cd490dede06171240a1

SHA256
338bb61fc8d4bcf17c46e616333d6843b6af1eefb5f9441e6a25d926b30bb3b4

SHA512
84e038133be7b6dba85baf4c8947567c4e8fc9cbdf22003549381dc920753d20dfc161c946c3a44ee72e79fe46d9eb5e90a1f693598bb512e758424fc8cf364a

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillas.jar

Filesize
10.0MB

MD5
18c002c3fe84222bb72543bc5f5bf0f9

SHA1
45914d63b0d9b3342517a4f1b9b77c464c28a58f

SHA256
73ab04ed97f75312985e51cb0d7d9b274bc9ecdcd288392469c9e589fcbd64a6

SHA512
908204a956182ec2ab075b5869eef2c215e0578d4350eb764058c1bbed990e2b4389c2a64f3960f716387d5c97d4559135b7a4ff0e4d09903d61011c4c588199

Download Submit
C:\Users\Admin\Downloads\Sorillus\Start.bat

Filesize
60B

MD5
70c54cd2b9eaaab7ee387b2fa0c0fb4a

SHA1
7b16e52597dd6c3bab3880a1ed3da030667802e7

SHA256
14748fda6836b077a0301788791753013e3a85f0a41b721c1d874c3f75140066

SHA512
20693336461355b51abdc62f674b03bf6d29c73101dcbc775692f60d185d84554d60b7f0467901f1923da0f66e508afea72165eae86f0fa477a372ffe492dc6c

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
919e653868a3d9f0c9865941573025df

SHA1
eff2d4ff97e2b8d7ed0e456cb53b74199118a2e2

SHA256
2afbfa1d77969d0f4cee4547870355498d5c1da81d241e09556d0bd1d6230f8c

SHA512
6aec9d7767eb82ebc893ebd97d499debff8da130817b6bb4bcb5eb5de1b074898f87db4f6c48b50052d4f8a027b3a707cad9d7ed5837a6dd9b53642b8a168932

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
11KB

MD5
7676560d0e9bc1ee9502d2f920d2892f

SHA1
4a7a7a99900e41ff8a359ca85949acd828ddb068

SHA256
00942431c2d3193061c7f4dc340e8446bfdbf792a7489f60349299dff689c2f9

SHA512
f1e8db9ad44cd1aa991b9ed0e000c58978eb60b3b7d9908b6eb78e8146e9e12590b0014fc4a97bc490ffe378c0bf59a6e02109bfd8a01c3b6d0d653a5b612d15

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
ac51e3459e8fce2a646a6ad4a2e220b9

SHA1
60cf810b7ad8f460d0b8783ce5e5bbcd61c82f1a

SHA256
77577f35d3a61217ea70f21398e178f8749455689db52a2b35a85f9b54c79638

SHA512
6239240d4f4fa64fc771370fb25a16269f91a59a81a99a6a021b8f57ca93d6bb3b3fcecc8dede0ef7914652a2c85d84d774f13a4143536a3f986487a776a2eae

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
b0e0678ddc403effc7cdc69ae6d641fb

SHA1
c1a4ce4ded47740d3518cd1ff9e9ce277d959335

SHA256
45e48320abe6e3c6079f3f6b84636920a367989a88f9ba6847f88c210d972cf1

SHA512
2badf761a0614d09a60d0abb6289ebcbfa3bf69425640eb8494571afd569c8695ae20130aac0e1025e8739d76a9bff2efc9b4358b49efe162b2773be9c3e2ad4

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
94788729c9e7b9c888f4e323a27ab548

SHA1
b0ba0c4cf1d8b2b94532aa1880310f28e87756ec

SHA256
accdd7455fb6d02fe298b987ad412e00d0b8e6f5fb10b52826367e7358ae1187

SHA512
ab65495b1d0dd261f2669e04dc18a8da8f837b9ac622fc69fde271ff5e6aa958b1544edd8988f017d3dd83454756812c927a7702b1ed71247e506530a11f21c6

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
580d9ea2308fc2d2d2054a79ea63227c

SHA1
04b3f21cbba6d59a61cd839ae3192ea111856f65

SHA256
7cb0396229c3da434482a5ef929d3a2c392791712242c9693f06baa78948ef66

SHA512
97c1d3f4f9add03f21c6b3517e1d88d1bf9a8733d7bdca1aecba9e238d58ff35780c4d865461cc7cd29e9480b3b3b60864abb664dcdc6f691383d0b281c33369

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
35bc1f1c6fbccec7eb8819178ef67664

SHA1
bbcad0148ff008e984a75937aaddf1ef6fda5e0c

SHA256
7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7

SHA512
9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
3bf4406de02aa148f460e5d709f4f67d

