9a43c74a87fbb97b8dca36d7d67f2c6e8f5ff3d0adcec6f229bcb4b06f0ba360

Analysis

max time kernel
75s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nevernight Free.exe
Size

339KB
MD5

601b60c5d7819897b062f0313c371125
SHA1

876ed9b41a23cd2424f73f9501f218d806a6d63c
SHA256

9a43c74a87fbb97b8dca36d7d67f2c6e8f5ff3d0adcec6f229bcb4b06f0ba360
SHA512

c973ffd225f0d9a92db141a1a4afbca3f4c0a357d55219368c5cae13040d399f72c856b88ded14aca2b9bd0a301619e815a0c668719d4f2a399ec915f7c7d017
SSDEEP

3072:vSb0MKWY3tfR2y+/E4blvEmMPER+EgvmYicsPjTvRnwb3:K4JWGJ+/ENSTvRnwb3

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	java.exe

Executes dropped EXE 1 IoCs

pid	Process
1104	java.exe

Loads dropped DLL 20 IoCs

pid	Process
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nevernight Free.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1104	java.exe
1104	java.exe
1104	java.exe
1104	java.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1520	javaw.exe
1520	javaw.exe
1104	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 1520	4372	Nevernight Free.exe	83
PID 4372 wrote to memory of 1520	4372	Nevernight Free.exe	83
PID 1520 wrote to memory of 1104	1520	javaw.exe	98
PID 1520 wrote to memory of 1104	1520	javaw.exe	98

C:\Users\Admin\AppData\Local\Temp\Nevernight Free.exe
"C:\Users\Admin\AppData\Local\Temp\Nevernight Free.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files\Java\jdk-1.8\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Nevernight Free.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Nevernight Free\jre\bin\java.exe
    "C:\Nevernight Free\jre\bin\java.exe" -noverify -Xmx4024M "-Djava.library.path=C:/Nevernight Free/natives" -cp "C:/Nevernight Free/minecraft.jar" net.minecraft.client.main.Main --username New --height 480 --version "Optifine 1.16.5" --gameDir "C:/Nevernight Free" --assetsDir "C:/Nevernight Free/assets" --assetIndex 1.16 --uuid N/A --accessToken 0 --userType mojang
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Nevernight Free\assets\indexes\1.16.json

Filesize
288KB

MD5
9e7ab9e5ebd101e76b24899b8c2a6aa7

SHA1
f3c4aa96e12951cd2781b3e1c0e8ab82bf719cf2

SHA256
ae9f833a1d267824f5c55d0a233fc9e960ce383da43e219d261a8062d3af399a

SHA512
1cf121d02d3236fdf8ddd0d3bdb05494374dc30ea310c85f500b9a5dc3ae25de99481c83324b43e3fda8f7efa7cd03d053a1761438414c56c6103896415df020

Download Submit
C:\Nevernight Free\jre\bin\VCRUNTIME140.dll

Filesize
116KB

MD5
e9b690fbe5c4b96871214379659dd928

SHA1
c199a4beac341abc218257080b741ada0fadecaf

SHA256
a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8

SHA512
00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

Download Submit
C:\Nevernight Free\jre\bin\extnet.dll

Filesize
13KB

MD5
6a826caacd7f16a3d33c281dcbbd5851

SHA1
c9371bccefb7ca6e282f985b55eb3b6e1f9fd87c

SHA256
69be8c034d85da2eca0050d8bf0cb10d548d0afd8f0b78b11d5620687e7fb1ef

SHA512
c295486810f696ffe17881cb7999cadffdf6443b748dd009ec7df0d33990fab46385401d282cdd9337f7fe740bc991b70993f36dd7e7e92cf04746b8c7ade502

Download Submit
C:\Nevernight Free\jre\bin\java.dll

Filesize
134KB

MD5
cbe2be1ef9c582c7e8d77be0c454f825

SHA1
a5fb8951270aad09c03790e2627b1e42c63963b1

SHA256
bfb0562660f8c862f6e848a14f7281a0d2f4997fe2f73c8485b873b6c91dad6f

SHA512
41c422a73f99dd260d193b8eda6bf5f69eea7073f768e178109bebdb5096e12e1f5ce02762c112c6e0baef79d24aa8dd5dc4a281fb64b0aaea6fe21ca995a082

