122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb

Analysis

max time kernel
132s
max time network
124s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01/07/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LauncherFenix-Minecraft-v7.exe
Size

397KB
MD5

d99bb55b57712065bc88be297c1da38c
SHA1

fb6662dd31e8e5be380fbd7a33a50a45953fe1e7
SHA256

122bfbb9f67e355340991deeacb167be9c12ad726b5a7c5779448dd0cc4af0cb
SHA512

3eb5d57faea4c0146c2af40102deaac18235b379f5e81fe35a977b642e3edf70704c8cedd835e94f27b04c8413968f7469fccf82c1c9339066d38d3387c71b17
SSDEEP

3072:puzvch1rugYc4wqYSRR756K7ItBjgXHUYCnlK:Wch1aIqYSRVM+unlK

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
3024	javaw.exe
3024	javaw.exe
3024	javaw.exe
3024	javaw.exe
3024	javaw.exe
3024	javaw.exe
3024	javaw.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
488	icacls.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{95397255-6692-4F65-8952-4759B7F40EB0}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{3A0EF507-DB3D-4052-805D-2010DE444EAD}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{EB813424-5D8E-403D-88F2-573220471BB7}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{154BD1A2-8096-4975-9343-F652665D5BB6}	svchost.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4200	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1084	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1084	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4064	javaw.exe
4064	javaw.exe
4200	OpenWith.exe
4064	javaw.exe
4064	javaw.exe
3024	javaw.exe
3024	javaw.exe
4168	OpenWith.exe
3024	javaw.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 4064	1976	LauncherFenix-Minecraft-v7.exe	76
PID 1976 wrote to memory of 4064	1976	LauncherFenix-Minecraft-v7.exe	76
PID 4064 wrote to memory of 488	4064	javaw.exe	77
PID 4064 wrote to memory of 488	4064	javaw.exe	77
PID 4064 wrote to memory of 3024	4064	javaw.exe	83
PID 4064 wrote to memory of 3024	4064	javaw.exe	83

C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\LauncherFenix-Minecraft-v7.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:488
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xmx1G -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -XX:+IgnoreUnrecognizedVMOptions -Dorg.lwjgl.opengl.Display.allowSoftwareOpenGL=true -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0-natives-523586293050 -Dminecraft.launcher.brand=minecraft-launcher -Dminecraft.launcher.version=2.1.5964 -Dminecraft.client.jar=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0.jar -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\laulib\1.0\laulib-1.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\minecraft\launchwrapper\1.5\launchwrapper-1.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\4.5\jopt-simple-4.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\ow2\asm\asm-all\4.1\asm-all-4.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5\jinput-2.0.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0\jutils-1.0.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl\2.9.0\lwjgl-2.9.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util\2.9.0\lwjgl_util-2.9.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0.jar net.minecraft.launchwrapper.Launch aa= accessToken --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets\virtual\pre-1.6
    3⤵
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3024

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:2944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
25406ea0e842f45771564d1018a6dc74

SHA1
c6fc1f5feb802b302e432ce4cd834336f496abaa

SHA256
f6d9300c54f121ca6dcd8b3455379d197a5361152cd19464c26d4baf41e5306b

SHA512
6e8a8bec322d968881eebb7bd708640c8ff0c29b19b6be902ac76bd5574fdbe9237e1dbf69b89c3d623c5f295b16e59539a25c2c54cdbe912250d52d28e17b42

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcherfenix.jar

Filesize
500KB

MD5
84591cf8bbe4b94d5a83b2cdd605d4b5

SHA1
85f1dbf03d2b4c52e067849b93c3f4c7ec284886

SHA256
b8c2bf47cb70a77582c302284554ecd4a29f9ee55c09fc2193b3ba942d5884ae

SHA512
31ff3523bedc87efd5040c46fdaff325c29fa109a912b729c81660c0737505e9dbd2f9bc0a443bfce12ede2569d023cc1f56f6bea0943a669f4f85e0f420830d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\laulib\1.0\laulib-1.0.jar

Filesize
18KB

MD5
40a068ea8b5c76f0874cd3caa60c5dff

SHA1
02856721bdc3dcb3b2cd2f89d7dee1a3342f6bd2

SHA256
e26e5f69c9eddb72a279022083d46d67bb98d0430eb45edecb77f1f1d23f0da7

SHA512
64e5e20068d1ac3a49ab269b490e80d8f25c8974de7e337810c8dacdd9d36eb751136430c5e848ca0dab1113376c407862e9c55cbdb3f50d406b9bb36ad9d592

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput-platform\2.0.5\jinput-platform-2.0.5-natives-windows.jar

Filesize
151KB

MD5
b168b014be0186d9e95bf3d263e3a129

SHA1
385ee093e01f587f30ee1c8a2ee7d408fd732e16

SHA256
24afbd5e1fab17da57d16a4d3f19d53f36155ef46a9976484201a4bb9722287f

SHA512
e8dd2c73c97cb0ec065acb3973a89cacf742005d60eca5f68edfd5306a23c4a6be8dd8deb4f7ff870075f75d79fff9a87c2aaee980ef7b4da764bcb822257dfe