SHA1
89b28107c39bb216da00507ffd8adb7838d883f6

SHA256
349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e

SHA512
5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
11KB

MD5
bbafa10627af6dfae5ed6e4aeae57b2a

SHA1
3094832b393416f212db9107add80a6e93a37947

SHA256
c78a1217f8dcb157d1a66b80348da48ebdbbedcea1d487fc393191c05aad476d

SHA512
d5fcba2314ffe7ff6e8b350d65a2cdd99ca95ea36b71b861733bc1ed6b6bb4d85d4b1c4c4de2769fbf90d4100b343c250347d9ed1425f4a6c3fe6a20aed01f17

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\java.dll

Filesize
163KB

MD5
db081a9968bb0c37a57725cdb66a0c7b

SHA1
d5fed172d82111d1f3bcb46ab3bd8b412f3ee003

SHA256
5b9b01f1ec06ad559285201cf0907e1c31473f6fb91aa09813dd8f076f94afe3

SHA512
8a3717be2bdc1d2e628a069a61ac5b504467c52c7b52496c14050cd0fbc3e1023c791ca8b5c3270579e1cc725a8a0cff62c427dc1c25c2ec74725d1dacc621d5

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\java.exe

Filesize
273KB

MD5
47b34557cbf069e0ad9807305cb5c36a

SHA1
58abfbefc486427175b15e69e8e8f4e346318c34

SHA256
cabcfcf1aebf926bbe03b2aded9e7bbb57f4e10600578a6f2acafbf83b7423d4

SHA512
f9354ec19c3bad2a3a9e95211a306e54ebe559127d8ae660ce75c88839afd558821a0a858366db8820517cb12f7fe0056bb5c09199c1fe1a9083e299b02a148d

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\server\jvm.dll

Filesize
8.2MB

MD5
a5b5e313919826735b73731252a2bc2e

SHA1
090054f0aeeaaac570130ef5a03c26970cdb050c

SHA256
86765f3558ffbb2cf28fb683ee17c288967e636b5cb4fe0422ade39591f6abf4

SHA512
2e0199624f91f9c952ea4fb81a01096febe8dde6fba85f66e7978c98ba749da3cd53cb6d986260e357c19a1d3b5411d6716548ef57e31ec75d55f4d3a3420c3f

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\verify.dll

Filesize
54KB

MD5
c15088054d639475e51b88251369c226

SHA1
8849a9ee53e6bc7d1618103b674a6f481b72f3aa

SHA256
a7e7890ec2e238b3108fe2d9b4796898b2fff30ce07957f60689975d7460098c

SHA512
81ae70caf0304c63adadc3437e592ea9540db59ac7bd7417b769b5702a2aa012bec79aab8ce01187ebbd78555b7824fc4434a113dd9be5b667ce693b293122c4

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\bin\zip.dll

Filesize
84KB

MD5
7c7a8adce66eeb67a96ca617c8286d72

SHA1
da1f100637f0b94aaea4e3999ef96a32a63bfc2b

SHA256
d15be64cc05ae14db69b5a3558cd57767eda91e708c74d3dccdc4958c42cb5d9

SHA512
00d3c1145b8c8ea246f456000c2fcfe1e978d148ad69ddabdf9e5f332db4e44025211916c6452b5030f8326d523d6e72de8aebd9e41d83afccb8713e88782f31

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\amd64\jvm.cfg

Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\charsets.jar

Filesize
2.9MB

MD5
82ade56ed7fa67287198802746ee6045

SHA1
2c5ad0a04bd0fae259cf29af346379284c684d42

SHA256
c89895405e63110d69bb37178f0650bf2a4a489ab9e98da613464c61c475b58c

SHA512
cd3c2180e185d1fce354ede366845668ab165ad0ebf7fd9cd9fbb3723ab64c3515c30e772e1577a747468e530d677c7955b41528d39e6d3c8c988b11604e470d

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\ext\jfxrt.jar

Filesize
17.4MB

MD5
671df034c39d335d5e9de4da7cf70e97

SHA1
184aa46308c1af192f119b6cae48c6a567175592

SHA256
0fb07fad0f05706dcdb487ef3fa8adfc97e1a47792ee9cb7af359c77a9393542

SHA512
7512b351ef1429bb722318c415cbcd5459dc86678b11634e3dd8e83394e59a48551a817842d73107546ffdfe05eb06f7ab4ce6a853ce266f3503885d4517a8ed

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\jce.jar

Filesize
119KB

MD5
1f4d4fc6b33c30c5782c66b80d92c4f9

SHA1
194df32fb23b470dae4929605d18abd041c743c6

SHA256
81b8de0e148ed3601cf5f1bdf2787c5b15213d842bc537af9ede9635d692b904

SHA512
dfde7e03fc106b785887f2a409b3528c5862663f188c95f6a95c739bdfcc8c6205c03b739de1b259e9a8a0360aa4e10e8d4bce1a57445797a214160b8d98a085

