86db92b4b09d64de6f0eb86d61be4f7c8059238595572cc5f78adc172aca10f2

Analysis

max time kernel
151s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FLauncherSetup-0.0.36.exe
Size

80.0MB
MD5

fdcf3751d1ae810362b28cae5574b999
SHA1

aed288df4a6363445e89e93ff01497e253c13a4a
SHA256

86db92b4b09d64de6f0eb86d61be4f7c8059238595572cc5f78adc172aca10f2
SHA512

838906b17268628eccb66f29e2f5ad6f6a1af5ac9c34e690800a6f21816d543e860274ce0fbd9ef01ebc873bf19174668e143d2c6872ed48cf170c8bce9c96f2
SSDEEP

1572864:SbOtYWWsd13kVErJUVH4G9/Yrg79hjUINEi74J091JoOSQxbI/:M4Yns38E1C9/+chKe4J0/JoO9b

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
4084	Update.exe
2668	FLauncher.exe
4396	Update.exe
3252	FLauncher.exe
1208	FLauncher.exe
3828	FLauncher.exe
4064	Update.exe
1568	FLauncher.exe
3408	FLauncher.exe
2928	FLauncher.exe
3560	FLauncher.exe
1464	FLauncher.exe

Loads dropped DLL 16 IoCs

pid	Process
2668	FLauncher.exe
3252	FLauncher.exe
3252	FLauncher.exe
3252	FLauncher.exe
3252	FLauncher.exe
1208	FLauncher.exe
3828	FLauncher.exe
1568	FLauncher.exe
3408	FLauncher.exe
1568	FLauncher.exe
1568	FLauncher.exe
1568	FLauncher.exe
2928	FLauncher.exe
3560	FLauncher.exe
3420	java.exe
1464	FLauncher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	FLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	FLauncher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	FLauncher.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1208	FLauncher.exe
1208	FLauncher.exe
4084	Update.exe
4084	Update.exe
3408	FLauncher.exe
3408	FLauncher.exe
2928	FLauncher.exe
2928	FLauncher.exe
3560	FLauncher.exe
3560	FLauncher.exe
1464	FLauncher.exe
1464	FLauncher.exe
1464	FLauncher.exe
1464	FLauncher.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4084	Update.exe
Token: SeDebugPrivilege	4064	Update.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4084	Update.exe
3828	FLauncher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 4084	4572	FLauncherSetup-0.0.36.exe	82
PID 4572 wrote to memory of 4084	4572	FLauncherSetup-0.0.36.exe	82
PID 4572 wrote to memory of 4084	4572	FLauncherSetup-0.0.36.exe	82
PID 4084 wrote to memory of 2668	4084	Update.exe	83
PID 4084 wrote to memory of 2668	4084	Update.exe	83
PID 4084 wrote to memory of 2668	4084	Update.exe	83
PID 2668 wrote to memory of 4396	2668	FLauncher.exe	84
PID 2668 wrote to memory of 4396	2668	FLauncher.exe	84
PID 2668 wrote to memory of 4396	2668	FLauncher.exe	84
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 3252	2668	FLauncher.exe	85
PID 2668 wrote to memory of 1208	2668	FLauncher.exe	86
PID 2668 wrote to memory of 1208	2668	FLauncher.exe	86
PID 2668 wrote to memory of 1208	2668	FLauncher.exe	86
PID 4084 wrote to memory of 3828	4084	Update.exe	89
PID 4084 wrote to memory of 3828	4084	Update.exe	89
PID 4084 wrote to memory of 3828	4084	Update.exe	89
PID 3828 wrote to memory of 4064	3828	FLauncher.exe	90
PID 3828 wrote to memory of 4064	3828	FLauncher.exe	90
PID 3828 wrote to memory of 4064	3828	FLauncher.exe	90
PID 3828 wrote to memory of 1568	3828	FLauncher.exe	91
PID 3828 wrote to memory of 1568	3828	FLauncher.exe	91
PID 3828 wrote to memory of 1568	3828	FLauncher.exe	91
PID 3828 wrote to memory of 1568	3828	FLauncher.exe	91
PID 3828 wrote to memory of 1568	3828	FLauncher.exe	91

C:\Users\Admin\AppData\Local\Temp\FLauncherSetup-0.0.36.exe
"C:\Users\Admin\AppData\Local\Temp\FLauncherSetup-0.0.36.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
    "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --squirrel-install 0.0.36
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\flauncher\Update.exe
      C:\Users\Admin\AppData\Local\flauncher\Update.exe --createShortcut=FLauncher.exe
      4⤵
      Executes dropped EXE
      PID:4396
  - - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
      "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --type=gpu-process --field-trial-handle=1652,3556505544439125036,1765605964093638551,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\FLauncher" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3252
  - - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
      "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1652,3556505544439125036,1765605964093638551,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\FLauncher" --mojo-platform-channel-handle=1984 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1208
- - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
    "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3828
  - - C:\Users\Admin\AppData\Local\flauncher\Update.exe
      C:\Users\Admin\AppData\Local\flauncher\Update.exe --checkForUpdate https://dl.flauncher.ru/dist/
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4064
  - - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
      "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --type=gpu-process --field-trial-handle=1724,15014295732604405083,16964987277829620072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\FLauncher" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1568
  - - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
      "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,15014295732604405083,16964987277829620072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\FLauncher" --mojo-platform-channel-handle=2164 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3408
  - - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
      "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\FLauncher" --app-user-model-id=com.squirrel.flauncher.FLauncher --app-path="C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1724,15014295732604405083,16964987277829620072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:2928
  - - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
      "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\FLauncher" --app-user-model-id=com.squirrel.flauncher.FLauncher --app-path="C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1724,15014295732604405083,16964987277829620072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1184 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3560
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "java -version"
        5⤵
        
