28272caadd4df846e1f19ca4c5932fa3ec0348f0e36a8e1395a30b2a005c7656

Analysis

max time kernel
170s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
06/02/2023, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ATLauncher-setup-1.1.0.0.exe
Size

2.6MB
MD5

2f9d674c4b426de69d4229c7778d88c4
SHA1

9d75fdd18d4c32bc93c6c828ac3b4019db1f0931
SHA256

28272caadd4df846e1f19ca4c5932fa3ec0348f0e36a8e1395a30b2a005c7656
SHA512

fc9a5a6cb89cc61666055248391c54a2f5c0845dda72bbdbf469d3679c26b3546b7ab048c68ceeaa9f507e10ac4f83402a5303b58a465f1010608a02ec6c728f
SSDEEP

24576:k7FUDowAyrTVE3U5F349LBNaSG0b79VFVoCxQQMkcxVyMhqrHzEhbjRN8lTRa7I3:kBuZrEU89tRGu79DOHfkMhqgJjvWasrj

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	javaw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	javaw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	javaw.exe

Executes dropped EXE 10 IoCs

pid	Process
3648	ATLauncher-setup-1.1.0.0.tmp
3980	7za.exe
5092	ATLauncher.exe
1760	javaw.exe
2932	ATLauncher.exe
4948	javaw.exe
4024	javaw.exe
4512	ATLauncher.exe
920	javaw.exe
2144	javaw.exe

Loads dropped DLL 64 IoCs

pid	Process
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
1760	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4948	javaw.exe
4024	javaw.exe
4024	javaw.exe
4024	javaw.exe
4024	javaw.exe
4024	javaw.exe
4024	javaw.exe
4024	javaw.exe
4024	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
2144	javaw.exe
2144	javaw.exe
2144	javaw.exe
2144	javaw.exe
2144	javaw.exe
2144	javaw.exe
2144	javaw.exe
2144	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe
920	javaw.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	javaw.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\jvm.pdb	javaw.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999\dll\jvm.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	javaw.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3648	ATLauncher-setup-1.1.0.0.tmp
3648	ATLauncher-setup-1.1.0.0.tmp
1760	javaw.exe
1760	javaw.exe
920	javaw.exe
920	javaw.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeRestorePrivilege	3980	7za.exe
Token: 35	3980	7za.exe
Token: SeSecurityPrivilege	3980	7za.exe
Token: SeSecurityPrivilege	3980	7za.exe
Token: SeBackupPrivilege	1760	javaw.exe
Token: SeBackupPrivilege	1760	javaw.exe
Token: SeSecurityPrivilege	1760	javaw.exe
Token: SeDebugPrivilege	1760	javaw.exe
Token: SeBackupPrivilege	4948	javaw.exe
Token: SeBackupPrivilege	4948	javaw.exe
Token: SeSecurityPrivilege	4948	javaw.exe
Token: SeDebugPrivilege	4948	javaw.exe
Token: SeBackupPrivilege	920	javaw.exe
Token: SeBackupPrivilege	920	javaw.exe
Token: SeSecurityPrivilege	920	javaw.exe
Token: SeDebugPrivilege	920	javaw.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3648	ATLauncher-setup-1.1.0.0.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1760	javaw.exe
4948	javaw.exe
920	javaw.exe
920	javaw.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 3648	4404	ATLauncher-setup-1.1.0.0.exe	66
PID 4404 wrote to memory of 3648	4404	ATLauncher-setup-1.1.0.0.exe	66
PID 4404 wrote to memory of 3648	4404	ATLauncher-setup-1.1.0.0.exe	66
PID 3648 wrote to memory of 3980	3648	ATLauncher-setup-1.1.0.0.tmp	68
PID 3648 wrote to memory of 3980	3648	ATLauncher-setup-1.1.0.0.tmp	68
PID 3648 wrote to memory of 3980	3648	ATLauncher-setup-1.1.0.0.tmp	68
PID 3648 wrote to memory of 5092	3648	ATLauncher-setup-1.1.0.0.tmp	71
PID 3648 wrote to memory of 5092	3648	ATLauncher-setup-1.1.0.0.tmp	71
PID 3648 wrote to memory of 5092	3648	ATLauncher-setup-1.1.0.0.tmp	71
PID 5092 wrote to memory of 1760	5092	ATLauncher.exe	72
PID 5092 wrote to memory of 1760	5092	ATLauncher.exe	72
PID 1760 wrote to memory of 2444	1760	javaw.exe	73
PID 1760 wrote to memory of 2444	1760	javaw.exe	73
PID 1760 wrote to memory of 1140	1760	javaw.exe	75
PID 1760 wrote to memory of 1140	1760	javaw.exe	75
PID 1760 wrote to memory of 4124	1760	javaw.exe	77
PID 1760 wrote to memory of 4124	1760	javaw.exe	77
PID 1760 wrote to memory of 2628	1760	javaw.exe	82
PID 1760 wrote to memory of 2628	1760	javaw.exe	82
PID 1760 wrote to memory of 4024	1760	javaw.exe	84
PID 1760 wrote to memory of 4024	1760	javaw.exe	84
PID 4948 wrote to memory of 4596	4948	javaw.exe	85
PID 4948 wrote to memory of 4596	4948	javaw.exe	85
PID 4512 wrote to memory of 920	4512	ATLauncher.exe	88
PID 4512 wrote to memory of 920	4512	ATLauncher.exe	88
PID 920 wrote to memory of 1476	920	javaw.exe	89
PID 920 wrote to memory of 1476	920	javaw.exe	89
PID 920 wrote to memory of 2428	920	javaw.exe	91
PID 920 wrote to memory of 2428	920	javaw.exe	91
PID 920 wrote to memory of 1896	920	javaw.exe	93
PID 920 wrote to memory of 1896	920	javaw.exe	93
PID 920 wrote to memory of 2520	920	javaw.exe	95
PID 920 wrote to memory of 2520	920	javaw.exe	95
PID 920 wrote to memory of 2144	920	javaw.exe	97
PID 920 wrote to memory of 2144	920	javaw.exe	97

