05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Analysis

max time kernel
310s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.exe
Size

1.6MB
MD5

b63468dd118dfbca5ef7967ba344e0e3
SHA1

2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512

007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
SSDEEP

49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	MinecraftJava.exe

Executes dropped EXE 2 IoCs

pid	Process
2452	javaw.exe
1720	MinecraftJava.exe

Loads dropped DLL 32 IoCs

pid	Process
4420	SKlauncher-3.2.exe
2452	javaw.exe
2452	javaw.exe
2452	javaw.exe
2452	javaw.exe
2452	javaw.exe
2452	javaw.exe
2452	javaw.exe
2452	javaw.exe
2452	javaw.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	javaw.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	javaw.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	MinecraftJava.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	MinecraftJava.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MinecraftJava.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MinecraftJava.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MinecraftJava.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	MinecraftJava.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\	MinecraftJava.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	MinecraftJava.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	MinecraftJava.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
448	msedge.exe
448	msedge.exe
3728	identity_helper.exe
3728	identity_helper.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe
1720	MinecraftJava.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4420	SKlauncher-3.2.exe
4420	SKlauncher-3.2.exe
4420	SKlauncher-3.2.exe
1720	MinecraftJava.exe
4420	SKlauncher-3.2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 1496	4420	SKlauncher-3.2.exe	86
PID 4420 wrote to memory of 1496	4420	SKlauncher-3.2.exe	86
PID 4420 wrote to memory of 3872	4420	SKlauncher-3.2.exe	88
PID 4420 wrote to memory of 3872	4420	SKlauncher-3.2.exe	88
PID 4420 wrote to memory of 3112	4420	SKlauncher-3.2.exe	98
PID 4420 wrote to memory of 3112	4420	SKlauncher-3.2.exe	98
PID 4420 wrote to memory of 1928	4420	SKlauncher-3.2.exe	106
PID 4420 wrote to memory of 1928	4420	SKlauncher-3.2.exe	106
PID 1928 wrote to memory of 448	1928	rundll32.exe	107
PID 1928 wrote to memory of 448	1928	rundll32.exe	107
PID 448 wrote to memory of 4720	448	msedge.exe	108
PID 448 wrote to memory of 4720	448	msedge.exe	108
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4448	448	msedge.exe	109
PID 448 wrote to memory of 4816	448	msedge.exe	110
PID 448 wrote to memory of 4816	448	msedge.exe	110
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111
PID 448 wrote to memory of 5028	448	msedge.exe	111

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4420
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:1496
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:3872
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:3112
- C:\Windows\SYSTEM32\rundll32.exe
  rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd425e46f8,0x7ffd425e4708,0x7ffd425e4718
      4⤵
      PID:4720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
      4⤵
      PID:4448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
      4⤵
      PID:5028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
      4⤵
      PID:2676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:1596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
      4⤵
      PID:2780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
      4⤵
      PID:3504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
      4⤵
      PID:3096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
      4⤵
      PID:3616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
      4⤵
      PID:1700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
      4⤵
      PID:3168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15673843929405455214,14620222694461290372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4616 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:376
- C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe
  C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe -XshowSettings:properties -version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:2452
- C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe
  C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe -Xdiag -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=16M -Djava.net.preferIPv4Stack=true -Xmx4096m -javaagent:C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar -DMcEmu=net.minecraft.client.main.Main -Dlog4j2.formatMsgNoLookups=true -Djava.rmi.server.useCodebaseOnly=true -Dcom.sun.jndi.rmi.object.trustURLCodebase=false -Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050 -Djna.tmpdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050 -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050 -Dio.netty.native.workdir=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050 -Dminecraft.launcher.brand=java-minecraft-launcher -Dminecraft.launcher.version=1.6.93 -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.3.10\brigadier-1.3.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\8.0.16\datafixerupper-8.0.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-arm64.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows-x86.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1.jar net.minecraft.client.main.Main --username porti --version 1.21.1 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 17 --uuid 011ebaf8fe4438e0a12b2c8f4e855073 --accessToken 51c4c1408f434d858b5798f6ecc76b8b --clientId 0 --xuid 0 --userType msa --versionType release
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
24160880ec5a2979174c47d1bf113d22