        PID:7024
      - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
        
        java -version
        6⤵
        
        PID:7072
    - - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
        
        java -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Xmx2048M -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M -Djava.library.path=C:\Users\Admin\.flauncher\clients\vanilla\natives -Duser.home=C:\Users\Admin\.flauncher\clients\vanilla\minecraft -Dlog4j2.formatMsgNoLookups=true -cp C:\Users\Admin\.flauncher\libraries\com\mojang\netty\1.8.8\netty-1.8.8.jar;C:\Users\Admin\.flauncher\libraries\oshi-project\oshi-core\1.1\oshi-core-1.1.jar;C:\Users\Admin\.flauncher\libraries\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar;C:\Users\Admin\.flauncher\libraries\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar;C:\Users\Admin\.flauncher\libraries\com\ibm\icu\icu4j-core-mojang\51.2\icu4j-core-mojang-51.2.jar;C:\Users\Admin\.flauncher\libraries\net\sf\jopt-simple\jopt-simple\4.6\jopt-simple-4.6.jar;C:\Users\Admin\.flauncher\libraries\com\paulscode\codecjorbis\20101023\codecjorbis-20101023.jar;C:\Users\Admin\.flauncher\libraries\com\paulscode\codecwav\20101023\codecwav-20101023.jar;C:\Users\Admin\.flauncher\libraries\com\paulscode\libraryjavasound\20101123\libraryjavasound-20101123.jar;C:\Users\Admin\.flauncher\libraries\com\paulscode\librarylwjglopenal\20100824\librarylwjglopenal-20100824.jar;C:\Users\Admin\.flauncher\libraries\com\paulscode\soundsystem\20120107\soundsystem-20120107.jar;C:\Users\Admin\.flauncher\libraries\io\netty\netty-all\4.0.23.Final\netty-all-4.0.23.Final.jar;C:\Users\Admin\.flauncher\libraries\com\google\guava\guava\17.0\guava-17.0.jar;C:\Users\Admin\.flauncher\libraries\org\apache\commons\commons-lang3\3.3.2\commons-lang3-3.3.2.jar;C:\Users\Admin\.flauncher\libraries\commons-io\commons-io\2.4\commons-io-2.4.jar;C:\Users\Admin\.flauncher\libraries\commons-codec\commons-codec\1.9\commons-codec-1.9.jar;C:\Users\Admin\.flauncher\libraries\net\java\jinput\jinput\2.0.5\jinput-2.0.5.jar;C:\Users\Admin\.flauncher\libraries\net\java\jutils\jutils\1.0.0\jutils-1.0.0.jar;C:\Users\Admin\.flauncher\libraries\com\google\code\gson\gson\2.2.4\gson-2.2.4.jar;C:\Users\Admin\.flauncher\libraries\com\mojang\authlib\1.5.21\authlib-1.5.21.jar;C:\Users\Admin\.flauncher\libraries\com\mojang\realms\1.7.59\realms-1.7.59.jar;C:\Users\Admin\.flauncher\libraries\org\apache\commons\commons-compress\1.8.1\commons-compress-1.8.1.jar;C:\Users\Admin\.flauncher\libraries\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar;C:\Users\Admin\.flauncher\libraries\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar;C:\Users\Admin\.flauncher\libraries\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar;C:\Users\Admin\.flauncher\libraries\org\apache\logging\log4j\log4j-api\2.0-beta9\log4j-api-2.0-beta9.jar;C:\Users\Admin\.flauncher\libraries\org\apache\logging\log4j\log4j-core\2.0-beta9\log4j-core-2.0-beta9.jar;C:\Users\Admin\.flauncher\libraries\org\lwjgl\lwjgl\lwjgl\2.9.4-nightly-20150209\lwjgl-2.9.4-nightly-20150209.jar;C:\Users\Admin\.flauncher\libraries\org\lwjgl\lwjgl\lwjgl_util\2.9.4-nightly-20150209\lwjgl_util-2.9.4-nightly-20150209.jar;C:\Users\Admin\.flauncher\libraries\org\lwjgl\lwjgl\lwjgl-platform\2.9.4-nightly-20150209\lwjgl-platform-2.9.4-nightly-20150209.jar;C:\Users\Admin\.flauncher\libraries\net\java\jinput\jinput-platform\2.0.5\jinput-platform-2.0.5.jar;C:\Users\Admin\.flauncher\libraries\tv\twitch\twitch\6.5\twitch-6.5.jar;C:\Users\Admin\.flauncher\libraries\tv\twitch\twitch-platform\6.5\twitch-platform-6.5.jar;C:\Users\Admin\.flauncher\libraries\tv\twitch\twitch-external-platform\4.5\twitch-external-platform-4.5.jar;C:\Users\Admin\.flauncher\libraries\java3d\vecmath\1.5.2\vecmath-1.5.2.jar;C:\Users\Admin\.flauncher\libraries\net\sf\trove4j\trove4j\3.0.3\trove4j-3.0.3.jar;C:\Users\Admin\.flauncher\versions\amera-1.8.9\amera-1.8.9.jar net.minecraft.client.main.Main --username FLauncher_13728 --version amera-1.8.9 --gameDir C:\Users\Admin\.flauncher\clients\vanilla\minecraft --assetsDir C:\Users\Admin\.flauncher\assets --assetIndex 1.8 --uuid 00000000-0000-0000-0000-000000000000 --accessToken null --userProperties {} --userType mojang
        5⤵
        Loads dropped DLL
        
        PID:3420
  - - C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe
      "C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\FLauncher.exe" --type=gpu-process --field-trial-handle=1724,15014295732604405083,16964987277829620072,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\FLauncher" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4272