C:\Users\Admin\AppData\Local\Temp\ATLauncher-setup-1.1.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\ATLauncher-setup-1.1.0.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Users\Admin\AppData\Local\Temp\is-4ET7T.tmp\ATLauncher-setup-1.1.0.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4ET7T.tmp\ATLauncher-setup-1.1.0.0.tmp" /SL5="$601E4,1526449,1202176,C:\Users\Admin\AppData\Local\Temp\ATLauncher-setup-1.1.0.0.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3648
- - C:\Users\Admin\AppData\Local\Temp\is-EB665.tmp\7za.exe
    "C:\Users\Admin\AppData\Local\Temp\is-EB665.tmp\7za.exe" x "C:\Users\Admin\AppData\Local\Temp\is-EB665.tmp\jre.zip" -o"C:\Users\Admin\AppData\Roaming\ATLauncher\" * -r -aoa
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3980
- - C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe
    "C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:5092
  - - C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe
      "C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe;lib\oshi-core-6.1.6.jar;lib\jna-platform-5.11.0.jar;lib\jna-5.11.0.jar;lib\authlib-1.5.21.jar;lib\gson-2.9.0.jar;lib\guava-31.1-jre.jar;lib\xz-1.9.jar;lib\base64-2.3.9.jar;lib\discord-rpc-1.6.2.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.15.jar;lib\okhttp-tls-4.9.3.jar;lib\google-analytics-java-2.0.11.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.9.3.jar;lib\sentry-6.1.4.jar;lib\gettext-lib-88ae68d897.jar;lib\log4j-core-2.17.2.jar;lib\log4j-api-2.17.2.jar;lib\murmur-1.0.0.jar;lib\commons-text-1.10.0.jar;lib\commons-lang3-3.12.0.jar;lib\flatlaf-extras-2.3.jar;lib\flatlaf-2.3.jar;lib\jlhttp-2.6.jar;lib\joda-time-2.10.14.jar;lib\commons-compress-1.21.jar;lib\commonmark-0.19.0.jar;lib\dbus-java-3.3.1.jar;lib\failureaccess-1.0.1.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.12.0.jar;lib\error_prone_annotations-2.11.0.jar;lib\j2objc-annotations-1.3.jar;lib\httpclient-4.5.11.jar;lib\commons-codec-1.11.jar;lib\commons-io-2.4.jar;lib\jcl-over-slf4j-1.7.30.jar;lib\slf4j-api-1.7.36.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-2.9.0.jar;lib\kotlin-stdlib-jdk8-1.5.31.jar;lib\kotlin-stdlib-jdk7-1.5.31.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.5.31.jar;lib\antlr4-runtime-4.7.3.jar;lib\svgSalamander-1.1.3.jar;lib\jnr-unixsocket-0.38.6.jar;lib\kotlin-stdlib-common-1.5.31.jar;lib\annotations-13.0.jar;lib\httpcore-4.4.13.jar;lib\jnr-enxio-0.32.4.jar;lib\jnr-posix-3.1.5.jar;lib\jnr-ffi-2.2.2.jar;lib\jnr-constants-0.10.1.jar;lib\jffi-1.3.1.jar;lib\jffi-1.3.1-native.jar;lib\asm-commons-9.1.jar;lib\asm-util-9.1.jar;lib\asm-analysis-9.1.jar;lib\asm-tree-9.1.jar;lib\asm-9.1.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar" com.atlauncher.App
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Windows directory
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1760
    - - C:\Windows\SYSTEM32\reg.exe
        
        reg query HKEY_LOCAL_MACHINE\Software\JavaSoft\ /f Home /t REG_SZ /s /reg:64
        5⤵
        
        PID:2444
    - - C:\Program Files\Java\jdk1.8.0_66\bin\java.exe
        
        "C:\Program Files\Java\jdk1.8.0_66\bin\java.exe" -version
        5⤵
        
        PID:1140
    - - C:\Program Files\Java\jre1.8.0_66\bin\java.exe
        
        "C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -version
        5⤵
        
        PID:4124
    - - C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe
        
        "C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe" -version
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe
        
        C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw -version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:4024

C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe
"C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe"
1⤵
- Executes dropped EXE
PID:2932
- C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe;lib\oshi-core-6.1.6.jar;lib\jna-platform-5.11.0.jar;lib\jna-5.11.0.jar;lib\authlib-1.5.21.jar;lib\gson-2.9.0.jar;lib\guava-31.1-jre.jar;lib\xz-1.9.jar;lib\base64-2.3.9.jar;lib\discord-rpc-1.6.2.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.15.jar;lib\okhttp-tls-4.9.3.jar;lib\google-analytics-java-2.0.11.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.9.3.jar;lib\sentry-6.1.4.jar;lib\gettext-lib-88ae68d897.jar;lib\log4j-core-2.17.2.jar;lib\log4j-api-2.17.2.jar;lib\murmur-1.0.0.jar;lib\commons-text-1.10.0.jar;lib\commons-lang3-3.12.0.jar;lib\flatlaf-extras-2.3.jar;lib\flatlaf-2.3.jar;lib\jlhttp-2.6.jar;lib\joda-time-2.10.14.jar;lib\commons-compress-1.21.jar;lib\commonmark-0.19.0.jar;lib\dbus-java-3.3.1.jar;lib\failureaccess-1.0.1.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.12.0.jar;lib\error_prone_annotations-2.11.0.jar;lib\j2objc-annotations-1.3.jar;lib\httpclient-4.5.11.jar;lib\commons-codec-1.11.jar;lib\commons-io-2.4.jar;lib\jcl-over-slf4j-1.7.30.jar;lib\slf4j-api-1.7.36.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-2.9.0.jar;lib\kotlin-stdlib-jdk8-1.5.31.jar;lib\kotlin-stdlib-jdk7-1.5.31.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.5.31.jar;lib\antlr4-runtime-4.7.3.jar;lib\svgSalamander-1.1.3.jar;lib\jnr-unixsocket-0.38.6.jar;lib\kotlin-stdlib-common-1.5.31.jar;lib\annotations-13.0.jar;lib\httpcore-4.4.13.jar;lib\jnr-enxio-0.32.4.jar;lib\jnr-posix-3.1.5.jar;lib\jnr-ffi-2.2.2.jar;lib\jnr-constants-0.10.1.jar;lib\jffi-1.3.1.jar;lib\jffi-1.3.1-native.jar;lib\asm-commons-9.1.jar;lib\asm-util-9.1.jar;lib\asm-analysis-9.1.jar;lib\asm-tree-9.1.jar;lib\asm-9.1.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar" com.atlauncher.App
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4948
- - C:\Windows\SYSTEM32\reg.exe
    reg query HKEY_LOCAL_MACHINE\Software\JavaSoft\ /f Home /t REG_SZ /s /reg:64
    3⤵
    PID:4596