Download Submit
C:\Nevernight Free\jre\bin\java.exe

Filesize
38KB

MD5
fcfa314e89644950cba8f35e0ef950f7

SHA1
f03174311d8931dcce864b6d7cc419aa35929168

SHA256
5d1413347df3ba76795b5a0b9f8332df6eb5c1830d9efc058441ca389f15f235

SHA512
678191db3a4a5d57a0ca6217933a6faf7544d1829028872e2039b992fa25f5ce38a56c5f55526d978755fb60ad423fa49fb54d5dd6643a84a53fca93d5331808

Download Submit
C:\Nevernight Free\jre\bin\jimage.dll

Filesize
23KB

MD5
31d9b549fa704f476dd8209fd88368de

SHA1
e9e8c247f4288319dfdc342ebc3f1df30802a474

SHA256
1f2bf48396ab024e9ff59ebab2042c02c346ecd49c6e01559283c26a9e55f83a

SHA512
147befa92e82c246174a7e8acdf2f9047eb2bfca836e97717617731f4f7dfa0abc4c46995db562fd0b1e577437eaa3ae99757c93dd3f209e6411396274ad3fef

Download Submit
C:\Nevernight Free\jre\bin\jli.dll

Filesize
77KB

MD5
d09d27ac6f5d52d81039341dbb5c2b91

SHA1
91f2ccb988ad79f47ab3911333e8fc25365a92fc

SHA256
77e32374627617e2258db9cebe1d1362ba77eb0748f94cd3069116f5720c6890

SHA512
1dae59bea794d10cab6f13e14aa155b1f55958a6027377d760d7eef855f1593eefccc764c755a1621b7d858c0d1ac464f6a49ada78e3918c6dc3ca659ac84d50

Download Submit
C:\Nevernight Free\jre\bin\jsvml.dll

Filesize
839KB

MD5
6d7fea37f00a5e07d0b344e2fbd0f057

SHA1
b0769ab8ebbdce2f2711e40c55433b871fe5e37a

SHA256
9e72df4448a2acbd4c488ff6bc557f7558f6f8493be771aeeb965d6320b6127b

SHA512
ed7876a5eb3165b33ef90c669e78b98abf8ed5ebc32af8092fbedf11ffb808e0b158e5d38a13327cdf68094fbf4eae65572dcf7026d047255e8a55e6dabc0e48

Download Submit
C:\Nevernight Free\jre\bin\management.dll

Filesize
18KB

MD5
d71ed500e21cf25a9ba68f6543173bb1

SHA1
27b969f514f952d5359d4e2c5bdd1eff7466fb0b

SHA256
f93071c25c160e2bd948b1992c37ce25492aa8aef33f19df861e6cc4409a8aea

SHA512
279fa8ef264e045e6fbd4d518653bcaf02a08d422602d0e7a063535f150c75b2541c5d06ab92ea6c5968eabd8ffff54ddf54eab39780d0bcd608a6876de2d91d

Download Submit
C:\Nevernight Free\jre\bin\management_ext.dll

Filesize
25KB

MD5
bbf8141625a255de31c486c93a838cdc

SHA1
1d70e8fc7b2ebe709e19d9b998827e2183b5b06b

SHA256
ffc6ac1a5b62903a1f2d9037d4470bb50279828e65da69dd35d05aa660560c03

SHA512
225c8e0efefb02049394104a655a501099b9569355383f0aa08e0580c6fcd00b57901ae95f3e6c33182a9f0fd7a58901c937e647a40932f4b0d5c31c88a7d619

Download Submit
C:\Nevernight Free\jre\bin\msvcp140.dll

Filesize
559KB

MD5
c3d497b0afef4bd7e09c7559e1c75b05

SHA1
295998a6455cc230da9517408f59569ea4ed7b02

SHA256
1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

SHA512
d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

Download Submit
C:\Nevernight Free\jre\bin\net.dll

Filesize
85KB

MD5
ad8f4bcc6129826e9b3e1b27da94d56d

SHA1
45bb8bfc3029d0716e955bd6d850f058d2363dd6

SHA256
912202b9c8143d1d53617ee5da63bc4ab24958dfd598a7552eebf88b9e603c49

SHA512
fcd03008e2a8a8b172e64075bae807f1c71b7abec19d7e6f8a20bbf304ab6d019038336a5012c2ccfb71f72b0783c698a3de7d50952d88dbede9d9efbb5db3a9

