e9817d78f96e8722c0d00b28f93100ce520a42aaeb3d1d1092d3f98b9c52c835

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 09:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

KLauncher.jar
Size

18.3MB
MD5

0c07081fae7c3e21a66d0a29ca993dce
SHA1

5e85521a4fa5cfdf91cf79df4be738d67ec6f173
SHA256

95def387573010db00059518ad4f6ef4bcf4214a21dc7db4b3998159dc104c66
SHA512

cad1ec439a1249b7f5f84aa1d973f68ecc8e35f2cc07ef2241267d4b1e032d8f926b9852bc9f95bb8dba05784a91885259c48d3788f638ddb947c9eee14b4653
SSDEEP

393216:LHOsugDBfcbVnMJnGrT8t+7vyE6tL8a10Zh4pOsrKadFu7xmwaMzry04PcMx0M:Lusb1c6JGrQtQvyE6D10Z2ksq7xvDz2V

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1588	javaw.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3844	timeout.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1960	WMIC.exe
Token: SeSecurityPrivilege	1960	WMIC.exe
Token: SeTakeOwnershipPrivilege	1960	WMIC.exe
Token: SeLoadDriverPrivilege	1960	WMIC.exe
Token: SeSystemProfilePrivilege	1960	WMIC.exe
Token: SeSystemtimePrivilege	1960	WMIC.exe
Token: SeProfSingleProcessPrivilege	1960	WMIC.exe
Token: SeIncBasePriorityPrivilege	1960	WMIC.exe
Token: SeCreatePagefilePrivilege	1960	WMIC.exe
Token: SeBackupPrivilege	1960	WMIC.exe
Token: SeRestorePrivilege	1960	WMIC.exe
Token: SeShutdownPrivilege	1960	WMIC.exe
Token: SeDebugPrivilege	1960	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1960	WMIC.exe
Token: SeRemoteShutdownPrivilege	1960	WMIC.exe
Token: SeUndockPrivilege	1960	WMIC.exe
Token: SeManageVolumePrivilege	1960	WMIC.exe
Token: 33	1960	WMIC.exe
Token: 34	1960	WMIC.exe
Token: 35	1960	WMIC.exe
Token: 36	1960	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1960	WMIC.exe
Token: SeSecurityPrivilege	1960	WMIC.exe
Token: SeTakeOwnershipPrivilege	1960	WMIC.exe
Token: SeLoadDriverPrivilege	1960	WMIC.exe
Token: SeSystemProfilePrivilege	1960	WMIC.exe
Token: SeSystemtimePrivilege	1960	WMIC.exe
Token: SeProfSingleProcessPrivilege	1960	WMIC.exe
Token: SeIncBasePriorityPrivilege	1960	WMIC.exe
Token: SeCreatePagefilePrivilege	1960	WMIC.exe
Token: SeBackupPrivilege	1960	WMIC.exe
Token: SeRestorePrivilege	1960	WMIC.exe
Token: SeShutdownPrivilege	1960	WMIC.exe
Token: SeDebugPrivilege	1960	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1960	WMIC.exe
Token: SeRemoteShutdownPrivilege	1960	WMIC.exe
Token: SeUndockPrivilege	1960	WMIC.exe
Token: SeManageVolumePrivilege	1960	WMIC.exe
Token: 33	1960	WMIC.exe
Token: 34	1960	WMIC.exe
Token: 35	1960	WMIC.exe
Token: 36	1960	WMIC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1780	java.exe
2788	javaw.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1588	1780	java.exe	98
PID 1780 wrote to memory of 1588	1780	java.exe	98
PID 1588 wrote to memory of 2788	1588	javaw.exe	99
PID 1588 wrote to memory of 2788	1588	javaw.exe	99
PID 2788 wrote to memory of 1100	2788	javaw.exe	100
PID 2788 wrote to memory of 1100	2788	javaw.exe	100
PID 1100 wrote to memory of 3844	1100	cmd.exe	102
PID 1100 wrote to memory of 3844	1100	cmd.exe	102
PID 1100 wrote to memory of 956	1100	cmd.exe	103
PID 1100 wrote to memory of 956	1100	cmd.exe	103
PID 956 wrote to memory of 1960	956	cmd.exe	104
PID 956 wrote to memory of 1960	956	cmd.exe	104
PID 1100 wrote to memory of 3436	1100	cmd.exe	105
PID 1100 wrote to memory of 3436	1100	cmd.exe	105
PID 1100 wrote to memory of 3312	1100	cmd.exe	106
PID 1100 wrote to memory of 3312	1100	cmd.exe	106
PID 1100 wrote to memory of 4456	1100	cmd.exe	107
PID 1100 wrote to memory of 4456	1100	cmd.exe	107
PID 1100 wrote to memory of 1136	1100	cmd.exe	108
PID 1100 wrote to memory of 1136	1100	cmd.exe	108
PID 1100 wrote to memory of 2000	1100	cmd.exe	109
PID 1100 wrote to memory of 2000	1100	cmd.exe	109
PID 1100 wrote to memory of 3380	1100	cmd.exe	110
PID 1100 wrote to memory of 3380	1100	cmd.exe	110