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4700

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:3084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4104

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
07b7037c19251f88afd6f6ed9e08b738

SHA1
f3a21e6470894aa31e81cba911f92e0ad3dc73dc

SHA256
05c94d68c1fd1fc21a627be0bb15f469b79b666c2ddf4fe0b5ee50751b9d8b70

SHA512
350d8212a0943524558b475ec6c7ac1732d39dc70fbce79c01bbaebc2467fb154a83fd5c164d658baf51a8d499ba86a378b2f38a3b7a34a3a99acd035de1eb88

Download Submit
C:\Users\Admin\.flauncher\assets\indexes\1.8.json

Filesize
76KB

MD5
6155398ec2c908bed2764d752030d8ce

SHA1
f6ad102bcaa53b1a58358f16e376d548d44933ec

SHA256
14e3aa58cf578fd8573985ca96bf075d8be05477be988664a09446c7a76f4142

SHA512
52cd29b51b20137a4695a8cbd0a4aa29e78f1d3e10d1c5f283f837cb4f021a8ad81b09b3c7e8b6496aa1c248c0998b7c211eda2c2c77c0de17b119f50250b4b1

Download Submit
C:\Users\Admin\.flauncher\assets\objects\55\55da1856e77cfd31a7e8c3d358e1f856c5583198

Filesize
4KB

MD5
db6deee4c221859885a69a10fb062467

SHA1
55da1856e77cfd31a7e8c3d358e1f856c5583198

SHA256
09d5879722c54c86d39d83df919f7f712ed92044ffb5b0a6757b9fc2e02281a3

SHA512
146a3189403c9437b6e74ed754ddd8d6694f6cd375c7c687ba77f0a97e7037df31df7c5123eeda260e3bdc163e637bcdff418e6a468a43188c9a72736b552fd2

Download Submit
C:\Users\Admin\.flauncher\assets\objects\56\56c1d0ac0de2265018b2c41cb571cc6631101484

Filesize
4KB

MD5
04136fa704ddf7b6a0d5101adb0de640

SHA1
56c1d0ac0de2265018b2c41cb571cc6631101484

SHA256
139fc234e51f7825fcdedf10c93d8d60c59df9b4955334f409a624e4b3e6bfbb

SHA512
d0acce8422bee523dac86ca130bfab55e2e0e50906b47ae599d4f5ec0d0627e5c4ef263c77c708586ab4b32786f8aca72f3d39c49926a09a2d5277e7652e4373

Download Submit
C:\Users\Admin\.flauncher\assets\objects\58\5887d10234c4f244ec5468080412f3e6ef9522f3

Filesize
6KB

MD5
1545455944217e6467c30bc9cf0ba0f6

SHA1
5887d10234c4f244ec5468080412f3e6ef9522f3

SHA256
a0d603f69ad58662e688d74b9ca2f345eebc0938b4af954f16840adf436fe8d9

SHA512
f27e519c219c4d3053c698ac641dc6e252cc208e83b004e0db7fb3015cb9fe5f99bb7739d0b16337f03379dd5775c29456c7ae4f37b15c74b1c851b620df56d3

Download Submit
C:\Users\Admin\.flauncher\assets\objects\5f\5fd568d724ba7d53911b6cccf5636f859d2662e8

Filesize
4KB

MD5
1dcad8cfe89774102ad3dd284a2f6d6d

SHA1
5fd568d724ba7d53911b6cccf5636f859d2662e8

SHA256
8a716f2a3cbfb5d330d3aa9999ff56f0636cf388991caa06d866576989c9f36e

SHA512
09b45d02b1af69500c616386867a9cc9a0a925007c7bc4419ab90463316511b3083400cd176b8b0d0ee3d6e31cc837ba10a31128d22bccc5e2a8cc556666ae8f

Download Submit
C:\Users\Admin\.flauncher\assets\objects\92\92750c5f93c312ba9ab413d546f32190c56d6f1f

Filesize
5KB

MD5
4c664febe29f0ca75ac519f0465be466

SHA1
92750c5f93c312ba9ab413d546f32190c56d6f1f

SHA256
2496adc8631bb3ab42ea5a737e2b39242e6a1ca86a90855f7d204a086de35fe9

SHA512
8ccc41d86bbd669da8db5132e3c11f91d3a0386cc6048fb54da28274a388a14065970ff507344cf3cf1522e3ea2297a20576ceaa4d88b0dab56ad7eb2187754f

Download Submit
C:\Users\Admin\.flauncher\assets\objects\99\991b421dfd401f115241601b2b373140a8d78572

Filesize
112KB

MD5
f939cf3c2b9557400f2c3d2e4337e503

SHA1
991b421dfd401f115241601b2b373140a8d78572

SHA256
0f46844a070fee1837def1de876629340fe9e8e781913afc539d17d929475308

SHA512
180dde116607c85cdfa904d09c842a7aa2564d9e6adc0cdf741cd469cbe8f8097aa9e8dc6a672bd64935a28afd797123dc29f8fbdadcc9998564c534b48fd254

Download Submit
C:\Users\Admin\.flauncher\assets\objects\9c\9c63f2a3681832dc32d206f6830360bfe94b5bfc

Filesize
4KB

MD5
62459d5e2818252fc2ecdf2c18dcdcbc

SHA1
9c63f2a3681832dc32d206f6830360bfe94b5bfc

SHA256
ac49293ab32aa3154eb5c1251e3175a55d28f9e6866bf74fa76c2cefdf6cc40e

SHA512
429897cde2e4f4307fb042eed6b987046e420aecdbd5d78acf3736b9a0284bc8429eab5109c96b39bd604f2a59390d69772dd42921c173ecc4fbbbd9b33a55f2