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5\jinput-2.0.5.jar

Filesize
203KB

MD5
cc07d371f79dc4ed2239e1101ae06313

SHA1
39c7796b469a600f72380316f6b1f11db6c2c7c4

SHA256
79b5a4f5829e1a49a415711f7fb8eb5b9ad22defa72929fda2da96ec30d3f018

SHA512
d75e3e35844ce41515fd25f34f9cc2228c5b94e479894dc832e07c78f70cb0d83819c7d574d01bbd0363e9387c9ac15f43a1171a8bd75b783aa5c856b492d24c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0\jutils-1.0.0.jar

Filesize
7KB

MD5
f60976b19661c849c5c87433045a9885

SHA1
e12fe1fda814bd348c1579329c86943d2cd3c6a6

SHA256
c3334ff39cf0ab3b54925619101054c90098b7c733b1e7834c7b75e4c41e84a5

SHA512
39cdb29204df770b84ecd5d0041d8cf662c25bd16ef1e7d8257704a1ed3355cc3bb554b99d1fa2e8f0b5d99973201d344ab6cef04cacf98cd041f93a66e36bec

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\minecraft\launchwrapper\1.5\launchwrapper-1.5.jar

Filesize
27KB

MD5
a211ab7001fca1bc2b534a0a5847aed6

SHA1
5150b9c2951f0fde987ce9c33496e26add1de224

SHA256
c9fa09f5815f1d8ce5b7d59a53168b9a1b0ab9663e43b2440311391df7a78d52

SHA512
51f8b43475e328c6e4b447fee2fd4a454a7565ec939891c6d7571a365f623d246d2f31453cdd238d46a7f4a7bd4d89b3d9389ab8083aee54804e66849e00ea66

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\4.5\jopt-simple-4.5.jar

Filesize
59KB

MD5
1372bd4823bb1ef61e7db6724f601150

SHA1
6065cc95c661255349c1d0756657be17c29a4fd3

SHA256
64335a48be6b142a7d0c13ec5c82a707857aa58c0234e6eda3eaca0e96eea51b

SHA512
eda5b875f357116ee1c3b72ad2bd48d1b40b504a19c1ed8f2e93e42e7f688df7dada366a8e1b4df1853ad8601ca0aa74de52836ab993af3380c3c1d5e0df8b77

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl\2.9.0\lwjgl-2.9.0.jar

Filesize
971KB

MD5
ce74486a7687ad7ea91dcc1fcd6977b8

SHA1
5654d06e61a1bba7ae1e7f5233e1106be64c91cd

SHA256
c5fb453896fb511a7f949090795c79773f6d6c92e4d13d1f3100f4b2e331471a

SHA512
3f26ae61b13accee5f3ddc37645e77c9f6a5531f5ec94f16ea830d7465d0f8e3ff34ecef80f0f24f7205b8b70b5c61bf21c2ca4b402b0065da31bd7945a67599

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util\2.9.0\lwjgl_util-2.9.0.jar

Filesize
169KB

MD5
6a0eeaf3451ed9646b7d61a9dd8b86cc

SHA1
a778846b64008fc7f48ead2377f034e547991699

SHA256
474c2ca620f4147c72db9fa582993688d3c9bca5aed9d9e937ec4fa89b3c2fad

SHA512
5cb809256b24d2909e489f5582fbabaacb3c1de4c4b12f1d72e0bde63883fc6bf78b9b821bd205b96f85501d22667e2fe73ab0c73953ff3d2e540a842f2260a4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\ow2\asm\asm-all\4.1\asm-all-4.1.jar

Filesize
209KB

MD5
d21c2a06a4e6b175aa01e328f38a1182

SHA1
054986e962b88d8660ae4566475658469595ef58

SHA256
165b583b0b548405dd97019666f94a86ee1d1e3af227ae4dc82c6e27d6885bb1

SHA512
ae18015a48059d84200842dc68a6ee00e15870997db5fc446316461deaa9f78a985e216a5c57a7ece37d302c1c6e25028a4c67b6ae43f80e9343d85ebcb72875

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\saves\New World\level.dat

Filesize
491B

MD5
b4d940efa53a5181833e497d2ffe8c7d

SHA1
797e4211a8f9f2411513fdf7ebeb8c11ea204c8c

SHA256
942bf50c491cb7a15b5f47f1ecbecfb3278b60908f0f136133ba070c9337ffc0

SHA512
2b58920edac9672bf03bd82984a09b837bb5af9d5f42a63b23538fc4e4405c72013e4730428257e711c2cf324c163f2710ab0aeef1fc4850ce2dde13f9e9c0c5

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\saves\New World\session.lock