SHA1
59fe20f3636ed9d7f672c0e201ba45d36494b5e6

SHA256
74561f0d3cc1263d73fcd1b9861e3946c8b38b81c04ce710ea133d736b13b1c0

SHA512
f0ba5487462be67af505c716d6cba4809801d928d14ac6690ab41851902312fa627293f876f847edd99c91ffc9e48d4df38d899aee877ec00cfd79b41d526732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
172c0e8162abc859337aa529039c4b31

SHA1
2fa53e3eaadc25ebd4ed2c7e47bbaa94f08cd2e4

SHA256
bee669574da7e162531e67c32f9f6a59b3bf38e29fde39cd187178ac4e08b094

SHA512
fe9747238dd8adb997d7e106e038de8449a8867690ce8df9e62e24a72f5307b70b319df97ffce5f75535be09dd9cbcf75be33cf4fe3c5d3e37cdaae2b86e4873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
361B

MD5
8460dcc97e077ec194f361aae3494dc7

SHA1
5b926aec4907f113faaf76a67f2e6b3078c437f4

SHA256
8a4623fe6ffd7d8aef7ed1d4818997ceb661c7d6c93c4d3df7c437cbd3babe24

SHA512
353628784d5f5014e0805a1ca72d6e622aeee8b2c56fb537cc54146ad9da6ad8bd28928da0131985a1bf4235b42bca2e8b4e9ad7081b24bf973047d7b566fd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fdb54356f17943cc19dd0fc2baff2f4

SHA1
0be601d28b42619117a4d1be6848722658221bba

SHA256
073c20718cdcba5a3ed167bd7ec4382f92ce83c871c852f3eb806c91229c845a

SHA512
342c242df5d8205bb1731f8d1335d540e232ec67a1f6df0fbb184cfca049c92b87e24a608968e16291d48b9995f0082109147a619b1d1780123623281fc2823f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e35f0654d17ad08c455603324ccce140

SHA1
0cf5f24118cec86164c765d035c97349b05e8370

SHA256
b65e8e5f39746508ae2508873c697f865b4b61750b0cdf3072109278f987b12b

SHA512
2e83cf8ed432916165205cda6da1cdcd1fc1e220caded5c97cfab884386280de6ad741ec008c532b4a2d4d562fc08153f85d05f7dd0ea7b3950230947ca6ef6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b0b56184d109eb83aa8e833656271dff

SHA1
1d82ed1575d4a31b58cc10de258cfefe4da01ad7

SHA256
99457f6a04ac24b8398a0378ff5dc95f6e5d5f1d29e356d39f69b3a2df8e9840

SHA512
30dc174d146e0b6b6fbf96bcacefda761580514c4044c14996e4178df9ff3025fb5956d11153684cd2b651b6f015db255df322c639651c0d38c5fb9beb9ba065

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF2814710351278478019.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5300236551424923109.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF8226029104377399159.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\SKL_TempStyleClass1460252071482926745.css

Filesize
264B

MD5
efc4d8d677045102ef5d0c9dad45e9ab

SHA1
b09108160f0b41463c8b49c3154709867803b7ba

SHA256
203015cc925d561820d225a795e1c6a56e49ff12fe4c874709e717335aa0dc18

SHA512
a67beeafc15cef58cdd0d3d26445ca2cf6eea067320909deaa8a3d05452eec4ea8140b70d67a305ef3a376b5eb52590305240130853e594541bdadb88c226a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4jBE3F.tmp_dir1724304422\SKlauncher-3.2.jar

Filesize
1.1MB

MD5
4d653e61ba01a521c56b9a70a9c9814e

SHA1
de855dc3dbc914b497b58da92e0c21fff660796d

SHA256
f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350

SHA512
e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4877505135100.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

Filesize
559B

MD5
f9fd8a50bb837eff2af8a4242f7e9cd1

SHA1
56571f60bcd43b84f800c8ae5348bbd19a66b9af

SHA256
6ad2c415bab863e265332a6c2dcf060dc5036118d31ab951a39cf2b7e8ea1d8e

SHA512
d261c2a22a7453318760f701213606a9e6857f01b361e9639228a340a854417ac7bef13cf50af1ce4a266e0f8af6fae527291a935b779327ba07fe50d22647f7

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar

Filesize
956KB

MD5
75676ac6c1a3c4b0938f73e03eef8cad

SHA1
b1d8ab82d11d92fd639b56d639f8f46f739dd5fa

SHA256
fef001a7a13515c273f30915915580782afbc45273cc07aa15994e51563ef310

SHA512
c1e60c340ad0d603f37d6ae0b5ed5ac2833b382dbcceaae84cca69cbf8c4dc9baa7ff741002da3e408426e5100f6c6402713083a05b1a4e3bc5e98923d7a15d4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar

Filesize
276KB

MD5
df6097815738cb31fc56391553210843

SHA1
b3add478d4382b78ea20b1671390a858002feb6c

SHA256
4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593

SHA512
7503e4b8d05c6cc0ecb3a94c5a2e070e049083a441003a79a0cdf474f4286699b4ba1d2a655ddabb8ba10c50e7c36a7045cccdaee465166d4630db647aba2727

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar

Filesize
4KB

MD5
091883993ef5bfa91da01dcc8fc52236

SHA1
1dcf1de382a0bf95a3d8b0849546c88bac1292c9

SHA256
a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26

SHA512
f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar

Filesize
2.9MB

MD5
5fe031b3b35ed56182478811a931d617

SHA1
5e64ec7e056456bef3a4bc4c6fdaef71e8ab6318

SHA256
bc65dea7cfd9e4dacf8419d8af0e741655857d27885bb35d943d7187fc3a8fce

SHA512
d683751034688863dc82315a75620abbeeca525cc592d5227b136c29902a0d035f306c6bfaf87d00d95bd1bd967953b00a932286ce09cfba1a0fb35efd852cd4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar

Filesize
13.9MB

MD5
23a23de561dd4f83e13d46e7273a35de

SHA1
61ad4ef7f9131fcf6d25c34b817f90d6da06c9e9

SHA256
29280822f4b0796acef1f79b90b1d0c1edd86c10e876a848e04b8a6298a16bf9

SHA512
cec14b1da327c77c28ac9110af772d771df6297050dc79919c57059486eaf502ca542223c4a0f5bdb1ddf22d645b550f3b40422ee5d5fb0ebdbb07231e28746c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\6.0.54\authlib-6.0.54.jar

Filesize
112KB

MD5
8d5cc32d757f204ed369e6b27ff99469

SHA1
de8bc95660e1b2fe8793fd427a7a10dcec5b3ea7

SHA256
319ea7b53b5e52f62ad3e2b81e9db7f0751240edac548bd74f5f19e35dc21a3b

SHA512
4390482f1f8cfb65735670efc5ecc14913d6a637c35c30c4ace35b346751b7fdeb5ab1eb9e183b40b57f251ded8ab57e3d77d195d14e21910acc8e327241359c

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar

Filesize
964B

MD5
fc1420e3182dd32b4df9933f810ebebb

SHA1
5c685c5ffa94c4cd39496c7184c1d122e515ecef

SHA256
830bfd639c8db49236bbd8e45d3a2b8c96c56ff654a10118654958a6235d4c44

SHA512
10da612530b7c1e1ef3acd02d2d71fd689f3688fcdcd8b0710a9af646816c88fedc6ed2ea8da2d58e61c6ffc9347a61993bd27dfe04cfc3b646a927bcc48da4d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.3.10\brigadier-1.3.10.jar

Filesize
78KB

MD5
a755b426eb7942bb74b46a95b02f1de4

SHA1
d15b53a14cf20fdcaa98f731af5dda654452c010

SHA256
c8ee4136e474ac7723ca2b432ec8d1a2bc88ef7d1ec57c314ba9e33cdc83dd75

SHA512
0624558709ec500f162cd6b4281fbb8be8cac70fd87d8b80cdb505f40b827ff689cea2993875b51c6aaac23f4fe6e32a5fd739ce1181559b5a95acb840c7eb47

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\8.0.16\datafixerupper-8.0.16.jar

Filesize
707KB

MD5
d932ac637b6d83e6c45a8f269fe81e3b

SHA1
67d4de6d7f95d89bcf5862995fb854ebaec02a34

SHA256
ffc138bc2596c291781b0d5e211ccac51f0f2345f27fc2742f335cedf7e2870d

SHA512
e48c978fe722cf1e0c7d604dda90f85211bc0cff262f300f33bf0293a50da7c67fa0daafe2b511189f41578893c58f187912437b058787e685bec6b09af0711a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.2.7\logging-1.2.7.jar

Filesize
14KB

MD5
d01ea99740509a58222a426cc36f5456

SHA1
24cb95ffb0e3433fd6e844c04e68009e504ca1c0

SHA256
3dc3190204bac5f4184d8405bfe1f724f73a6a15a0d3f36ec7f69e6872c1a76c

SHA512
4637804df47b9191de9d219a12374c45175e790dc230040946db541022fb06ee5f6c1fd07cd6700465a6add5e66e96bf364e410da32bfacc4044507424a96e1e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar

Filesize
4KB

MD5
ff905bf0aacf501149a13880a2d6742d

SHA1
da05971b07cbb379d002cf7eaec6a2048211fefc

SHA256
16d70e7968b45caffc81576268eb000f473fb60bf257182d3447dea8ec919d5a

SHA512
5d66d948fc5e4be401ce6800f36ae896b9315abbb63cc0c0d489ac10651392522c9e52d2a42bdeba095b713917f41ff04121d34675c504da716bafa55355e171

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar

Filesize
11KB

MD5
f5b05e8db22e2e0668b786e11ac9d3ce

SHA1
3cad216e3a7f0c19b4b394388bc9ffc446f13b14

SHA256
c2a95b499e76fada7dd63e9b0ec797b678d411c2b0ee6f37f4dc674662bfb0af

SHA512
e7a9ca0449f1fcde00f242043e6f2890993aed4d98621e77a46858c7c9f4a1e5134cc77c33dd2d3b83b2e7164e99a616e3aaefbe860bb209be23e74f7b32a29f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar

Filesize
352KB

MD5
6e26920fa7228891980890cce06b718c

SHA1
4e3eb3d79888d76b54e28b350915b5dc3919c9de

SHA256
56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d

SHA512
eee671e66d808b56b81e15574675cf132d7628c010736d580915bbf8c04849f04df1d95ddeea13c4e119f8f0a564c7003beeb8ab437564e080ee27063c1e52b9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\instrument.dll

Filesize
40KB

MD5
25877c45f515deeda937a433fc9d8638

SHA1
ad3ecbae138e73104eddbcb38547eaba9e19c29a

SHA256
c1694de697acb4830726fbd9ba88f94c49ea152900cd353c6feffaedf90b23a5

SHA512
09a23ad95f979b462a79ccc2f426d81f5a641ad3ba96afa3f0f9d17f2c7c9c624b10719cd5c5771ae8465466c6f73aa5b2a41dbaf2020b9c98ea8479d885d019

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\java.dll

Filesize
108KB

MD5
457499494ca72d3c07f4e85fbb6ca4df

SHA1
68906a6cd331bed1fad68b0e12ae0782b1d1680b

SHA256
82335b932f11482c5f36d12786a9301800daab0e828b3b16abf68c12d4fbe5bd

SHA512
3c2a7e67af1e0522a2c6c3d6ebc41ea942c2bae361b8f04d983f9227afbedfb704a93a8838f2b2ce84997cc5a1a72bccbbf0ba2a7bb07370fad725409174499a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\javaw.exe

Filesize
38KB

MD5
f548570563577d875b23595d678f1524

SHA1
6b306b9b213f0f9a58a48b37358aa8c5922edc99

SHA256
b279c3aea41953bf7a674084fd866b211df000855504add21fa0da8bf06468a9

SHA512
3686cc38e204ca8a4018ad18a8ba5884dad8b0549ac79b471e973de19ce3435b36d030ff92c826d5b8f371c90640a1cbc52b9118e7a4806d3571894829dcccbf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\jimage.dll

Filesize
22KB

MD5
730f42f7933defd6f76cf31831c34d4e

SHA1
9d18162dcc2f33d36a6e9bdb5e7c0c582406fd9d

SHA256
27a502b241ab2071f82dc70580417e99289ec8a9fe29d5363c69d9bae8cc1af9

SHA512
94b2db8a2cfda6a00f0ce784e0c37c3beea92ecef944a53f747b919c39c18d8f16fac1943645a437c07a07519fd0f3db2cc5bbd1ccc91a14dd470e3b524cf6fe

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\jli.dll

Filesize
77KB

MD5
b8055efdd184b39d15b663f2aa04550f

SHA1
901c0e89e9de8c6df0055b2fae83a6d653ff9c40

SHA256
e933cf502c14a1af8994f0e64853b98190f0ea2fcf062f7f80cf1712080b4f9c

SHA512
b114cc1d6ae7feda2cbe7ca23bb008746be8f72314b097a7d297238c94caebf78f5c103502dfbf9854d94f342962ac776cf215e4d99c40c80388ac5df43d102f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\jsvml.dll