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\jfr.jar

Filesize
559KB

MD5
18c5aec1e008f781bf74707662920000

SHA1
c29c11cda5b867b68cba1fa7cb331d54a66b3f56

SHA256
e9eab8ec4712142a3ed9ac833d853e144043699c1712986736f3667a9267c11b

SHA512
9988b510d7e036ef41673edd8e38e2f72b695741da3ef63678b808b5e10a76951d016e27cdd23857de0ed0f3b44be8f7fb3a141021b543f104f2a214e53ca74d

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\jsse.jar

Filesize
1.7MB

MD5
f095a5ac04775e1093d54822460cc5a7

SHA1
2e0f0ec528c41b437126c506a91fe1ad5e699865

SHA256
784b8df88387ee27383d6db4e184b169a21cb4b8bcb0d8395a7b1ac2b128108a

SHA512
c0b5ca94ead3dffd33e19a2d757b2b653867b4f539a143ef17baeef1015c3845aba4f0666ef1d0c7ce02d156ce826b9c324c8159983a71d19d60415d60e25d36

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Users\Admin\Downloads\Sorillus\jre1.8.0_361\lib\resources.jar

Filesize
3.4MB

MD5
0fdcdf2b521c8ffba3fcae32a684358e

SHA1
45a3ae43334b1a0f46d76599d3926c40fa790965

SHA256
2189d10490922562be379da742eedc5e77cac61a6d2a484a3ed4693965dfe290

SHA512
1a1489faa7903bc24d4cc3fbd0ee80e79602a39ea9530f10075a52460e6100c807dbafb17e4b1a7997c23cbe3906808291be7718e6525a79a295e1ddc8ed9eda

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF2813033100978202668.tmp

Filesize
217KB

MD5
1bf71be111189e76987a4bb9b3115cb7

SHA1
40442c189568184b6e6c27a25d69f14d91b65039

SHA256
cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

SHA512
cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF4539430209409435776.tmp

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF556415034831876049.tmp

Filesize
52KB

MD5
de2d73ffb31b036a481049751970e2ca

SHA1
5c26b381aa54a3336729cbaf4281620e03c34873

SHA256
5afafd11dad40cc06023a6a5c1a6793b1cb55720314a18d4352879d6214b014e

SHA512
f19bda9d9f355dab1ae3846c5e3a6535e59c529d0efe6204dd54000f3e088cf94099a1ccab94c0fadf7631385b94ca8c667f76c0556066ea49f06b2ac1479adb

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF6054043874449454907.tmp

Filesize
43KB

MD5
731484623dfcbf11c948feea896b83c8

SHA1
464d1c30e20128907d6f6d667a48a3213ac4df83

SHA256
a4d9acdd8e2bb188c832059a86636b4b26118d5965f0c08debd2b62c0d63c9a5

SHA512
5dacfce6e70eff4141f107cd47c0c50068205485a9977fe60933238e750de8a46acaf99eed8dd08d70de2266360315db6b247e8e943fa276023c5360be81e794

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF8545728303369734155.tmp

Filesize
164KB

MD5
8a36205bd9b83e03af0591a004bc97f4

SHA1
56c5c0d38bde4c1f1549dda43db37b09c608aad3

SHA256
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

SHA512
e96b43b0ca3fd7775d75a702f44cd1b0dfd325e1db317f7cba84efdf572571fe7594068f9132a937251aab8bd1f68783213677d4953aca197195fbe5db1f90d7

Download Submit
memory/5524-934-0x0000025CA4C00000-0x0000025CA4C01000-memory.dmp

Filesize
4KB

Download
memory/5524-854-0x0000025CA4C00000-0x0000025CA4C01000-memory.dmp

Filesize
4KB

Download
memory/5524-1040-0x0000025CA4C00000-0x0000025CA4C01000-memory.dmp

Filesize
4KB

Download
memory/5524-846-0x0000025CA4C00000-0x0000025CA4C01000-memory.dmp

Filesize
4KB

Download
memory/5524-1194-0x0000025CA4C00000-0x0000025CA4C01000-memory.dmp

Filesize
4KB

Download
memory/5524-941-0x0000025CA4C00000-0x0000025CA4C01000-memory.dmp

Filesize
4KB

Download
memory/5524-850-0x0000025CA4C00000-0x0000025CA4C01000-memory.dmp

Filesize
4KB

Download
memory/5588-1104-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1115-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1114-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1113-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1112-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1111-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1110-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1109-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1105-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download
memory/5588-1103-0x0000024A6D130000-0x0000024A6D131000-memory.dmp

Filesize
4KB

Download