C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe
"C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe" -Djna.nosys=true -Djava.net.preferIPv4Stack=true -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true -classpath "C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe;lib\oshi-core-6.1.6.jar;lib\jna-platform-5.11.0.jar;lib\jna-5.11.0.jar;lib\authlib-1.5.21.jar;lib\gson-2.9.0.jar;lib\guava-31.1-jre.jar;lib\xz-1.9.jar;lib\base64-2.3.9.jar;lib\discord-rpc-1.6.2.jar;lib\jopt-simple-5.0.4.jar;lib\zt-zip-1.15.jar;lib\okhttp-tls-4.9.3.jar;lib\google-analytics-java-2.0.11.jar;lib\apollo-runtime-2.5.14.jar;lib\apollo-http-cache-2.5.14.jar;lib\okhttp-4.9.3.jar;lib\sentry-6.1.4.jar;lib\gettext-lib-88ae68d897.jar;lib\log4j-core-2.17.2.jar;lib\log4j-api-2.17.2.jar;lib\murmur-1.0.0.jar;lib\commons-text-1.10.0.jar;lib\commons-lang3-3.12.0.jar;lib\flatlaf-extras-2.3.jar;lib\flatlaf-2.3.jar;lib\jlhttp-2.6.jar;lib\joda-time-2.10.14.jar;lib\commons-compress-1.21.jar;lib\commonmark-0.19.0.jar;lib\dbus-java-3.3.1.jar;lib\failureaccess-1.0.1.jar;lib\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;lib\apollo-normalized-cache-jvm-2.5.14.jar;lib\cache-2.0.2.jar;lib\jsr305-3.0.2.jar;lib\checker-qual-3.12.0.jar;lib\error_prone_annotations-2.11.0.jar;lib\j2objc-annotations-1.3.jar;lib\httpclient-4.5.11.jar;lib\commons-codec-1.11.jar;lib\commons-io-2.4.jar;lib\jcl-over-slf4j-1.7.30.jar;lib\slf4j-api-1.7.36.jar;lib\apollo-http-cache-api-2.5.14.jar;lib\apollo-normalized-cache-api-jvm-2.5.14.jar;lib\apollo-api-jvm-2.5.14.jar;lib\okio-jvm-2.9.0.jar;lib\kotlin-stdlib-jdk8-1.5.31.jar;lib\kotlin-stdlib-jdk7-1.5.31.jar;lib\uuid-jvm-0.2.0.jar;lib\kotlin-stdlib-1.5.31.jar;lib\antlr4-runtime-4.7.3.jar;lib\svgSalamander-1.1.3.jar;lib\jnr-unixsocket-0.38.6.jar;lib\kotlin-stdlib-common-1.5.31.jar;lib\annotations-13.0.jar;lib\httpcore-4.4.13.jar;lib\jnr-enxio-0.32.4.jar;lib\jnr-posix-3.1.5.jar;lib\jnr-ffi-2.2.2.jar;lib\jnr-constants-0.10.1.jar;lib\jffi-1.3.1.jar;lib\jffi-1.3.1-native.jar;lib\asm-commons-9.1.jar;lib\asm-util-9.1.jar;lib\asm-analysis-9.1.jar;lib\asm-tree-9.1.jar;lib\asm-9.1.jar;lib\jnr-a64asm-1.0.0.jar;lib\jnr-x86asm-1.0.2.jar" com.atlauncher.App
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Windows\SYSTEM32\reg.exe
    reg query HKEY_LOCAL_MACHINE\Software\JavaSoft\ /f Home /t REG_SZ /s /reg:64
    3⤵
    PID:1476
- - C:\Program Files\Java\jdk1.8.0_66\bin\java.exe
    "C:\Program Files\Java\jdk1.8.0_66\bin\java.exe" -version
    3⤵
    PID:2428
- - C:\Program Files\Java\jre1.8.0_66\bin\java.exe
    "C:\Program Files\Java\jre1.8.0_66\bin\java.exe" -version
    3⤵
    PID:1896
- - C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe
    "C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe" -version
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe
    C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw -version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:2144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4ET7T.tmp\ATLauncher-setup-1.1.0.0.tmp

Filesize
3.4MB

MD5
1be2486aed74952c47fe38df49f206bd

SHA1
1bde8ae3ccf48870afdb880bbdc821c2cd72ed09

SHA256
c2b4f7cf25d80593f1db7465a8f66d346f58271d3a1ab1ab505885f063cf1a65

SHA512
f3549a9f594d749ea40d45b602d14843f025f4b671c9d3762c5910a90804ba77e4bb5dd3dcf55d3a02a50dba83c74cb34260b8f1e566885a989bf1af753b4b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4ET7T.tmp\ATLauncher-setup-1.1.0.0.tmp

Filesize
3.4MB

MD5
1be2486aed74952c47fe38df49f206bd

SHA1
1bde8ae3ccf48870afdb880bbdc821c2cd72ed09

SHA256
c2b4f7cf25d80593f1db7465a8f66d346f58271d3a1ab1ab505885f063cf1a65

SHA512
f3549a9f594d749ea40d45b602d14843f025f4b671c9d3762c5910a90804ba77e4bb5dd3dcf55d3a02a50dba83c74cb34260b8f1e566885a989bf1af753b4b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EB665.tmp\7za.exe

Filesize
722KB

MD5
43141e85e7c36e31b52b22ab94d5e574

SHA1
cfd7079a9b268d84b856dc668edbb9ab9ef35312

SHA256
ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

SHA512
9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EB665.tmp\7za.exe

Filesize
722KB

MD5
43141e85e7c36e31b52b22ab94d5e574

SHA1
cfd7079a9b268d84b856dc668edbb9ab9ef35312

SHA256
ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

SHA512
9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EB665.tmp\jre.zip

Filesize
41.1MB

MD5
9e7973bdac477b8bc34307b87437f88f

SHA1
5f14eb630ce7529e16af6ca2dba50d5b79ddcc64

SHA256
d77745fdb57b51116f7b8fabd7d251067edbe3c94ea18fa224f64d9584b41a97

SHA512
31594d572862ee9a600d4fc0d386a32e1d66e4d28ac73f4c89a102c78ba466f02d1ee8c54a7d68d533b0c85211a8bbc074abb2223a32c61cdd7af5a545297d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna880126900327908293.dll

Filesize
248KB

MD5
4de85f9679c3a75f6d7d3e56094aa106

SHA1
052f62fb2ebec89fbe412db480865910eab693ad

SHA256
3d1b2427b45ff5178bbb4db395758bedd3a1e91121ebb3e3640b5c4e20eb22cc

SHA512
e8357eabd548ffeba42715d891b9e1ed22b7bf720f48b1888407b9ebe7a796719c60a38f4fb8bb1cf32d3c9bed210a07cc227424ef991d356ec3acef9e6223ab