Filesize
839KB

MD5
33c5b025990bedbb0027ebca936134cd

SHA1
a801dcd56f41a086337f136cea81ccedf36ad57f

SHA256
e1ddd4d366dbfaf78d342e91665cba387d5fa90dd1172efa5567016c689d7f34

SHA512
7ebd988b33edd8b24034fd60b107953bd9dd41f9d36facf7b05a530b6c383b96d3582c930244a0f6bfd93bbf8e7b4c93491a61e85119f8486dc682c4f2df4024

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\net.dll

Filesize
47KB

MD5
6a223da529e7ca5d493b2c00a82577e8

SHA1
ea8856f004ad8d8502b7df086d15c88ac96cc06a

SHA256
50491e9ca18a77c3012dbcfb9c4a89786949ba966f5abe9977d18cbde4f92faa

SHA512
4502ce6b0b960c411b8ba52ecad400ba844034e36d87eb710ae775af2966bc26645cb1556251ea1f9f29b89aee52e00331aaf9d0f779735349dd49e2c2861a23

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\nio.dll

Filesize
68KB

MD5
74c61a471c1fefd9b23871fc432762c4

SHA1
f1efba66e37d299ab5fce0f0b9cc33d03cfc139d

SHA256
819cd3f849aeb6394acc5b28d4c2629bcf04becafc121a8cc5e092f7f42625a2

SHA512
c6e542fb04b32545d9656e193f9dce98009830b1da427e5fbcd5b21915252222e75f1a68af34e65a7faa1569a95ad66346cf5adf33c4c61a6b83d89955b63bb6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\server\jvm.dll

Filesize
13.2MB

MD5
e9b6daf0745597cecdac3059143505fd

SHA1
2c6d4109e1f29a90d54480494dab77b47a6d0d95

SHA256
b5b8c413b1a51b9c4c6489b99197208ed676c9a8c1b8158967ddb8f58efed649

SHA512
c587d36e6b746b453cbbd2a5920b6e2d32f297e0bdc50b5c3d0323f0a7604adf472783bedcf9e1afb3ed4f7b35087c5bc600677487258f4fad05ded38400ecca

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\bin\zip.dll

Filesize
77KB

MD5
69e1a1e6e0ca8fb542e11b4be5c0502d

SHA1
c915dd2ce2b7a410c76c6990509eff9fca594d2a

SHA256
d030ef0d7a9113051d14455f929df54bf4f95296016a383bb3763b640497d260

SHA512
5e71383425876e6a6c6e21a0d285ed3229c7ec7e01d0c6a328b2d3fc93f6ea799251e582b4106090e5633ad7acf5c5e2c151710d8012dc30433490e4a0d54f6a

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.incubator.vector\LICENSE

Filesize
32B

MD5
663f71c746cc2002aa53b066b06c88ab

SHA1
12976a6c2b227cbac58969c1455444596c894656

SHA256
d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80

SHA512
507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.jshell\ADDITIONAL_LICENSE_INFO

Filesize
48B

MD5
512f151af02b6bd258428b784b457531

SHA1
84d2102ad171863db04e7ee22a259d1f6c5de4a5

SHA256
d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83

SHA512
1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.jshell\ASSEMBLY_EXCEPTION

Filesize
43B

MD5
bd468da51b15a9f09778545b00265f34

SHA1
c80e4bab46e34d02826eab226a4441d0970f2aba

SHA256
7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b

SHA512
2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\lib\jvm.cfg

Filesize
29B

MD5
7ce21bdcfa333c231d74a77394206302

SHA1
c5a940d2dee8e7bfc01a87d585ddca420d37e226

SHA256
aa9efb969444c1484e29adecab55a122458090616e766b2f1230ef05bc3867e0

SHA512
8b37a1a5600e0a4e5832021c4db50569e33f1ddc8ac4fc2f38d5439272b955b0e3028ea10dec0743b197aa0def32d9e185066d2bac451f81b99539d34006074b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\minecraft-java-exe\MinecraftJava.exe

Filesize
67KB

MD5
575230bd0c50dac003d275dab323d2f9

SHA1
4f97aff9b52b3d2736993a35f9fea303c3e09cda

SHA256
6e7dcf3dca0f14a9d2e1a20af11c400bf4164e02708d819768fcc4231b4f4ba2

SHA512
b9d3ff63f982592f6e28f17eeaadf0549cfbb8e5268ef1dabc763f42b6a27f1f1e1bafe3e901215e95431de5f2ac5abf515864898d8aef5c38deb7a7abfeda32