Download Submit
C:\Users\Admin\.flauncher\assets\objects\a4\a4bc069321a96236fde04a3820664cc23b2ea619

Filesize
6KB

MD5
02a9f2786ae1487a583495db000551a8

SHA1
a4bc069321a96236fde04a3820664cc23b2ea619

SHA256
ae97513c5bcac9d08f5c8bcbaf55b7a3112134603c141b5de70e15a06c77e325

SHA512
18605d797527b44234a6f2b6a99b2915e7fc30c8c88192252fa3dd02e0b801b78a3f509c44beedc887ef9a38556758279c576d922c8558b2d7b44d795ef25192

Download Submit
C:\Users\Admin\.flauncher\assets\objects\bd\bdf48ef6b5d0d23bbb02e17d04865216179f510a

Filesize
3KB

MD5
1eea6fda0ca03698efba7b045b5375f9

SHA1
bdf48ef6b5d0d23bbb02e17d04865216179f510a

SHA256
6c51d4ef0405f5b7ca5d7ee505ce6160783588926dcdff8099169f7e2b10165b

SHA512
48bcb65bdbc6db12decb70a8020b3316e2af7af4b15b868bda15a761c4a2e77ebedb2a5d3c57ae8582aabccc6d6c09d840467f61ace3ca14b14c452a03d334dd

Download Submit
C:\Users\Admin\.flauncher\assets\objects\e2\e26fa3036cdab4c2264ceb19e1cd197a2a510227

Filesize
6KB

MD5
8db68cc6dce4b8e01fc10385f2eac7bd

SHA1
e26fa3036cdab4c2264ceb19e1cd197a2a510227

SHA256
c7918a0b58c45a6f0d29fa990bbd31a7b482ef61387c83a02eb7f70b672e4761

SHA512
150be040bbf4d7d8dcb35aaea7b21908964b4cb86a9f33c4a3126b523b6ba964f36384b0c7dbe3f9dc49a3fa10ed04f355832e9ee5dfa8a53f799b2761ad297f

Download Submit
C:\Users\Admin\.flauncher\assets\objects\e9\e9833a1512b57bcf88ac4fdcc8df4e5a7e9d701d

Filesize
6KB

MD5
26a15393379cd7d6072f09f196027786

SHA1
e9833a1512b57bcf88ac4fdcc8df4e5a7e9d701d

SHA256
5998bf8ee2eecc2779ef896f04a540f9d48d4e96cc9227aae4646f4d9b817749

SHA512
73f6fa5e911fd64a3e45037876cc9edd8606c4590d0db5488de2169fddc6d5f80649c0108631e37af2fb52618b477d1a9086c734f8ac901a6b64cb06f64ef0e1

Download Submit
C:\Users\Admin\.flauncher\assets\objects\e9\e9bab7d3d15541f0aaa93fad31ad37fd07e03a6c

Filesize
6KB

MD5
246bb0ace989af2b492c055b1d55cf26

SHA1
e9bab7d3d15541f0aaa93fad31ad37fd07e03a6c

SHA256
f7e03bb5bcc487cea313bfd72ded4cfd4e215b82228cf9744760f61da4c496bb

SHA512
5f6128d4645a2e3ea9acf81a6ac55f00776995d5d1b7d72c4539e8fad65db2e32bbb75c195c9b7c96a7189408fd402992f506feffb3728ce8d28002bf9fad1b8

Download Submit
C:\Users\Admin\.flauncher\launcher_profiles.json

Filesize
174B

MD5
c02f9912c5453a585d75c5d6dc1b0031

SHA1
e02f87d1e3c9307d232a9f15de9fb47cf0347f1b

SHA256
cb9f130f23f0684aef3664b1edce44a3c511a3f9cc992f5fd1b086cf728effb0

SHA512
06c9d9286a4db4c326a89266fa7497f86e3a2f77387d001097beef829815c5281568acbaa8ba080656e8222bc5f4d85d52ffc187f5609ea223eb00b28b9dbcab

Download Submit
C:\Users\Admin\.flauncher\launcher_settings.json

Filesize
376B

MD5
ffb13645a200b582d60e927a58640c1c

SHA1
c13229d98abc22783c4bfbbe71b8666b39e3b02c

SHA256
07fb1c74316cd1151798f1f58b2e03718e1a70e9dc66b13db30ef191acc56d0b

SHA512
50451985111a3f4bc4b5002b2c29ba27ca8af52869296ea8774a776de809529c8e2e470aa4915794344b501179a3e80261869435b12b2c9d68c21d3d0479ca40

Download Submit
C:\Users\Admin\.flauncher\libraries\com\ibm\icu\icu4j-core-mojang\51.2\icu4j-core-mojang-51.2.jar

Filesize
1.6MB

MD5
aec124acf7b3c1c6ed41a6270a4452b8

SHA1
63d216a9311cca6be337c1e458e587f99d382b84

SHA256
147592c5eb8e11fc8394125954f877acf25918bae13aa210c2825aefc3030ed8

SHA512
ca585221ac4b06ed7b12891b43882e1c219d4656bab0f291a25fb9bd971d09371f1c8e35181a9ae5dafd9a429367ade86ec3f06eb0dc887e8a790c671132cac1

Download Submit
C:\Users\Admin\.flauncher\libraries\com\mojang\netty\1.8.8\netty-1.8.8.jar

Filesize
15KB

MD5
5da4cd5158f975d44952b929ce835b7c

SHA1
0a796914d1c8a55b4da9f4a8856dd9623375d8bb

SHA256
cae3de169e7695ef30079349c5ea81790bd10c04c4037196fd4fdc07b6d43934

SHA512
b693efc64eae075cc0130d05382d671c080b704ed0ac9880ab76b253b235dc4d7df2b23c612a574f054bca498294343430d825fedb6cffee268b786b234fc120