Download Submit
C:\Nevernight Free\jre\bin\nio.dll

Filesize
68KB

MD5
679c31547568df2eb6636e8c4ec36dc4

SHA1
a5b1702b6b5881f0da66e0d268ab6c8d6905a8e8

SHA256
c281d7a9dd21da02ad694c7e6360846024b5e3821d63d9f9b8eb6237352e0cb2

SHA512
e69f6e49135d6f2497bbfb1809f6c04874262e4be953c9c44a84ab4f23547d0529545ae44a593ed0f4788d7be6aff82ef3a70914ceb9b74ed894deab4d963468

Download Submit
C:\Nevernight Free\jre\bin\server\jvm.dll

Filesize
20.4MB

MD5
d19559e7ffb2a5c432f6d6e0e452e1e4

SHA1
301df900cf1d57846cb10bbb3b3b4bff7a23237b

SHA256
ee8c4b1938ff5c4c91ecb0b1ea32ba89af05d8e5f53327729b17e8815e858ded

SHA512
4cad3321e183d43d38d8ac00c7509c2b84f2f19937a4fa79b8b264b0d77596e070f0a6ed0f26da8f9a784ef35f52f0377994f15fc96ddb36c44681d1e085d045

Download Submit
C:\Nevernight Free\jre\bin\sunmscapi.dll

Filesize
36KB

MD5
f906b057459b3e09b4931e2bf1efaa33

SHA1
9d9d7b8868b2da67cd8fdc2a164f99768900c292

SHA256
502f9d1fb06f5b3bec21439968dc165df259cfb7db1a020392d223562f056e0a

SHA512
1a1a81a44b881625b8041a10b6a50b47c70c83bca7a257b0009e64fa91d71d721bd25121e9842fbd0f9ac03b95fa08725d827d432eccef90001fe23facabe162

Download Submit
C:\Nevernight Free\jre\bin\vcruntime140_1.dll

Filesize
48KB

MD5
eb49c1d33b41eb49dfed58aafa9b9a8f

SHA1
61786eb9f3f996d85a5f5eea4c555093dd0daab6

SHA256
6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

SHA512
d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

Download Submit
C:\Nevernight Free\jre\bin\zip.dll

Filesize
77KB

MD5
6b4ff9276d69444d64b1323a7cdb9dc6

SHA1
936dcb365192b5880f12c0806bb4b35c5e692a4b

SHA256
0e0a64ad099ea861be0d149fc1b43fade3efa61b0990d99c9dc93486addffe56

SHA512
3802aacfa8eab3c5572b1679172cefb62dae8e90e21355c3d6824d8c6f55c27e652683ad87bb48f89f28d2ba5276b4c4abb6cd676d177adc29c641d10477f523

Download Submit
C:\Nevernight Free\jre\conf\logging.properties

Filesize
2KB

MD5
0f00ec3e7a7767a4efeae1875fb5f3d4

SHA1
167808418571e9209b952188ddab2f4e62920e68

SHA256
b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f

SHA512
e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

Download Submit
C:\Nevernight Free\jre\conf\net.properties

Filesize
6KB

MD5
385443b7e4a37bc277c018cd1d336d49

SHA1
b2c0dfb00bf699e817bdd49b14bc24b8d3282c65

SHA256
5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08

SHA512
260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

Download Submit
C:\Nevernight Free\jre\conf\security\java.security

Filesize
57KB

MD5
fb2f8510dbdc58955528789078a8350d

SHA1
664f61e0bf8a7a4382b703620e7c1b545d8ecd33

SHA256
d0e59d5c3bbb69ba4db235bbc9f7d0bbf966752f3ccf1e774fe3a8c0bc9b54d9

SHA512
112a5d610b186364d7e3fb9e364f9dd89e271e29ceb5eba16ad72e9a4c23a4dcd8ac916324361c23b9a00db777039600fcd78178e3acaae893f3bc842dfd6e71

Download Submit
C:\Nevernight Free\jre\conf\security\policy\unlimited\default_US_export.policy