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe

Filesize
21.9MB

MD5
bddf2d8eefbea40b475c3933af5b6413

SHA1
96f5194b3770cdc88d2d16e950f1ac0673102228

SHA256
88ba6dc9546ca2f6ef9cc13e454d2a4908d60d43ad5b601d657e05a254023811

SHA512
d899f04acbd29904e18bd9506cd0dc59b531c3c8ce6b1a4ee8bc8795bddd8f34fc60326caf27f0f58480ec96971ec05c9de45edf4887af469e984cc33ba5ede7

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe

Filesize
21.9MB

MD5
bddf2d8eefbea40b475c3933af5b6413

SHA1
96f5194b3770cdc88d2d16e950f1ac0673102228

SHA256
88ba6dc9546ca2f6ef9cc13e454d2a4908d60d43ad5b601d657e05a254023811

SHA512
d899f04acbd29904e18bd9506cd0dc59b531c3c8ce6b1a4ee8bc8795bddd8f34fc60326caf27f0f58480ec96971ec05c9de45edf4887af469e984cc33ba5ede7

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\ATLauncher.exe

Filesize
21.9MB

MD5
bddf2d8eefbea40b475c3933af5b6413

SHA1
96f5194b3770cdc88d2d16e950f1ac0673102228

SHA256
88ba6dc9546ca2f6ef9cc13e454d2a4908d60d43ad5b601d657e05a254023811

SHA512
d899f04acbd29904e18bd9506cd0dc59b531c3c8ce6b1a4ee8bc8795bddd8f34fc60326caf27f0f58480ec96971ec05c9de45edf4887af469e984cc33ba5ede7

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\configs\ATLauncher.json

Filesize
2KB

MD5
8fad4134232db1c99a9472813b6f1810

SHA1
bcaeb23a31015b8614532881ce7e310a7c4f4c31

SHA256
954bd972c2619b4ff6044acdd2be7fa84c8fe79044aacb686969c5ab15722c2f

SHA512
518b6f14b9c464d325a992eff62b6dd8e5c379eac4390de225cd99177ebc54495f1f3a1cae7290d43918bb77abd833ca5ec74b71e6e73e3bd0c08bbf629edb01

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\VCRUNTIME140.dll

Filesize
91KB

MD5
216159bcaa1bfe07a06de8c3d9b8f8af

SHA1
b4324e32aa0201a6d333cac94248932f15cdbf6a

SHA256
0635a22fa6f1a42b83b060d668cc5eb93f1a79c2f88c8f15ce42bb40b5bbb57b

SHA512
9889904b676315fab69d1e0f4b6d1ed33cb8cff6fe4913c85d4ef1480694d6a50f2e4066e77b2654e97695f37ee4667e4c99fc61a983f723ea7bc84dd1f0dc85

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\awt.dll

Filesize
1.4MB

MD5
7601654b162c16e8a795a7c3598dbb50

SHA1
3cd1c861289c666a7a58031e659fbd40123b6eac

SHA256
bfd630722b35ea4e950b49538aba48bcd9699e7e9aa7a082b75bd8798676bbbe

SHA512
e5608c71ba9f7ab192bd6e4ab4dfd1b3fc6d484a3d276ab3a33357f1e0bc8481acb149ef913edfb1d7aa4f29e79b323219df73fb306f9ddc017d62a5135495fc

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\java.dll

Filesize
141KB

MD5
8db218b610ba358423c344724d1a941f

SHA1
d6647539d0e2d17e871524b86e78e1decee1cdff

SHA256
cfa967dd97ac786f60130206a0532b3646b9e8e406b03ed5eb2fdc26ff51a515

SHA512
e66d969bfa2e3096bb3ba9d9c5947d8428454d700bb04887f5a0050bbc54fcd53ec9b6bf577c1d16082595e209d85acc6ca9526ca9c1c4a9c889797a549aea94

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe

Filesize
47KB

MD5
1f9f531524806f1b649806e4824db3e4

SHA1
f6adc7adb1e01a6b0333b8602d06d94cce05753f

SHA256
19c937531c65303712cd5983cb24bbcf566069fe363a270e3fcf0d72c96a3244

SHA512
b75b9d0efd3293f92cf0b826876fd50ea670e91a6627958d8c1b1f5c23b35fb04ffa781e5ee3413961fd4c59ba7bf205fa6a5ca58409b0c28472125165c5548b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe

Filesize
47KB

MD5
1f9f531524806f1b649806e4824db3e4

SHA1
f6adc7adb1e01a6b0333b8602d06d94cce05753f

SHA256
19c937531c65303712cd5983cb24bbcf566069fe363a270e3fcf0d72c96a3244

SHA512
b75b9d0efd3293f92cf0b826876fd50ea670e91a6627958d8c1b1f5c23b35fb04ffa781e5ee3413961fd4c59ba7bf205fa6a5ca58409b0c28472125165c5548b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\javaw.exe

Filesize
47KB

MD5
1f9f531524806f1b649806e4824db3e4

SHA1
f6adc7adb1e01a6b0333b8602d06d94cce05753f

SHA256
19c937531c65303712cd5983cb24bbcf566069fe363a270e3fcf0d72c96a3244

SHA512
b75b9d0efd3293f92cf0b826876fd50ea670e91a6627958d8c1b1f5c23b35fb04ffa781e5ee3413961fd4c59ba7bf205fa6a5ca58409b0c28472125165c5548b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jimage.dll

Filesize
31KB

MD5
64e606ee9b478ddf035460ad9a37eb90

SHA1
d9afde93e352ddcbf532d86b91098f44e6d0180b

SHA256
d6691e39c5b3500de0bb973d3ae70f6df3168b9c74fd952a40bfd093971535ec

SHA512
b2170d8e885004cd8254fe204e047e4dd8e1d4118865a8029e35bbbff14cfc201146f01b624794f86d711150bffda04d94a2884a437ecfe1ff8023172f219657

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jli.dll

Filesize
84KB

MD5
ae58a62ce533eb74f51eca1e0cb7a8be

SHA1
52224ea8ad340430c1b3a4e64fae687283b96200

SHA256
da40934dbfa280faa51375043403b13f6bfcacc39adecb50cfb8988c5b2f0b3d

SHA512
7594434b81dbf23392a839a9a3aecab914f3f9075adb6ae204ac82dc9445e13dcbb7292744f0453ce2f2cbf1f5fcd2e20f1221507e38e7f21e2173653633d0fc