Filesize
8B

MD5
c98f65e1dd9200d392b439a1783bfd14

SHA1
842ee57e86ac595e1d28af4784be12e1f901a962

SHA256
57072eae2a3a5ad82e5e36724d936dcd0c3ae86406646812475a7db468e3846c

SHA512
14bf3e2a0d497a14502680b6a532816c4f4313917715797de5837c002b0eb1bea46148b417a3603ea79a170cbf5356985b5e86ad6ae2037bbf4e949b006a329d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\stats\stats_aa=_unsent.dat

Filesize
174B

MD5
869ea62dda19c9b4e537e251feb1d7cf

SHA1
a8e5ad279f3c5f0cad05ac77e0776dcc7ba2a0fe

SHA256
0b564bb0bdfa9ab3bec79851904e15bb47a1f0060743b59ee2f75513015c575e

SHA512
de286645e5719c7de82339d4828998310126ba8ea5e40152638d7b1c53a41ebca3b856bb57da28d3f50a44684f26ce6c5e22a9a2fbe30ff3c9309f0725c52c7b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\stats\stats_aa=_unsent.dat

Filesize
141B

MD5
2a25b8a84e0bc8b5443c9b342ab1ae78

SHA1
c3d3e9884fd845e65e144589f0100c83ea96ae1c

SHA256
47000f7e936c9ad69f5279d8b23338555bd22856110d4e2231bf9927472181b1

SHA512
2bcd7680903187d1a3cb5a5103f16d7e3814fe8177119e361814dadc91fcb8c509fa48f465320bf3825c9582f2a1e7880d168cb1a0103c7d16a5bc74bc770226

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0-natives-523586293050\OpenAL64.dll

Filesize
373KB

MD5
89021c218a3f6feb807a664f852ffbd3

SHA1
97362fba53dfb6d9581b8c64829f4b1d98a97855

SHA256
9261b66010a845ddef9f61d5e4266fe2f08a53f3605da002e9e8f8d202bdbc5e

SHA512
e511c707c4453016cdeefcbc863fbf2750ad9cda12ad31f27369d5a396f9c98d9ef37fafb4030c683f17b1e2cdcfce924015fe49dd6652c3060bb0ba77ea3064

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0-natives-523586293050\jinput-dx8_64.dll

Filesize
63KB

MD5
90cab52fca89e7d233741c0439dc2005

SHA1
5d9a7d3fb6224dab97aaff7bd9430232732d9be8

SHA256
a38cb458b9e5a246d7418f38ac04430c2e5a3f46b082955d6dfd5d2bd74f4222

SHA512
041ca3aa3d6560f207d841c8af1939e4e93538fe4f34d74fb9eee003733d98783914c6cbe45022c483a6cfb54f0e4f25013f67851d9ae6e9ea6a8cc158d28936

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0-natives-523586293050\jinput-raw_64.dll

Filesize
61KB

MD5
ffc85e4a631d90112aee8e213cd367cd

SHA1
067c11135f9ebeb554d5f80b7a8a5244c0f3b7d7

SHA256
832308f96b1760f2ebc183d1a1771278bb3236e4567dd7a23e1eaecf95f9c03c

SHA512
376393d9351ad2317bdff831df012ef993039c6bcb0616dec3c91ff1b13568a6f04c3bc8a0f9888aabafa7182513fe5f7fe5fe1fca7f14f64b58414e02bd8c48

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0-natives-523586293050\lwjgl64.dll

Filesize
299KB

MD5
a741a804ffb206f8a8d9400e31db45b6

SHA1
6ab904165045eee2e0a6609122bc29ddc2446b07

SHA256
86a8e4555d3614e7ed5a24beda921396ceb9e41dbf2508d713a3d26b928862b7

SHA512
6e19383e30cf786d43573d72feccf0c3e778742090ff281b45e6c8a8e8e87dd5e0aa868fd5c103c789511dd4f2e28460db59d6b11e2ae873587b6114f838b8e3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.0\1.0.jar

Filesize
2.3MB

MD5
3820d222b95d0b8c520d9596a756a6e6

SHA1
b679fea27f2284836202e9365e13a82552092e5d

SHA256
136e3dd54454e96175badf50bee2cdebdab9e7d66fee4fd6d135f39ead99eb58

SHA512
070b0a9a1811a14e82efb664310ed8b2bc431d3a1cfaeb86170e848951e19c015db8c00034da9f90f8a4eda40786efa7c9543f7e5cdd18c6d2c51ef00dd5a9b7

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1976-17-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4064-2-0x000001455B420000-0x000001455B690000-memory.dmp

Filesize
2.4MB

Download
memory/4064-64-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-129-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-111-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-757-0x000001455B420000-0x000001455B690000-memory.dmp

Filesize
2.4MB

Download
memory/4064-85-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-71-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-124-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-59-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-44-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-21-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-120-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-117-0x0000014559B70000-0x0000014559B71000-memory.dmp

Filesize
4KB

Download
memory/4064-2504-0x000001455B420000-0x000001455B690000-memory.dmp

Filesize
2.4MB

Download