Download Submit
C:\Users\Admin\.flauncher\libraries\com\paulscode\codecjorbis\20101023\codecjorbis-20101023.jar

Filesize
101KB

MD5
0d622e2ac4368b5a33d540a9e4819e0c

SHA1
c73b5636faf089d9f00e8732a829577de25237ee

SHA256
6c4b4e50e608763564afa1bde2d25ece9dd715e7c9129540faa1faded4896506

SHA512
304b55520c48d574cb046efa45687000b640937ea86119b81c152bfb192aded3de61b993bb83275e21efa4cf0f50efd3025d030b18dc1a0f53fed1dcdcb151f9

Download Submit
C:\Users\Admin\.flauncher\libraries\com\paulscode\codecwav\20101023\codecwav-20101023.jar

Filesize
5KB

MD5
f6a93b7eb8083e4ced92e7e253657057

SHA1
12f031cfe88fef5c1dd36c563c0a3a69bd7261da

SHA256
bb7d17b340afe6abdfbfdaa03683bce4aef39a64887dbab0636eaff3cf2d59ba

SHA512
994af7ab19036542162d75a94dad4c7645f60626879f715d308966b8a018c84474cfcac28e2555f4a6e7a925bc919c54da276e2ee45bad2eb512ca1abeb7a2ed

Download Submit
C:\Users\Admin\.flauncher\libraries\com\paulscode\libraryjavasound\20101123\libraryjavasound-20101123.jar

Filesize
21KB

MD5
247b45f9d2f0071ad543c14d0ff31d5c

SHA1
5c5e304366f75f9eaa2e8cca546a1fb6109348b3

SHA256
333bbefeff5eb1722dc9b8d2e26c38bc69c1efa07d0ca870480f29d8858aa336

SHA512
eac73f86f1f85c94f5df309c4a27b02ce33e63635ef731e088f4dbeae2679d837c0a82efd96d853bc0a193edf5636d949a91b41e2b43de8bfbe376d2e717984c

Download Submit
C:\Users\Admin\.flauncher\libraries\com\paulscode\librarylwjglopenal\20100824\librarylwjglopenal-20100824.jar

Filesize
18KB

MD5
93730cef2e75762c5a1431c6d7a0c78e

SHA1
73e80d0794c39665aec3f62eee88ca91676674ef

SHA256
107d11509f6af59b8c2ba23df828bc5d3c4e067b58f3d858c7deb90ca5308f84

SHA512
0e0956a0c16943c3bbeee89b17a556b2f4a57e7d87db1bca2449a77517c46559f4b2dcb541695f89693fedb533e627671466915758dd0f0299477bf374a58dc8

Download Submit
C:\Users\Admin\.flauncher\libraries\com\paulscode\soundsystem\20120107\soundsystem-20120107.jar

Filesize
63KB

MD5
6d9d7d6c163caf74984465694d3566e7

SHA1
419c05fe9be71f792b2d76cfc9b67f1ed0fec7f6

SHA256
2882d64550240dd0c026724da664d9f97ef205c91d6a85273d10790d88608f34

SHA512
8b5c995c3ba0b58f60269793418f3d52c766fa182c92bb76856b7bb7fb79e7c74eecea8d50fc1fac665328b00474851a8ea0c959373d84269e550ad1cb6e327c

Download Submit
C:\Users\Admin\.flauncher\libraries\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar

Filesize
985KB

MD5
52b0d8408b694de10ce93c85514aaa10

SHA1
803ff252fedbd395baffd43b37341dc4a150a554

SHA256
3bff6a1489b8e54cf130344bc5e8744db331045ad2fc736612576e1d80eb1f48

SHA512
27fe373433bf12d9566d8b46c4f17549ca04f3c1d9b809bff411b6c348b220d2c320060ab11db57ce7a87e2ce14b91dcba5ce6e226ea1e4c398bbb13736f33a3

Download Submit
C:\Users\Admin\.flauncher\libraries\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar

Filesize
892KB

MD5
c5057d6dc3a531708e4a91249fadda3f

SHA1
e3f70017be8100d3d6923f50b3d2ee17714e9c13

SHA256
ea89d5090c8303ba4e9a0056e6d8a20429f3e021411e950bfd9eba3b6e6cf15c

SHA512
a89db5e82b44181d1b76ab9a7c1a0156f0511374a0d2c374ed815d4941f8566da0864e14492c85041938286dc2b27b8b0ed32188fa30e2e6286bc6f15339f7d3

Download Submit
C:\Users\Admin\.flauncher\libraries\net\java\jinput\jinput-platform\2.0.5\jinput-platform-2.0.5-natives-windows.jar

Filesize
151KB

MD5
b168b014be0186d9e95bf3d263e3a129

SHA1
385ee093e01f587f30ee1c8a2ee7d408fd732e16

SHA256
24afbd5e1fab17da57d16a4d3f19d53f36155ef46a9976484201a4bb9722287f

SHA512
e8dd2c73c97cb0ec065acb3973a89cacf742005d60eca5f68edfd5306a23c4a6be8dd8deb4f7ff870075f75d79fff9a87c2aaee980ef7b4da764bcb822257dfe

Download Submit
C:\Users\Admin\.flauncher\libraries\net\sf\jopt-simple\jopt-simple\4.6\jopt-simple-4.6.jar

Filesize
61KB

MD5
13560a58a79b46b82057686543e8d727

SHA1
306816fb57cf94f108a43c95731b08934dcae15c

SHA256
3fcfbe3203c2ea521bf7640484fd35d6303186ea2e08e72f032d640ca067ffda

SHA512
18bf59191d7a456e7675c841df8411ebe425da40532e103db95483be5d2a75510d8a38ad9755cdd4e0be27afe7cfd0b358599388a84fcec1ee27e89caa37f5af