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jsvml.dll

Filesize
847KB

MD5
a3be1db39875100c2fa26dc5d98fd127

SHA1
487bf8a8bd0f4215b57bd4d02d548753668d2001

SHA256
482d5876488d13d23ac80c2282553fa3b73c02c26a78f6651eb4b23a1db6b6af

SHA512
bb9a42522cedb31590049a35e815109abfb9eaa7039a045cdc593b61463ec6cd2f387af1bfdd139c4a4b7b75e32496e6bbdae857667cdfa32efaa6caf336f8b7

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\msvcp140.dll

Filesize
569KB

MD5
73e46e44d3a7f696717e2e90326b18b5

SHA1
d99ddba4c0f55071325ad1fb13550371a0c93bec

SHA256
22f3d034b0b557c766458dabdc86a51de6b0edb6d5f2d76158706ab4f566ec80

SHA512
dc1930cc96b31dfd95c7324706582551d1a10401428f35707ed0008c796e0c4c46c42792e9df2ccf944fbb935083c2a7609489663d7f2a1a4181bfa2f8971209

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\net.dll

Filesize
93KB

MD5
a0a4b89812b00b91603d0b615bbc0456

SHA1
0f46ce5e5313ea801656bd8ecd0ff0cdf3506d07

SHA256
6a1f7c415b8695bb738c0774c7c30a09e8694f0d5456eae095c433f4a55d31d1

SHA512
24da8854256ddd53b69cceff28fe1cea54a797343b53f32c1d0f810c33c7f61c2bfba8ece7f86dbd426df0fc79728b06d42ec700159adc35c348f743ee7b0ba5

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\nio.dll

Filesize
76KB

MD5
b4fba10ca6196b097585a4a19c6dce59

SHA1
2327e1e4757a47f6616683b9c82f827007b28641

SHA256
b8d92eeaca767b3f343f04dd5c34f4cd6de3dba76ea4b3b86b74e38adfc82237

SHA512
87e695f336324a29db53991c4dc09e8d90ea41e621227db07bd34057a49427a2a26215010bdb12b9cd06e41a6c17ad53bb5345f67b298d84d7f896d7879a2673

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\server\classes.jsa

Filesize
10.6MB

MD5
6014ef2efd2c82bc10874d3a2f728115

SHA1
008004327e33316a3dc4f1504de02fa7aaf3ff92

SHA256
4e4be26e744abfad8a91fe6563bb7844c5992fec63390040df45fe2ba42a2806

SHA512
dcae3c6f0a77222e245e44a8ab6ad48a6b975b767ac3520bbb509ddf5e87c042d93209da09220c7c7bd339139f7493ab2404ef40e88591f1ff581849662bcff6

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\server\jvm.dll

Filesize
12.0MB

MD5
15094944ea4d1bb9d5674e642b90a798

SHA1
bddc93ee5be01204a8ac62311397ef244c8a6de0

SHA256
a839e39ea903d713ee3c531a73790a7c8155af4af954a030b3f1d401bd52eef2

SHA512
1bb6559ec31a2f679f92ce0833f995234be2b78c93547e0a24330ada68f524ded9b69953efb6dcf4ac7b0f4b0686fd7e4f469024003bdd54b3a50358a9e3b949

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140_1.dll

Filesize
35KB

MD5
05926bdac2087367dc160fb09a441753

SHA1
5b3e43cfe518aba359aaa4313b0f90b10632e390

SHA256
da7f745e0408c9ca916b3e5d82a7ec8a0697342da5d0f2769270ae9f826b3494

SHA512
5483ad289f94a8ded32142a7a0a211e62a60b7ade68f4147d0f96295279734adb973d4e56c671411cdef19bce685d413502f3e0ba1d46e2dc7894bc75067d4ca

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\verify.dll

Filesize
51KB

MD5
83b83aacf368ef0c46174df3aed4923b

SHA1
1aabdfdefae6dedf7d158d7f9fb6c96b8005658c

SHA256
17747efcfa8dc8956f3d06125bcb97244d34e0515f488799597b13c830c0b38e

SHA512
ebf18d829865265b12d92ea55ab48ef84bc48fd33425d6fe7796778f77323d8d8882dad5e9dfd56d02671ceb2bfd453bc938447ce22f17e15a63f7b2179fc072

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\zip.dll

Filesize
82KB

MD5
5880b1424a81ecd34cbab80e01e37a09

SHA1
971561b636467abafc8aa51b262affb875856f13

SHA256
8c6e952832fc476633906452c555d7ca6264e385adbf22f8e40f5b10c76a2c37

SHA512
44bb42ebdee8be64b7bff02ec7f1cda408f192e7ba5dd8deac4ed1c84b914b6fa19572376ba73c03388de9a023c31a8b8f695a119b40ddf2c19e30c67c61a60b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\conf\logging.properties

Filesize
2KB

MD5
0f00ec3e7a7767a4efeae1875fb5f3d4

SHA1
167808418571e9209b952188ddab2f4e62920e68

SHA256
b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f

SHA512
e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\conf\security\java.security

Filesize
56KB

MD5
00cf40959861f61f17b90c6b6002a9a1

SHA1
982e48466428e1f49c1a5941c73afdacefd1d22e

SHA256
38166a975348862d693d95de8d676cf19cecccc45af4a1896c73c45f7bd966ef

SHA512
bad90152685279d896a4063d76dec5befe14831d3dd3260929b9a639505e898fa996b52aab3821a51c6c9aa09d956a23a8bdd870377a10e75c9399629cab5779

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\lib\modules

Filesize
78.9MB

MD5
026e8cf9bad4addc648a4f4bd1aabc1a

SHA1
25569f135f5c4c47f96815d4ecde277bc21718f1

SHA256
26ebe50a6f5300afcdbbc15a4760fe9b03193d684ee64ad09edde18739db5322

SHA512
49b37a7c1170b9d9f31c7e31c3f9b22f50b0feeef5077ab5dd5bbe1ff5aec0df313f84101d3e2b21faa0a5c716684db973f83367b45a8caea7a65aea22f671a4

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\lib\tzdb.dat

Filesize
104KB

MD5
2b934ee4d2245aaf987b78aba9a4f703

SHA1
d451309196d502ea0fbbad9d5d56c0a491c0d046

SHA256
5865a073e635cfd523b4bab03bc0cd62d7f66c6fef63da5b762c4d0a4e541980

SHA512
a39b7ef40ee20a23bb7de10aacaa1eaaf40652faa95ab74373ecdafb856cf742bf92af196dcce28c6a8367a95e6180301cb44e889745aa4da4c29dc6f59738e4