Filesize
146B

MD5
1a08ffdf0bc871296c8d698fb22f542a

SHA1
f3f974d3f6245c50804dcc47173aa29d4d7f0e2c

SHA256
758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9

SHA512
4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

Download Submit
C:\Nevernight Free\jre\conf\security\policy\unlimited\default_local.policy

Filesize
193B

MD5
2a0f330c51aff13a96af8bd5082c84a8

SHA1
ad2509631ed743c882999ac1200fd5fb8a593639

SHA256
8d8a318e6d90dfd7e26612d2b6385aa704f686ca6134c551f8928418d92b851a

SHA512
2b0385417a3fc2af58b1cbb186dd3e0b0875e42923884153deee0efcb390ca00b326ed5b266b3892d31bf7d40e10969a0b51daa6d0b4ca3183770786925d3cde

Download Submit
C:\Nevernight Free\jre\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Nevernight Free\jre\lib\security\blocked.certs

Filesize
2KB

MD5
8273f70416f494f7fa5b6c70a101e00e

SHA1
aeaebb14fbf146fbb0aaf347446c08766c86ca7f

SHA256
583500b76965eb54b03493372989ab4d3426f85462d1db232c5ae6706a4d6c58

SHA512
e697a57d64ace1f302300f83e875c2726407f8daf7c1d38b07ab8b4b11299fd698582d825bee817a1af85a285f27877a9e603e48e01c72e482a04dc7ab12c8da

Download Submit
C:\Nevernight Free\jre\lib\security\cacerts

Filesize
119KB

MD5
948a2d33db91d45dd4e2050cfe7164d2

SHA1
1d4d9da923d290820323665564af11da3e4a57a9

SHA256
81d484f69278a4822506dc4225c95d6c63e499cebced66b38cbae6ba6b340f01

SHA512
134bc92c9d26432ba23b3294b034879d6d48c3a51e639fcffc0b8bca2506367cbe3466c708de45b903521383cb899d1f09fbdd76419b1bde39c0c5c3cd3d7c86

Download Submit
C:\Nevernight Free\jre\lib\tzdb.dat

Filesize
101KB

MD5
c054908b3f007234696a2c13f2cb58be

SHA1
330a69ed889539d7b8f9ec8bcb00f49b5ee2895d

SHA256
108a63fb316b1eaa8949f3ff7265c2af0402c9ff13f360578e658caaafc40faf

SHA512
64f3c996f668e200acec60138d027fd60523c35e5de60dcca915101c2c069f1bef6783f34584b2212a5c140061d65cb23d889bb2cdd67b57014c66020e777a7c

Download Submit
C:\Nevernight Free\jre\lib\tzmappings

Filesize
21KB

MD5
b02ee240a8db902961fe886a19beba16

SHA1
c52c42d591f4c650b629e6b374e967e211fb5aeb

SHA256
36dc51c4bf787f640a4b45cbb84ab6954f6e595cbd3617c2f5a4e1e607b38bff

SHA512
024811961511b7182860ed03a5670f82412a45d005a1db0876f6b0c9af7e96c104566abff0ebbded11a780349444214291f439039d20fb92071c7dd24bda0e23

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjglAdmin\3.2.2-SNAPSHOT\glfw.dll

Filesize
347KB

MD5
532f9686b0b55b3d7cf9f6733f29ba28

SHA1
9d95a8f52cbd48ab87937714eb4fd2129ed10f0a

SHA256
7cc30e89f7fd61ca8532b4ecb9e05598cf426d0a336bc382a128e28b824a8962

SHA512
6e6fe022238e69565fed6cb85fa74b913aed187487da4133a3e14b7eca230bbf5d70c8ab88d02b15e68a0a10549130ff2b0f2eb7d85ef3af8f92218327cfadfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjglAdmin\3.2.2-SNAPSHOT\jemalloc.dll

Filesize
248KB

MD5
cdcaa2d4874a0aaab526c52e1fff2fea

SHA1
8a6eb00b934da6c97b0dc9d2dc321843076c8987

SHA256
b147a3cc1fce8a514a558a030fe647a4a91761769eedec1c1ca2be1cd712a9e8

SHA512
270ae883818c2cea891c3efae717aa3f455c902721ad80441b0f2b28e58bf9aeba67bb1fb65d76f20d09a4c937a089ee1018439b3815b9fcdb7d7fdcce704853