Download Submit
C:\Users\Admin\.flauncher\libraries\org\lwjgl\lwjgl\lwjgl-platform\2.9.4-nightly-20150209\lwjgl-platform-2.9.4-nightly-20150209-natives-windows.jar

Filesize
599KB

MD5
6cab9a7349c4a33e172ad405682e7796

SHA1
b84d5102b9dbfabfeb5e43c7e2828d98a7fc80e0

SHA256
f2e1f2c6bd7511a7504f389b8b716f5d8dc2fdc71e29c89b52644314cf0a228e

SHA512
83308b1b2edb19b6d252f7363f1cf10b56cb36cf40fbdae83a5ef403436d20a1d088f2c654d85d54143232f82bdef6d01087b3a4d70521d04defcddf548f4fa9

Download Submit
C:\Users\Admin\.flauncher\libraries\oshi-project\oshi-core\1.1\oshi-core-1.1.jar

Filesize
30KB

MD5
4f992d3ac0aa70a8647460494c95e261

SHA1
9ddf7b048a8d701be231c0f4f95fd986198fd2d8

SHA256
27901e5d4d60d3502571d5e6358fc89e3fcf874138b69d495d139bcc3e169404

SHA512
5b7af823687116dfdd92584a215cb661dcace19bfe4f2f3930a809407a0a9327538eb16d3b1d7b616c73e6cb927a5100e6d871781dc2035b8bd02ba75e2c167d

Download Submit
C:\Users\Admin\.flauncher\libraries\tv\twitch\twitch-external-platform\4.5\twitch-external-platform-4.5-natives-windows-64.jar

Filesize
7.1MB

MD5
2ac293bb34ea1934e5554f192c740e85

SHA1
c3cde57891b935d41b6680a9c5e1502eeab76d86

SHA256
6428eb438f53afc563d58c7f2a563ca9fcaae80db3520af744de5e5db1c9df6a

SHA512
2ef826a34b25b6844152a8169e78222a5c030731372dcc89b14a80d30ebf33441350f258bd9956ad14f69ff12aafe047590326cb8f4e83636fb1487858495a61

Download Submit
C:\Users\Admin\.flauncher\libraries\tv\twitch\twitch-platform\6.5\twitch-platform-6.5-natives-windows-64.jar

Filesize
566KB

MD5
03f6486066163f62eb69e97928878f83

SHA1
9fdd0fd5aed0817063dcf95b69349a171f447ebd

SHA256
75337e7362e489a6f8c9712aeced9e131e82a3ce851cafbd4d03fda284cc7116

SHA512
4228b8cfeaf3309d4fad7267258121477ad6706f79e784e2c066112ef4a179bc4373d61012ee00e8c0c0d775c0a4fbf79f9aeafe26be0ef621c375b688ee41b2

Download Submit
C:\Users\Admin\.flauncher\versions\amera-1.8.9\amera-1.8.9.jar

Filesize
367KB

MD5
9eedfdf0f76ef7618626d3146a10eba4

SHA1
80014b7c0281937ee8454d9b5272a7c1d5be0816

SHA256
e00331ec566abb84e01f8fa7bc7e7ed39f5c98d56638f34849f1285c3348b228

SHA512
9c7f6f9ad54c784192a8e3080faefed79f40daecc2d57c3b6506c326f0958cf4f8733776410da3566470b56e033ee1374837ef42f61e82befd8e81f32c7328e5

Download Submit
C:\Users\Admin\.flauncher\versions\amera-1.8.9\amera-1.8.9.json

Filesize
1KB

MD5
0ec0b1deae12ab3f3d5c57a1f4c173f1

SHA1
cd5901d947166e0c6abbcd2e1ebe65f55dd3fa25

SHA256
c892ea288088bc0f393bedbd896f7b52fbf3f03f2e4b4504e23dfa7a91377f22

SHA512
1ef3cc939e6296d7b5b65086ba81baf0cc94c042eafce61fa1bf67ee1b2ee415dd55dfd6e2a199382dfc4bd7f217d9bdc8e31be61dac1b74707fc930b7b6c96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

Filesize
1KB

MD5
4ada7084cc38c692f12f230177e66c30

SHA1
45da6d7b2b61c3f670945bc6b73aa35c975c44f3

SHA256
7b4e3cb73d709049bf3dfcdc19c408e1c647c0f55634635097d8cee75cd63103

SHA512
4cfd2e3bdee8956e4d7103f574b00304967ee38ffeb5c8a1449910593d7b21fe7b1a838e37bb6ba003874ad54f0b276566663b437ef32cf3db953bba2eff0cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-22.855.3084.1.odl

Filesize
706B

MD5
2f2032d3e16e9174c26ead0a370469c9

SHA1
8282a06eccaeb0fa47ec8a0df42032d8ec806ed9

SHA256
f02a41a471dbf4d22fa7f413442b7ac7642deb77912cdb6ea9ee5c18c29f7f4f

SHA512
f0bef1301d9a9e3c9cafcc922e5686a4d3e4c6c4cdb6fc2c7ff09d4162d7daa2043cd4a25d51a7a06bb42ae6c9a067dc52ff3de70824a194108959abdc34a825

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
77B

MD5
4fb4fff34d87fdc0a11541ead308dabc

SHA1
8b01d8f1036070984c552c6661a96e2b9cbd2eab

SHA256
2d4ccc8de23df20bbe60b53228a6f450f1d7e860436097bf5c2e51b9972eb507

SHA512
35e32c74ff9fbdf72f191162fc35f75d2a7741700533b40f52f53a562660125b8ce5506f4c18177289be0ff86c0d3c1d39687bf7bbc9c69c3ea858c05f5e097b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
4a5dbd3d6263eca75561a21b98aa4353