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\jre\lib\tzmappings

Filesize
21KB

MD5
b02ee240a8db902961fe886a19beba16

SHA1
c52c42d591f4c650b629e6b374e967e211fb5aeb

SHA256
36dc51c4bf787f640a4b45cbb84ab6954f6e595cbd3617c2f5a4e1e607b38bff

SHA512
024811961511b7182860ed03a5670f82412a45d005a1db0876f6b0c9af7e96c104566abff0ebbded11a780349444214291f439039d20fb92071c7dd24bda0e23

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\libraries\launcher\legacy-launch.jar

Filesize
8KB

MD5
39f330f06b5356f48241bb63d7556e0a

SHA1
c0c078ef1e5258452f75893655c1086366bd6281

SHA256
fd1d78c47d9b1c6568448e77ff383897346d1c2e7133ba107d007eb490fd8bd3

SHA512
237bcd5cba1590d04d4d94e31f37c07cc452e43faf3d2c8be7690e72e86e5940d08cc3f6b707ca3c9c9673335dca7c041ba11468a102b80702f850cb4a72e532

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\unins000.dat

Filesize
8KB

MD5
9698e75df609a442631a38b777f3a5f9

SHA1
ffd9147d958afbd78e71072f365864a177c076c0

SHA256
c13f8dfcf4099bdc01dcaf30a73726f3f4baf1576c7fca91a148ccddf8d4f5f1

SHA512
d7c0ec4a128199d2dda1561a9b0d236272752c10a3d5a266bcc69b63930d1a6f568fef64ceabb61d6bacb071cad95b5914377c86f049a4647de6a0fad4024f0e

Download Submit
C:\Users\Admin\AppData\Roaming\ATLauncher\unins000.exe

Filesize
3.4MB

MD5
e37f55f8db1f9cd867d84aac43cace90

SHA1
c4b25f68edcbc94168a5bd8214d73b5aebf4acfd

SHA256
e2913dce6df28b1091bbb2fabc09b1833236a2f12fbc107690866123e8609b9a

SHA512
c6f09f13432abc9a5a8c5724a244460f065899b78afd9a29dce8080ef1b6ff9351ecc23d8153c8dac86eb3fa7a314c5b1d08c57ea426eb3d6a520f56d3415a63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3844063266-715245855-4050956231-1000\83aa4cc77f591dfc2374580bbd95f6ba_fb683904-d935-4145-88dd-4a05f296c648

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
\Users\Admin\AppData\Local\Temp\jna-63116079\jna880126900327908293.dll

Filesize
248KB

MD5
4de85f9679c3a75f6d7d3e56094aa106

SHA1
052f62fb2ebec89fbe412db480865910eab693ad

SHA256
3d1b2427b45ff5178bbb4db395758bedd3a1e91121ebb3e3640b5c4e20eb22cc

SHA512
e8357eabd548ffeba42715d891b9e1ed22b7bf720f48b1888407b9ebe7a796719c60a38f4fb8bb1cf32d3c9bed210a07cc227424ef991d356ec3acef9e6223ab

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\awt.dll

Filesize
1.4MB

MD5
7601654b162c16e8a795a7c3598dbb50

SHA1
3cd1c861289c666a7a58031e659fbd40123b6eac

SHA256
bfd630722b35ea4e950b49538aba48bcd9699e7e9aa7a082b75bd8798676bbbe

SHA512
e5608c71ba9f7ab192bd6e4ab4dfd1b3fc6d484a3d276ab3a33357f1e0bc8481acb149ef913edfb1d7aa4f29e79b323219df73fb306f9ddc017d62a5135495fc

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\awt.dll

Filesize
1.4MB

MD5
7601654b162c16e8a795a7c3598dbb50

SHA1
3cd1c861289c666a7a58031e659fbd40123b6eac

SHA256
bfd630722b35ea4e950b49538aba48bcd9699e7e9aa7a082b75bd8798676bbbe

SHA512
e5608c71ba9f7ab192bd6e4ab4dfd1b3fc6d484a3d276ab3a33357f1e0bc8481acb149ef913edfb1d7aa4f29e79b323219df73fb306f9ddc017d62a5135495fc

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\java.dll

Filesize
141KB

MD5
8db218b610ba358423c344724d1a941f

SHA1
d6647539d0e2d17e871524b86e78e1decee1cdff

SHA256
cfa967dd97ac786f60130206a0532b3646b9e8e406b03ed5eb2fdc26ff51a515

SHA512
e66d969bfa2e3096bb3ba9d9c5947d8428454d700bb04887f5a0050bbc54fcd53ec9b6bf577c1d16082595e209d85acc6ca9526ca9c1c4a9c889797a549aea94

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\java.dll

Filesize
141KB

MD5
8db218b610ba358423c344724d1a941f

SHA1
d6647539d0e2d17e871524b86e78e1decee1cdff

SHA256
cfa967dd97ac786f60130206a0532b3646b9e8e406b03ed5eb2fdc26ff51a515

SHA512
e66d969bfa2e3096bb3ba9d9c5947d8428454d700bb04887f5a0050bbc54fcd53ec9b6bf577c1d16082595e209d85acc6ca9526ca9c1c4a9c889797a549aea94

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jimage.dll

Filesize
31KB

MD5
64e606ee9b478ddf035460ad9a37eb90

SHA1
d9afde93e352ddcbf532d86b91098f44e6d0180b

SHA256
d6691e39c5b3500de0bb973d3ae70f6df3168b9c74fd952a40bfd093971535ec

SHA512
b2170d8e885004cd8254fe204e047e4dd8e1d4118865a8029e35bbbff14cfc201146f01b624794f86d711150bffda04d94a2884a437ecfe1ff8023172f219657

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jimage.dll

Filesize
31KB

MD5
64e606ee9b478ddf035460ad9a37eb90

SHA1
d9afde93e352ddcbf532d86b91098f44e6d0180b

SHA256
d6691e39c5b3500de0bb973d3ae70f6df3168b9c74fd952a40bfd093971535ec

SHA512
b2170d8e885004cd8254fe204e047e4dd8e1d4118865a8029e35bbbff14cfc201146f01b624794f86d711150bffda04d94a2884a437ecfe1ff8023172f219657

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jli.dll

Filesize
84KB

MD5
ae58a62ce533eb74f51eca1e0cb7a8be

SHA1
52224ea8ad340430c1b3a4e64fae687283b96200

SHA256
da40934dbfa280faa51375043403b13f6bfcacc39adecb50cfb8988c5b2f0b3d

SHA512
7594434b81dbf23392a839a9a3aecab914f3f9075adb6ae204ac82dc9445e13dcbb7292744f0453ce2f2cbf1f5fcd2e20f1221507e38e7f21e2173653633d0fc