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjglAdmin\3.2.2-SNAPSHOT\lwjgl.dll

Filesize
439KB

MD5
310adc26c92b020fb6d2944092d81312

SHA1
d01410449d2402a952e9a6063699f1868196883f

SHA256
207fcf6f27e60600772d202f52ba00edcd085048da30523d3ac03092dd30f873

SHA512
db4c6f1c8accea57ad395be51f3fd673cd5577b955ea5051ffd2269c1fa62437e18753104499ecd0af954fd5fc6a9478a13f499f68dc1e12295823f7120ede2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lwjglAdmin\3.2.2-SNAPSHOT\lwjgl_tinyfd.dll

Filesize
209KB

MD5
5dc7452c51330beb7a178d7093cdac49

SHA1
ec0fd8007afba6697d5b3b8249b5be27096a0ce8

SHA256
696a87865bf27f2cb9bc866e6d75e1a4ee3e8c469180cb9f8ebb90a2af876d10

SHA512
a671123d7ea2f5dd2f307e19627b456b7a1fe62920c64cb08fdcc4be5f0ba017c5b72a0e9ba428fa5996a82584e039818bc41051b7e883d70252b69926f82716

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-786284298-625481688-3210388970-1000\83aa4cc77f591dfc2374580bbd95f6ba_1b74ca46-c49b-4c52-a57d-8cd1ff70c625

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
memory/1520-139-0x0000023348A20000-0x0000023348A30000-memory.dmp