SHA1
9308061daf870e2c3b002c5b5ba81556c6e03873

SHA256
19a9ed41a69c74f130f53572aa1b07b1fa35d93a408dcf9d3f16f0fd72dd1e69

SHA512
1741d133badccedeedc68079e1f6dcaf116bad58b85292031da2759ca0648416054d5806edcbf0910a276a95a76c4b21d2465dd1d994a068a1db5ee47632bd11

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
90KB

MD5
0042847e67a304182fb8d25f9e78736b

SHA1
52592eb1444aa2280a852d4aa0d71166c972fc2d

SHA256
9664a4b156729e6ae2f05f77e6d5835c6dcaffc2cb56a7d0c32017155d6582c9

SHA512
3c516ccc8b3e36ed36c97ff070f1131366ed12b30f3f487c6b54255e8f870c3461edd3884600b41c54b2084bfd4e3005317a57e9bd5427536a7050f2cfd4aaef

Download Submit
C:\Users\Admin\AppData\Local\flauncher\FLauncher.exe

Filesize
315KB

MD5
ad8dec4c3a7169f53f66132878d02048

SHA1
42d2c7b700f8aad8a5018fb7adea882e5531463b

SHA256
b8f92b98085c2ca91527d8630fe16f8caf18e742407220bcb1053d00d509046e

SHA512
927bfbc94f486673fcf0412ab8f892953ddc4b711321f0b99e78745d4664109f551dafe6ca2044eccbbcee100c9dc6876376fff606712fc5197e023486a83ae1

Download Submit
C:\Users\Admin\AppData\Local\flauncher\SquirrelSetup.log

Filesize
1KB

MD5
5a5c80a75d50a20d28be91479ce448f0

SHA1
a67d1281ee9a62bc20f3552fc7420b7f6444f78c

SHA256
5d7b8f2c8719349d5d5eee3177ad0f6bf657b7a21a880705aeaa39515d1ac45f

SHA512
d2ec18c8a775828d714c109e2ddc582695bf3d033b8ac68558b66a61e530fd8503f2530296fd219ed36a47cc4976d4876da4095b4e1b8585a385272d7e78153d

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\ffmpeg.dll

Filesize
2.4MB

MD5
8103bcc04055915bcca7c56b9902773a

SHA1
3c41d9f820e8a2338c5709c96405f89adca4ce75

SHA256
2599057fa40f6dcfc25cdbcd6fbbccf5b76fbc78860b71c80b4a19bfc80a5c5b

SHA512
055db41012a27201e66a9a44d135eff77b117d1cd86ffcfced128fefeac14bb9073d823b0908f958b319db48032b23d67b39d548c674cd11acca41729cbd1350

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\libegl.dll

Filesize
349KB

MD5
1215bab9a7cc00684a046fa1a105b884

SHA1
fbc546b2f6cd432a56051340b67fdb15ddfdf40c

SHA256
c7dda0ad6acfd4bdd607d35d40838c1857fa6318fa21521eb7cd12aa93be5f28

SHA512
e487648a58520f9b26ad219d7d5811386a688c40b29fff1d950019b150d2869121a80e4591269fbc8678b35af24e6f0559dac724b69e7ae8e214ee4ff28845f1

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\libglesv2.dll

Filesize
6.5MB

MD5
071bc23ce69f599f0f80a0f3043db977

SHA1
5573d7296ba039ffc327df5e30d4537c1c64662f

SHA256
4604a319c66ba8a18f6438677a5244bee2170114873967a339252ca8320a15a8

SHA512
3f9d916adc7dff563892edc95902a73bcfbc22f497b5fa506fa6776ab24890ab6c992d1b205779a31f052186b06679310b4a39f20472af3569c1839f7dd7f976

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\locales\en-US.pak

Filesize
95KB

MD5
214e2b52108bbde227209a00664d30a5

SHA1
e2ac97090a3935c8aa7aa466e87b67216284b150

SHA256
1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab

SHA512
9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\resources.pak

Filesize
5.6MB

MD5
1f46000d6ae1277ee4e97bfe4f457a89

SHA1
6597e91194f785e117b15dd8e6538fef75d9b7db

SHA256
6251353228a758cd9e747492a38b302acb9f16c80b234c6e5a79b23d0b369f92

SHA512
1049b09e600157226ec232c610d150a7a414c99623cc4e3ae112543c39315a7c2d56e47932714a1280420df2dbbfafd3ba50961e79a8b01b73d3c20234155323

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\resources\app.asar

Filesize
1.2MB

MD5
f9d34242f87c121fa563eb30daebd70b

SHA1
91bdd4053f60e906c4f8fa9cfee923fa11968a8b

SHA256
7f83abad16bd919b78327396685756eb930d1e0b0677a7479c21cdee8c50bec4

SHA512
c6393b04438bee6a7b87a272d5acf7044f87581eaf74d6e7523a464501d0a1f2c1af457ca76423e1500f80f820f42a914c61b8f6287b08990384a1cf2ba22d8c

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\resources\packages\ui_36.asar

Filesize
896KB

MD5
c7e3eaee339bcc669590bcbd53a6f101

SHA1
562469eba78430f0b6452c373146991097ed486b

SHA256
2d1851caa8b88ffdcee0e222044f634326854fe2a8ca398eb485d933df31617d

SHA512
ebdc8e429e719d8b32413aa76920291a942079debbb6d1ea715b30e248290a68ce44961e14cd6e4ebe019b5903a7a080019546406629f81e3306dff9d45ff720

