7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3

Resubmissions

06/02/2023, 17:52

230206-wfpg2sad51 8

06/02/2023, 17:50

230206-wewvqsfb64 7

Analysis

max time kernel
105s
max time network
162s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
06/02/2023, 17:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.871-Installer-1.0.6.exe
Size

23.7MB
MD5

49fb0f13cdb8d7cad1487889b6becced
SHA1

b71d98ec45e6f7314f0e33106485beef99b2ee7c
SHA256

7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3
SHA512

639fa23294556bf77080d420e7e1b5b7c07a8b1e93897c36a4f8e398c1c58de9b91636420102e68f6957c768793797728664e32dc38aa68315746882b4ebe1d9
SSDEEP

393216:XX921sp/n85Pfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyV5:XN8s18hHExiTI3qqHp6zvKcfyV5

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
4152	irsetup.exe
4496	AdditionalExecuteTL.exe
1808	irsetup.exe
4780	TLauncher.exe
3604	TLauncher.exe
1832	TLauncher.exe

Loads dropped DLL 4 IoCs

pid	Process
4152	irsetup.exe
4152	irsetup.exe
4152	irsetup.exe
1808	irsetup.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b00000001ac14-176.dat	upx
behavioral1/files/0x000b00000001ac14-168.dat	upx
behavioral1/memory/4152-230-0x0000000000280000-0x0000000000668000-memory.dmp	upx
behavioral1/memory/4152-297-0x0000000000280000-0x0000000000668000-memory.dmp	upx
behavioral1/files/0x0002000000015596-359.dat	upx
behavioral1/files/0x0002000000015596-367.dat	upx
behavioral1/memory/1808-418-0x0000000000C60000-0x0000000001048000-memory.dmp	upx
behavioral1/memory/1808-456-0x0000000000C60000-0x0000000001048000-memory.dmp	upx
behavioral1/memory/4152-480-0x0000000000280000-0x0000000000668000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
4152	irsetup.exe
4152	irsetup.exe
4152	irsetup.exe
4152	irsetup.exe
4152	irsetup.exe
4152	irsetup.exe
4152	irsetup.exe
4496	AdditionalExecuteTL.exe
1808	irsetup.exe
1808	irsetup.exe
1808	irsetup.exe
4780	TLauncher.exe
3508	javaw.exe
3508	javaw.exe
4356	javaw.exe
1076	javaw.exe
4356	javaw.exe
1076	javaw.exe
4356	javaw.exe
4356	javaw.exe
1076	javaw.exe
1076	javaw.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 4152	1700	TLauncher-2.871-Installer-1.0.6.exe	66
PID 1700 wrote to memory of 4152	1700	TLauncher-2.871-Installer-1.0.6.exe	66
PID 1700 wrote to memory of 4152	1700	TLauncher-2.871-Installer-1.0.6.exe	66
PID 4152 wrote to memory of 4496	4152	irsetup.exe	69
PID 4152 wrote to memory of 4496	4152	irsetup.exe	69
PID 4152 wrote to memory of 4496	4152	irsetup.exe	69
PID 4496 wrote to memory of 1808	4496	AdditionalExecuteTL.exe	70
PID 4496 wrote to memory of 1808	4496	AdditionalExecuteTL.exe	70
PID 4496 wrote to memory of 1808	4496	AdditionalExecuteTL.exe	70
PID 4152 wrote to memory of 4780	4152	irsetup.exe	73
PID 4152 wrote to memory of 4780	4152	irsetup.exe	73
PID 4152 wrote to memory of 4780	4152	irsetup.exe	73
PID 4780 wrote to memory of 3508	4780	TLauncher.exe	74
PID 4780 wrote to memory of 3508	4780	TLauncher.exe	74
PID 3604 wrote to memory of 4356	3604	TLauncher.exe	77
PID 3604 wrote to memory of 4356	3604	TLauncher.exe	77
PID 1832 wrote to memory of 1076	1832	TLauncher.exe	78
PID 1832 wrote to memory of 1076	1832	TLauncher.exe	78

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe" "__IRCT:3" "__IRTSS:24870711" "__IRSID:S-1-5-21-1099808672-3828198950-1535142148-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-1099808672-3828198950-1535142148-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1808
- - C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4780
  - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
      4⤵
      Drops file in Program Files directory
      Suspicious use of SetWindowsHookEx
      PID:3508

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1076

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
2df15fe4ce20d1f72cd8feeb3c62d2ac

SHA1
857304dbb1580f332208abdbfcf3fdbabb141b74

SHA256
6642e255f022e6ad141176e9d564083531035ee2e5296828489d9b6939943d2b

SHA512
67249e8023699dc97b30c530ceeab9c38dd68cd5265294aa7db287dcaf7bdc37ca83100142ac80f264fba61f8babb1495fe538f6c655766b3da283ee53fe875d