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jli.dll

Filesize
84KB

MD5
ae58a62ce533eb74f51eca1e0cb7a8be

SHA1
52224ea8ad340430c1b3a4e64fae687283b96200

SHA256
da40934dbfa280faa51375043403b13f6bfcacc39adecb50cfb8988c5b2f0b3d

SHA512
7594434b81dbf23392a839a9a3aecab914f3f9075adb6ae204ac82dc9445e13dcbb7292744f0453ce2f2cbf1f5fcd2e20f1221507e38e7f21e2173653633d0fc

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jsvml.dll

Filesize
847KB

MD5
a3be1db39875100c2fa26dc5d98fd127

SHA1
487bf8a8bd0f4215b57bd4d02d548753668d2001

SHA256
482d5876488d13d23ac80c2282553fa3b73c02c26a78f6651eb4b23a1db6b6af

SHA512
bb9a42522cedb31590049a35e815109abfb9eaa7039a045cdc593b61463ec6cd2f387af1bfdd139c4a4b7b75e32496e6bbdae857667cdfa32efaa6caf336f8b7

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\jsvml.dll

Filesize
847KB

MD5
a3be1db39875100c2fa26dc5d98fd127

SHA1
487bf8a8bd0f4215b57bd4d02d548753668d2001

SHA256
482d5876488d13d23ac80c2282553fa3b73c02c26a78f6651eb4b23a1db6b6af

SHA512
bb9a42522cedb31590049a35e815109abfb9eaa7039a045cdc593b61463ec6cd2f387af1bfdd139c4a4b7b75e32496e6bbdae857667cdfa32efaa6caf336f8b7

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\msvcp140.dll

Filesize
569KB

MD5
73e46e44d3a7f696717e2e90326b18b5

SHA1
d99ddba4c0f55071325ad1fb13550371a0c93bec

SHA256
22f3d034b0b557c766458dabdc86a51de6b0edb6d5f2d76158706ab4f566ec80

SHA512
dc1930cc96b31dfd95c7324706582551d1a10401428f35707ed0008c796e0c4c46c42792e9df2ccf944fbb935083c2a7609489663d7f2a1a4181bfa2f8971209

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\msvcp140.dll

Filesize
569KB

MD5
73e46e44d3a7f696717e2e90326b18b5

SHA1
d99ddba4c0f55071325ad1fb13550371a0c93bec

SHA256
22f3d034b0b557c766458dabdc86a51de6b0edb6d5f2d76158706ab4f566ec80

SHA512
dc1930cc96b31dfd95c7324706582551d1a10401428f35707ed0008c796e0c4c46c42792e9df2ccf944fbb935083c2a7609489663d7f2a1a4181bfa2f8971209

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\net.dll

Filesize
93KB

MD5
a0a4b89812b00b91603d0b615bbc0456

SHA1
0f46ce5e5313ea801656bd8ecd0ff0cdf3506d07

SHA256
6a1f7c415b8695bb738c0774c7c30a09e8694f0d5456eae095c433f4a55d31d1

SHA512
24da8854256ddd53b69cceff28fe1cea54a797343b53f32c1d0f810c33c7f61c2bfba8ece7f86dbd426df0fc79728b06d42ec700159adc35c348f743ee7b0ba5

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\net.dll

Filesize
93KB

MD5
a0a4b89812b00b91603d0b615bbc0456

SHA1
0f46ce5e5313ea801656bd8ecd0ff0cdf3506d07

SHA256
6a1f7c415b8695bb738c0774c7c30a09e8694f0d5456eae095c433f4a55d31d1

SHA512
24da8854256ddd53b69cceff28fe1cea54a797343b53f32c1d0f810c33c7f61c2bfba8ece7f86dbd426df0fc79728b06d42ec700159adc35c348f743ee7b0ba5

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\nio.dll

Filesize
76KB

MD5
b4fba10ca6196b097585a4a19c6dce59

SHA1
2327e1e4757a47f6616683b9c82f827007b28641

SHA256
b8d92eeaca767b3f343f04dd5c34f4cd6de3dba76ea4b3b86b74e38adfc82237

SHA512
87e695f336324a29db53991c4dc09e8d90ea41e621227db07bd34057a49427a2a26215010bdb12b9cd06e41a6c17ad53bb5345f67b298d84d7f896d7879a2673

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\nio.dll

Filesize
76KB

MD5
b4fba10ca6196b097585a4a19c6dce59

SHA1
2327e1e4757a47f6616683b9c82f827007b28641

SHA256
b8d92eeaca767b3f343f04dd5c34f4cd6de3dba76ea4b3b86b74e38adfc82237

SHA512
87e695f336324a29db53991c4dc09e8d90ea41e621227db07bd34057a49427a2a26215010bdb12b9cd06e41a6c17ad53bb5345f67b298d84d7f896d7879a2673

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\server\jvm.dll

Filesize
12.0MB

MD5
15094944ea4d1bb9d5674e642b90a798

SHA1
bddc93ee5be01204a8ac62311397ef244c8a6de0

SHA256
a839e39ea903d713ee3c531a73790a7c8155af4af954a030b3f1d401bd52eef2

SHA512
1bb6559ec31a2f679f92ce0833f995234be2b78c93547e0a24330ada68f524ded9b69953efb6dcf4ac7b0f4b0686fd7e4f469024003bdd54b3a50358a9e3b949

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\server\jvm.dll

Filesize
12.0MB

MD5
15094944ea4d1bb9d5674e642b90a798

SHA1
bddc93ee5be01204a8ac62311397ef244c8a6de0

SHA256
a839e39ea903d713ee3c531a73790a7c8155af4af954a030b3f1d401bd52eef2

SHA512
1bb6559ec31a2f679f92ce0833f995234be2b78c93547e0a24330ada68f524ded9b69953efb6dcf4ac7b0f4b0686fd7e4f469024003bdd54b3a50358a9e3b949

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140.dll

Filesize
91KB

MD5
216159bcaa1bfe07a06de8c3d9b8f8af

SHA1
b4324e32aa0201a6d333cac94248932f15cdbf6a

SHA256
0635a22fa6f1a42b83b060d668cc5eb93f1a79c2f88c8f15ce42bb40b5bbb57b

SHA512
9889904b676315fab69d1e0f4b6d1ed33cb8cff6fe4913c85d4ef1480694d6a50f2e4066e77b2654e97695f37ee4667e4c99fc61a983f723ea7bc84dd1f0dc85