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\resources\packages\ui_36.asar

Filesize
3.9MB

MD5
991392aef8a5e0c950630c5ecebf01ad

SHA1
afd0953e1796d044659779bbb278b015e29a0efd

SHA256
d30558e084f385c0313021ab7c90f084222e37ffdae1408284c4734fd91aff40

SHA512
b098ac16c527712f2d945fb93d8dec2d2a3da9874441fc434f79eb494fc0bfa0baf29be59ee42942c03bfbb6ed8a2010e738fc4375925525fb4d48629a299de8

Download Submit
C:\Users\Admin\AppData\Local\flauncher\app-0.0.36\v8_context_snapshot.bin

Filesize
160KB

MD5
f1d9b64be3546cf25d94d53724aa380b

SHA1
12f4b0df87f203ea61f4e0381a30b079eda14432

SHA256
3d47a03ccc914b327f30a80fdce2e623b1a58e831399136c01029eb280c0d3e4

SHA512
7f8ef927566ab9a920d13be9e59477798ec39efa0ec5d81ecf0b0c86fcf052d576b65a86b9bd9c9e70f4805b325fbf5cd4a83abc4ca234a081e12c9eafdef55f

Download Submit
C:\Users\Admin\AppData\Local\flauncher\packages\RELEASES

Filesize
80B

MD5
8233830c0f0d87d96ded045684d738dd

SHA1
9b1f48e66eac72a36fc58053b09e59a993ecc94a

SHA256
52a313691f353d038567596d06e7a960cf164bbd7bafcd86c52399c5255c111c

SHA512
74b5bdb95b7eab4597002cf82d28f69b6050111cbb0f3007d5aae26198b47d197a5b316f65db95572afdb1cab0c3b79c4d31af5d4a471f6ca98d64adb4a6ec41

Download Submit
C:\Users\Admin\AppData\Roaming\91c734e7-67e9-4f9f-9ab9-e3253374fb32.tmp

Filesize
537B

MD5
08363ec3e86e01ee4792e5d3090d25f9

SHA1
5e22188276b81950ba6c6936e6dab9bf3b690306

SHA256
6e924473809c8e38960067e3d0b6f9128f9108d853f8712ac931af9122a69a8c

SHA512
09da6c0a8ada92600e469bb4ed6a5eb10457ff1e1455f570a6d7cdd84b872b8a48ecaf45c36273378d51bba1abf510d5706395436e23610a1c99b813e5f8c3e8

Download Submit
C:\Users\Admin\AppData\Roaming\FLauncher\Local State

Filesize
389B

MD5
3f4afb2002b53352451bbb130c45ba41

SHA1
1553d550036c6b47bfa39ea534949f8b265ff19f

SHA256
96f4d7f3d758d6df1b45100514a84a18524ddb8e50cff938192cba9596b51299

SHA512
206e02554c0012e27119ae451ac645a66824e2459a4daba3de1b949ef423124fe8c02f35e6beb6b5c1bdd1725b759f90a9f9adb64f86945d169da3763be1ebc9

Download Submit
C:\Users\Admin\AppData\Roaming\FLauncher\Network Persistent State

Filesize
1KB

MD5
5e16861e8b608707a9dcbb9fe9e73056

SHA1
bf749222355c9c6d10a97d41d0551553c06b6fdd

SHA256
55afe07781b1a7696d01ccad6f603a9a29ea17c76911220675f494e3fd6e8bc6

SHA512
9043243b6ae06ae147db1a4635ad9b5b78b609c0d635b79bbc8737335facf7832207032a1fdd689b499b29a75911c81c5cd53991b025d39feb9c9d29d0b4c215

Download Submit
C:\Users\Admin\AppData\Roaming\FLauncher\Network Persistent State~RFe58e049.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\FLauncher\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1464-3182-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3179-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3172-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3173-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3174-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3180-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3181-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3183-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3184-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/1464-3185-0x000000000D450000-0x000000000D451000-memory.dmp

Filesize
4KB

Download
memory/3420-3190-0x00000200445A0000-0x00000200445A1000-memory.dmp

Filesize
4KB

Download
memory/3420-3161-0x00000200445A0000-0x00000200445A1000-memory.dmp

Filesize
4KB

Download
memory/3420-3150-0x00000200445A0000-0x00000200445A1000-memory.dmp

Filesize
4KB

Download
memory/3420-3250-0x00000200445A0000-0x00000200445A1000-memory.dmp

Filesize
4KB

Download
memory/3420-3240-0x00000200445A0000-0x00000200445A1000-memory.dmp

Filesize
4KB

Download
memory/3420-3233-0x00000200445A0000-0x00000200445A1000-memory.dmp

Filesize
4KB

Download
memory/4064-211-0x0000000006210000-0x000000000673C000-memory.dmp

Filesize
5.2MB

Download
memory/4084-15-0x0000000009C80000-0x0000000009C8E000-memory.dmp

Filesize
56KB

Download
memory/4084-145-0x000000000A350000-0x000000000A3E2000-memory.dmp

Filesize
584KB

Download
memory/4084-14-0x0000000009CA0000-0x0000000009CD8000-memory.dmp

Filesize
224KB

Download
memory/4084-8-0x00000000009C0000-0x0000000000B84000-memory.dmp

Filesize
1.8MB

Download
memory/4084-7-0x00000000733EE000-0x00000000733EF000-memory.dmp

Filesize
4KB

Download
memory/4396-121-0x0000000005350000-0x0000000005370000-memory.dmp

Filesize
128KB

Download
memory/7072-3100-0x0000014CC0B00000-0x0000014CC0B01000-memory.dmp

Filesize
4KB

Download