Filesize
64KB

Download
memory/1520-159-0x0000023348990000-0x00000233489A0000-memory.dmp

Filesize
64KB

Download
memory/1520-73-0x0000023348810000-0x0000023348820000-memory.dmp

Filesize
64KB

Download
memory/1520-77-0x00000233488F0000-0x0000023348900000-memory.dmp

Filesize
64KB

Download
memory/1520-76-0x0000023348820000-0x0000023348830000-memory.dmp

Filesize
64KB

Download
memory/1520-79-0x0000023348830000-0x0000023348840000-memory.dmp

Filesize
64KB

Download
memory/1520-80-0x0000023348900000-0x0000023348910000-memory.dmp

Filesize
64KB

Download
memory/1520-83-0x0000023348840000-0x0000023348850000-memory.dmp

Filesize
64KB

Download
memory/1520-84-0x0000023348910000-0x0000023348920000-memory.dmp

Filesize
64KB

Download
memory/1520-85-0x0000023348850000-0x0000023348860000-memory.dmp

Filesize
64KB

Download
memory/1520-86-0x0000023348920000-0x0000023348930000-memory.dmp

Filesize
64KB

Download
memory/1520-92-0x0000023348940000-0x0000023348950000-memory.dmp

Filesize
64KB

Download
memory/1520-91-0x0000023348930000-0x0000023348940000-memory.dmp

Filesize
64KB

Download
memory/1520-90-0x0000023348860000-0x0000023348870000-memory.dmp

Filesize
64KB

Download
memory/1520-96-0x0000023348950000-0x0000023348960000-memory.dmp

Filesize
64KB

Download
memory/1520-95-0x0000023348890000-0x00000233488A0000-memory.dmp

Filesize
64KB

Download
memory/1520-94-0x0000023348880000-0x0000023348890000-memory.dmp

Filesize
64KB

Download
memory/1520-93-0x0000023348870000-0x0000023348880000-memory.dmp

Filesize
64KB

Download
memory/1520-99-0x00000233488A0000-0x00000233488B0000-memory.dmp

Filesize
64KB

Download
memory/1520-100-0x0000023348960000-0x0000023348970000-memory.dmp

Filesize
64KB

Download
memory/1520-103-0x00000233488C0000-0x00000233488D0000-memory.dmp

Filesize
64KB

Download
memory/1520-105-0x0000023348980000-0x0000023348990000-memory.dmp

Filesize
64KB

Download
memory/1520-104-0x0000023348970000-0x0000023348980000-memory.dmp

Filesize
64KB

Download
memory/1520-102-0x00000233488B0000-0x00000233488C0000-memory.dmp

Filesize
64KB

Download
memory/1520-108-0x00000233488D0000-0x00000233488E0000-memory.dmp

Filesize
64KB

Download
memory/1520-109-0x0000023348990000-0x00000233489A0000-memory.dmp

Filesize
64KB

Download
memory/1520-113-0x00000233489A0000-0x00000233489B0000-memory.dmp

Filesize
64KB

Download
memory/1520-112-0x00000233488E0000-0x00000233488F0000-memory.dmp

Filesize
64KB

Download
memory/1520-116-0x00000233488F0000-0x0000023348900000-memory.dmp

Filesize
64KB

Download
memory/1520-117-0x00000233489B0000-0x00000233489C0000-memory.dmp

Filesize
64KB

Download
memory/1520-123-0x0000023348900000-0x0000023348910000-memory.dmp

Filesize
64KB

Download
memory/1520-125-0x00000233489D0000-0x00000233489E0000-memory.dmp

Filesize
64KB

Download
memory/1520-124-0x00000233489C0000-0x00000233489D0000-memory.dmp

Filesize
64KB

Download
memory/1520-130-0x00000233489F0000-0x0000023348A00000-memory.dmp

Filesize
64KB

Download
memory/1520-129-0x00000233489E0000-0x00000233489F0000-memory.dmp

Filesize
64KB

Download
memory/1520-128-0x0000023348910000-0x0000023348920000-memory.dmp

Filesize
64KB

Download
memory/1520-132-0x0000023348920000-0x0000023348930000-memory.dmp

Filesize
64KB

Download
memory/1520-133-0x0000023348A00000-0x0000023348A10000-memory.dmp

Filesize
64KB

Download
memory/1520-71-0x0000023348800000-0x0000023348810000-memory.dmp

Filesize
64KB

Download
memory/1520-138-0x0000023348A10000-0x0000023348A20000-memory.dmp

Filesize
64KB

Download
memory/1520-137-0x0000023348940000-0x0000023348950000-memory.dmp

Filesize
64KB

Download
memory/1520-136-0x0000023348930000-0x0000023348940000-memory.dmp

Filesize
64KB

Download
memory/1520-141-0x0000023348950000-0x0000023348960000-memory.dmp

Filesize
64KB

Download
memory/1520-144-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-142-0x0000023348A30000-0x0000023348A40000-memory.dmp

Filesize
64KB

Download
memory/1520-147-0x0000023348960000-0x0000023348970000-memory.dmp

Filesize
64KB

Download
memory/1520-148-0x0000023348A40000-0x0000023348A50000-memory.dmp

Filesize
64KB

Download
memory/1520-151-0x0000023348980000-0x0000023348990000-memory.dmp

Filesize
64KB

Download
memory/1520-155-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-153-0x0000023348A60000-0x0000023348A70000-memory.dmp

Filesize
64KB

Download
memory/1520-152-0x0000023348A50000-0x0000023348A60000-memory.dmp

Filesize
64KB

Download
memory/1520-150-0x0000023348970000-0x0000023348980000-memory.dmp

Filesize
64KB

Download
memory/1520-156-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-74-0x00000233488E0000-0x00000233488F0000-memory.dmp