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
b26a90293c0c3e9a383268cc198b981f

SHA1
b05504d7db192e3cbbcdd85bb413858f299187c8

SHA256
f1da186e1571994552c67cfb8697e06c413bd358e795ac0b3639421ff8a48479

SHA512
762d72abfa7f923bf08899407141185406ebdf9ec3e2bc25024aca6d7dde3c60adae0379f7122bea7a2ae9f5970fda7cbe690c14bda9d752e0423d1081286ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
649B

MD5
3ff1a06d9faebe979a1e5518298ea452

SHA1
b4b3724523abf4c2806ee458bfa593b06249ab8e

SHA256
50bae97af892c134282f527b4a4a554ca8120b3701d5f1768a2df1ec5334e95d

SHA512
47b1a25c237d5e05bacbeacdf20ee1b5c23eb3676bb904f6a1ed18621f2cfb834274655b6ade42837eb508c9cd7c679bc2580b8ca42aae716968237d69b45635

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt

Filesize
13B

MD5
32c444a091c530f6387a8d15be7788ef

SHA1
b6c9e30285e6f1c367b6cae4cb38b3ab9dc7d3e4

SHA256
bfb736d494e894b976f0badb79ffd620a86dfa9d37a6047ce67cba49ed699fb9

SHA512
bf6f839e82908a8d3efc34f41ae029354a2fe26c35b2e37ef224094b8498e3349b9559f037a7125c38ef488b8bd474e7bf6e2b431de024414d63db4eb3953288

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

Filesize
51B

MD5
8c43c32537e55418480a528da01bae44

SHA1
abe63ecc3956727e58936c188050b03da1318510

SHA256
48cb36df37796535da8c1a885af57846647148343ac7cbb5cd9e1660d6562b6d

SHA512
44f988e15e125a5f8fe2e5c590c4a47da04af6a35ffdbc47131da4a6808c7265dafb6ee6a34d68023798a225dce62cdb39d273e261709d1484a2cb6c84e13670

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
memory/1076-655-0x0000000003240000-0x0000000004240000-memory.dmp

Filesize
16.0MB

Download
memory/1076-659-0x0000000003240000-0x0000000004240000-memory.dmp

Filesize
16.0MB

Download
memory/1076-652-0x0000000003240000-0x0000000004240000-memory.dmp

Filesize
16.0MB

Download
memory/1076-665-0x0000000003240000-0x0000000004240000-memory.dmp

Filesize
16.0MB

Download
memory/1700-143-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-164-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-144-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-145-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-146-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-147-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-148-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-149-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-150-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-151-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-152-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-153-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-154-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-155-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-156-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-157-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-158-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-159-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-160-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-161-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-163-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-166-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-117-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-118-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-119-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-120-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-121-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-122-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-123-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-124-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-125-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-126-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-142-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-127-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-128-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-129-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-141-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-130-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-140-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-139-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-165-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-116-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-162-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-131-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-138-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-132-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-133-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-134-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-135-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-136-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1700-137-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/1808-418-0x0000000000C60000-0x0000000001048000-memory.dmp

Filesize
3.9MB

Download
memory/1808-456-0x0000000000C60000-0x0000000001048000-memory.dmp

Filesize
3.9MB

Download
memory/3508-636-0x00000000031C0000-0x00000000041C0000-memory.dmp

Filesize
16.0MB

Download
memory/3508-605-0x00000000031C0000-0x00000000041C0000-memory.dmp

Filesize
16.0MB

Download
memory/3508-511-0x00000000031C0000-0x00000000041C0000-memory.dmp

Filesize
16.0MB

Download
memory/4152-297-0x0000000000280000-0x0000000000668000-memory.dmp

Filesize
3.9MB

Download
memory/4152-230-0x0000000000280000-0x0000000000668000-memory.dmp

Filesize
3.9MB

Download
memory/4152-170-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-169-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-172-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-480-0x0000000000280000-0x0000000000668000-memory.dmp

Filesize
3.9MB

Download
memory/4152-240-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4152-245-0x0000000004DD0000-0x0000000005DD4000-memory.dmp

Filesize
16.0MB

Download
memory/4152-174-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-177-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-178-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-171-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-173-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-180-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-182-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-181-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-298-0x0000000004DD0000-0x0000000005DD4000-memory.dmp

Filesize
16.0MB

Download
memory/4152-179-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4152-175-0x0000000077C40000-0x0000000077DCE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-647-0x0000000002C10000-0x0000000003C10000-memory.dmp

Filesize
16.0MB

Download
memory/4356-653-0x0000000002C10000-0x0000000003C10000-memory.dmp

Filesize
16.0MB

Download
memory/4356-662-0x0000000002C10000-0x0000000003C10000-memory.dmp

Filesize
16.0MB

Download