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140.dll

Filesize
91KB

MD5
216159bcaa1bfe07a06de8c3d9b8f8af

SHA1
b4324e32aa0201a6d333cac94248932f15cdbf6a

SHA256
0635a22fa6f1a42b83b060d668cc5eb93f1a79c2f88c8f15ce42bb40b5bbb57b

SHA512
9889904b676315fab69d1e0f4b6d1ed33cb8cff6fe4913c85d4ef1480694d6a50f2e4066e77b2654e97695f37ee4667e4c99fc61a983f723ea7bc84dd1f0dc85

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140_1.dll

Filesize
35KB

MD5
05926bdac2087367dc160fb09a441753

SHA1
5b3e43cfe518aba359aaa4313b0f90b10632e390

SHA256
da7f745e0408c9ca916b3e5d82a7ec8a0697342da5d0f2769270ae9f826b3494

SHA512
5483ad289f94a8ded32142a7a0a211e62a60b7ade68f4147d0f96295279734adb973d4e56c671411cdef19bce685d413502f3e0ba1d46e2dc7894bc75067d4ca

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\vcruntime140_1.dll

Filesize
35KB

MD5
05926bdac2087367dc160fb09a441753

SHA1
5b3e43cfe518aba359aaa4313b0f90b10632e390

SHA256
da7f745e0408c9ca916b3e5d82a7ec8a0697342da5d0f2769270ae9f826b3494

SHA512
5483ad289f94a8ded32142a7a0a211e62a60b7ade68f4147d0f96295279734adb973d4e56c671411cdef19bce685d413502f3e0ba1d46e2dc7894bc75067d4ca

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\verify.dll

Filesize
51KB

MD5
83b83aacf368ef0c46174df3aed4923b

SHA1
1aabdfdefae6dedf7d158d7f9fb6c96b8005658c

SHA256
17747efcfa8dc8956f3d06125bcb97244d34e0515f488799597b13c830c0b38e

SHA512
ebf18d829865265b12d92ea55ab48ef84bc48fd33425d6fe7796778f77323d8d8882dad5e9dfd56d02671ceb2bfd453bc938447ce22f17e15a63f7b2179fc072

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\verify.dll

Filesize
51KB

MD5
83b83aacf368ef0c46174df3aed4923b

SHA1
1aabdfdefae6dedf7d158d7f9fb6c96b8005658c

SHA256
17747efcfa8dc8956f3d06125bcb97244d34e0515f488799597b13c830c0b38e

SHA512
ebf18d829865265b12d92ea55ab48ef84bc48fd33425d6fe7796778f77323d8d8882dad5e9dfd56d02671ceb2bfd453bc938447ce22f17e15a63f7b2179fc072

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\zip.dll

Filesize
82KB

MD5
5880b1424a81ecd34cbab80e01e37a09

SHA1
971561b636467abafc8aa51b262affb875856f13

SHA256
8c6e952832fc476633906452c555d7ca6264e385adbf22f8e40f5b10c76a2c37

SHA512
44bb42ebdee8be64b7bff02ec7f1cda408f192e7ba5dd8deac4ed1c84b914b6fa19572376ba73c03388de9a023c31a8b8f695a119b40ddf2c19e30c67c61a60b

Download Submit
\Users\Admin\AppData\Roaming\ATLauncher\jre\bin\zip.dll

Filesize
82KB

MD5
5880b1424a81ecd34cbab80e01e37a09

SHA1
971561b636467abafc8aa51b262affb875856f13

SHA256
8c6e952832fc476633906452c555d7ca6264e385adbf22f8e40f5b10c76a2c37

SHA512
44bb42ebdee8be64b7bff02ec7f1cda408f192e7ba5dd8deac4ed1c84b914b6fa19572376ba73c03388de9a023c31a8b8f695a119b40ddf2c19e30c67c61a60b

Download Submit
memory/920-556-0x000001DDCC650000-0x000001DDCD650000-memory.dmp

Filesize
16.0MB

Download
memory/920-557-0x000001DDCC650000-0x000001DDCD650000-memory.dmp

Filesize
16.0MB

Download
memory/920-558-0x000001DDCC650000-0x000001DDCD650000-memory.dmp

Filesize
16.0MB

Download
memory/920-574-0x000001DDCC650000-0x000001DDCD650000-memory.dmp

Filesize
16.0MB

Download
memory/920-576-0x000001DDCC650000-0x000001DDCD650000-memory.dmp

Filesize
16.0MB

Download
memory/920-639-0x000001DDCC650000-0x000001DDCD650000-memory.dmp

Filesize
16.0MB

Download
memory/1760-411-0x000001E1AB6A0000-0x000001E1AC6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1760-398-0x000001E1AB6A0000-0x000001E1AC6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1760-426-0x000001E1AB6A0000-0x000001E1AC6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1760-390-0x000001E1AB6A0000-0x000001E1AC6A0000-memory.dmp

Filesize
16.0MB

Download
memory/1760-502-0x000001E1AB6A0000-0x000001E1AC6A0000-memory.dmp

Filesize
16.0MB

Download
memory/3648-177-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-175-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-172-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-170-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-168-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-173-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-167-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-166-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-165-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-164-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-174-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-176-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-178-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-181-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-179-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-182-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/3648-180-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4124-444-0x00000000027F0000-0x00000000037F0000-memory.dmp

Filesize
16.0MB

Download
memory/4124-503-0x00000000027F0000-0x00000000037F0000-memory.dmp

Filesize
16.0MB

Download
memory/4404-143-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-129-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-148-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-147-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-145-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-146-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-144-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-116-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-142-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-150-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-151-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-115-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-152-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-141-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-140-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-139-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-138-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-137-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-136-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-135-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-134-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-133-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-153-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-154-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-132-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-131-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-130-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-149-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-155-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-128-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-127-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-232-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4404-126-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-125-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-124-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-123-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-156-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-354-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4404-117-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-169-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4404-118-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-157-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/4404-159-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-122-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-121-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-120-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-119-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-160-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4404-161-0x0000000077110000-0x000000007729E000-memory.dmp

Filesize
1.6MB

Download
memory/4948-500-0x0000012E9E510000-0x0000012E9F510000-memory.dmp

Filesize
16.0MB

Download
memory/4948-496-0x0000012E9E510000-0x0000012E9F510000-memory.dmp

Filesize
16.0MB

Download
memory/4948-492-0x0000012E9E510000-0x0000012E9F510000-memory.dmp

Filesize
16.0MB

Download
memory/4948-466-0x0000012E9E510000-0x0000012E9F510000-memory.dmp

Filesize
16.0MB

Download