Filesize
64KB

Download
memory/1520-160-0x0000023348A70000-0x0000023348A80000-memory.dmp

Filesize
64KB

Download
memory/1520-163-0x0000023348A80000-0x0000023348A90000-memory.dmp

Filesize
64KB

Download
memory/1520-162-0x00000233489A0000-0x00000233489B0000-memory.dmp

Filesize
64KB

Download
memory/1520-165-0x00000233489B0000-0x00000233489C0000-memory.dmp

Filesize
64KB

Download
memory/1520-167-0x0000023348AA0000-0x0000023348AB0000-memory.dmp

Filesize
64KB

Download
memory/1520-166-0x0000023348A90000-0x0000023348AA0000-memory.dmp

Filesize
64KB

Download
memory/1520-186-0x0000023348B10000-0x0000023348B20000-memory.dmp

Filesize
64KB

Download
memory/1520-185-0x0000023348AF0000-0x0000023348B00000-memory.dmp

Filesize
64KB

Download
memory/1520-184-0x00000233489F0000-0x0000023348A00000-memory.dmp

Filesize
64KB

Download
memory/1520-183-0x00000233489E0000-0x00000233489F0000-memory.dmp

Filesize
64KB

Download
memory/1520-181-0x0000023348B00000-0x0000023348B10000-memory.dmp

Filesize
64KB

Download
memory/1520-180-0x0000023348AD0000-0x0000023348AE0000-memory.dmp

Filesize
64KB

Download
memory/1520-179-0x0000023348AE0000-0x0000023348AF0000-memory.dmp

Filesize
64KB

Download
memory/1520-178-0x0000023348AC0000-0x0000023348AD0000-memory.dmp

Filesize
64KB

Download
memory/1520-175-0x0000023348AB0000-0x0000023348AC0000-memory.dmp

Filesize
64KB

Download
memory/1520-174-0x00000233489D0000-0x00000233489E0000-memory.dmp

Filesize
64KB

Download
memory/1520-173-0x00000233489C0000-0x00000233489D0000-memory.dmp

Filesize
64KB

Download
memory/1520-189-0x0000023348B20000-0x0000023348B30000-memory.dmp

Filesize
64KB

Download
memory/1520-188-0x0000023348A00000-0x0000023348A10000-memory.dmp

Filesize
64KB

Download
memory/1520-202-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-198-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-72-0x00000233488D0000-0x00000233488E0000-memory.dmp

Filesize
64KB

Download
memory/1520-66-0x00000233487F0000-0x0000023348800000-memory.dmp

Filesize
64KB

Download
memory/1520-67-0x00000233488B0000-0x00000233488C0000-memory.dmp

Filesize
64KB

Download
memory/1520-68-0x00000233488C0000-0x00000233488D0000-memory.dmp

Filesize
64KB

Download
memory/1520-62-0x00000233487E0000-0x00000233487F0000-memory.dmp

Filesize
64KB

Download
memory/1520-63-0x00000233488A0000-0x00000233488B0000-memory.dmp

Filesize
64KB

Download
memory/1520-57-0x00000233487D0000-0x00000233487E0000-memory.dmp

Filesize
64KB

Download
memory/1520-58-0x0000023348870000-0x0000023348880000-memory.dmp

Filesize
64KB

Download
memory/1520-59-0x0000023348880000-0x0000023348890000-memory.dmp

Filesize
64KB

Download
memory/1520-60-0x0000023348890000-0x00000233488A0000-memory.dmp

Filesize
64KB

Download
memory/1520-53-0x0000023348860000-0x0000023348870000-memory.dmp

Filesize
64KB

Download
memory/1520-52-0x00000233487C0000-0x00000233487D0000-memory.dmp

Filesize
64KB

Download
memory/1520-50-0x0000023348850000-0x0000023348860000-memory.dmp

Filesize
64KB

Download
memory/1520-49-0x00000233487B0000-0x00000233487C0000-memory.dmp

Filesize
64KB

Download
memory/1520-47-0x0000023348840000-0x0000023348850000-memory.dmp

Filesize
64KB

Download
memory/1520-45-0x0000023348830000-0x0000023348840000-memory.dmp

Filesize
64KB

Download
memory/1520-42-0x0000023348540000-0x00000233487B0000-memory.dmp

Filesize
2.4MB

Download
memory/1520-43-0x0000023348820000-0x0000023348830000-memory.dmp

Filesize
64KB

Download
memory/1520-40-0x0000023348810000-0x0000023348820000-memory.dmp

Filesize
64KB

Download
memory/1520-36-0x0000023348800000-0x0000023348810000-memory.dmp

Filesize
64KB

Download
memory/1520-34-0x00000233487F0000-0x0000023348800000-memory.dmp

Filesize
64KB

Download
memory/1520-32-0x00000233487E0000-0x00000233487F0000-memory.dmp

Filesize
64KB

Download
memory/1520-30-0x00000233487D0000-0x00000233487E0000-memory.dmp

Filesize
64KB

Download
memory/1520-27-0x00000233487C0000-0x00000233487D0000-memory.dmp

Filesize
64KB

Download
memory/1520-25-0x00000233487B0000-0x00000233487C0000-memory.dmp

Filesize
64KB

Download
memory/1520-20-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-19-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-3-0x0000023348540000-0x00000233487B0000-memory.dmp

Filesize
2.4MB

Download
memory/1520-204-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-252-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-273-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/1520-345-0x0000023346C70000-0x0000023346C71000-memory.dmp

Filesize
4KB

Download
memory/4372-0-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download