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
14.2MB

MD5
877d1de4055700d423e6520c68e911f1

SHA1
04cb1e91ad4ec05ab3e8e7b0220ee09c7cab6ee6

SHA256
45d333ebb6fd6f3d46b4be2f21d70ab49a703f8f871c1d7d7ece455d083e19a5

SHA512
516ec20ff5ccdad38252ea10d56a29feb1f0d903bbbc54002a9ad8bdcd464b9ab4f5eeaf7ebd925def3e1a0f09536eda404a8854553b84ebbea7dfd29d3d57fe

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050\glfw.dll

Filesize
484KB

MD5
8cabdbe3d67546771b02af5d42073cfe

SHA1
2e19147110b9872a52814956bab151a7aa80ce58

SHA256
affa7e54eb0dedce4a5721c327c1a16035edbbd039cd402e08107d6d2d55eb1a

SHA512
b7f46feef779e5772fc7711fda601fdda6ee4bf41d4fb87735a0b8fdc5fdbbdab23ba1760989e15d66cf9ba65409933cbce858eda169d04f13f401198245ad1f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050\jemalloc.dll

Filesize
389KB

MD5
e58d41175587d4355fe06bf8b8a1ab32

SHA1
6403f8243ea983a225b3bcda6c821a0029ad9ee2

SHA256
9abf0095066ebab37b78968e11370a8078313e48cb5be8eda01f67623c6a6248

SHA512
fc432ddb67dce8a672ac268d25f01d40c1d614e4ef34cbac6c4a2c01742ebab5d00c7ef5d9f0ef46ce0b3b6a4d5ace581fcf8c247d492c3882f561015d9e2ae4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050\jna2904884968580687230.dll

Filesize
248KB

MD5
719d6ba1946c25aa61ce82f90d77ffd5

SHA1
94d2191378cac5719daecc826fc116816284c406

SHA256
69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44

SHA512
119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050\lwjgl.dll

Filesize
468KB

MD5
d8ea3886d9f59b514bfa5b24ab69c0ab

SHA1
2bf57942dff5360889f0e89c58d5acdc54e5f1ea

SHA256
a39adf52947fafd954c2a86ce031abb8c59825f7ee50337ac8c41e4280abe82d

SHA512
ba8af0415c7b0454dd8bdccf78ed59da3bb5cc5f631dd060d3cd0eaf74d8f55d7531248b6b8a995ba5b672dc0386d3fa198e8c761f2e1cc0304da0dc029bf29e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.21.1\1.21.1-natives-764537150050\lwjgl_tinyfd.dll

Filesize
246KB

MD5
e7349669dee3093d266849685efecc60

SHA1
e7c3d94ad9d83f0762dfd82780d2a683d5d9b3c0

SHA256
ec7d76e6ef7a99628ef6f8b6e544294b700108c341837779e6e2c01c0bc3da9c

SHA512
41d772a4a9673db43a4584af78d5c128278b27efc01b7da47a9f8f629fd004aa8e4c63186d93b6cb7b664325272f0a291a1e80d9ae799910989171c1cdec34c8

Download Submit
memory/1496-5-0x0000017C928D0000-0x0000017C92B40000-memory.dmp

Filesize
2.4MB

Download
memory/1496-15-0x0000017C928B0000-0x0000017C928B1000-memory.dmp

Filesize
4KB

Download
memory/1496-16-0x0000017C928D0000-0x0000017C92B40000-memory.dmp

Filesize
2.4MB

Download
memory/3872-30-0x000002DB09550000-0x000002DB097C0000-memory.dmp

Filesize
2.4MB

Download
memory/3872-19-0x000002DB09550000-0x000002DB097C0000-memory.dmp

Filesize
2.4MB

Download
memory/3872-29-0x000002DB07EE0000-0x000002DB07EE1000-memory.dmp

Filesize
4KB

Download
memory/4420-237-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-45-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-220-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-241-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-175-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-243-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-139-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-127-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-121-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-81-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-49-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-213-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-33-0x0000000002400000-0x0000000002670000-memory.dmp

Filesize
2.4MB

Download
memory/4420-233-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-719-0x0000000002400000-0x0000000002670000-memory.dmp

Filesize
2.4MB

Download
memory/4420-222-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-215-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-246-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-251-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-257-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-261-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-270-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4420-214-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download