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\KLauncher.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:\Users\Admin\AppData\Roaming\.minecraft\kupdater.jar -ex C:\Users\Admin\AppData\Local\Temp\KLauncher.jar -re C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.update
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:1588
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:\Users\Admin\AppData\Local\Temp\KLauncher.jar
    3⤵
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Roaming\.minecraft\replace.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1100
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 2
        5⤵
        Delays execution with timeout.exe
        
        PID:3844
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wmic process where "name='javaw.exe'" get CommandLine
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:956
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic process where "name='javaw.exe'" get CommandLine
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1960
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo CommandLine "
        5⤵
        
        PID:3436
    - - C:\Windows\system32\findstr.exe
        
        findstr /C:"KLauncher.exe"
        5⤵
        
        PID:3312
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:\Users\Admin\AppData\Local\Temp\KLauncher.jar "
        5⤵
        
        PID:4456
    - - C:\Windows\system32\findstr.exe
        
        findstr /C:"KLauncher.exe"
        5⤵
        
        PID:1136
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "
        5⤵
        
        PID:2000
    - - C:\Windows\system32\findstr.exe
        
        findstr /C:"KLauncher.exe"
        5⤵
        
        PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
39a6f6af4003e16de298f1139649b2b2

SHA1
4b3f99c32398d39ccbd1f49ebda86a880b528746

SHA256
0cf1a13ed97de9fc78f06d55230f49284f6b9735f11333058834982ea9c161c6

SHA512
264409580f2e2c7cca9d4358868b15d524a91fd31cb8165cdbc353f3e362d2c4c13224e27aa2501c43daeb67550e79c96d5caf079e3375b164a5d05a19df1179

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF7638357928305196303.tmp

Filesize
66KB

MD5
99c471b10eb25b8f0f1fe76a04926b0f

SHA1
807f89e70ccf186bde048c8a51a5c2d668190797

SHA256
9042ee73964614ed6b3eb4aa30df23c4ac5d3372deffb201ab9287540a34079c

SHA512
cbc263c2fbf1325c56adb312be8026ec25766a172bfd8d742a2e86292692c18fb185f595eb8b6fa2898e66ff95404ae52d9e52c393271e9f1fbbfd6c5bb9707d

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF8577772222035528575.tmp

Filesize
67KB

MD5
945426f5363c482553695c661ebc75a0

SHA1
feb3a62b783c6cba5175e957c6a4d1564e6de534

SHA256
b04761b165a8b32e5ac989a3cee07f27658634e7796f708b3e17ff5ccbe23622

SHA512
12658f86b8c3744329c2a4c4552ce25c5756e29aa984e0c7fd3fdee13abaa51b221d8ff78a9c406b084d3c08fffc3cdcb2b58f9cfb6af707ab9e3bc8fcee9e98

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF8870962422199877793.tmp

Filesize
66KB

MD5
794162f5ab873e624c2e8adaef34aa73

SHA1
5e631244b866752f9232e170ed81ab94d252ac42

SHA256
b272fda2af48d26da480cd02d76059416539612615d38b9145b3f156d677ef7c

SHA512
d14a8abf8a3a4279652132ec145c5fad024001241e6c81d1e07c74ad3d438d61ea6f2e2a3d01812621763afbda99486ebe47f858a8dbd440c82448b1619a2426

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\KLauncher.update

Filesize
18.3MB

MD5
d8a80a9492c84ad16c68a06cf7393f69

SHA1
a0d2d27263b4ea4b29417ad0602e2214f37e23e3

SHA256
33a9487075f1b7f9c8fa91c13cb31adbabf3879322ef5bc01aba3787e1f09f6f

SHA512
5a2f094cc76fdfc37f401173d3d07a083c84cd7470d761969a4a40ba53fec5a255a39118eb40bfd72da7c3b8691e801f5946506ea1cdc8ede8baa0b4c645274b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\temp\jre1.8.0_251\bin\plugin2\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\temp\jre1.8.0_251\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\temp\jre1.8.0_251\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\temp\jre1.8.0_251\lib\deploy\messages_zh_TW.properties

Filesize
3KB

MD5
880baacb176553deab39edbe4b74380d

SHA1
37a57aad121c14c25e149206179728fa62203bf0

SHA256
ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620

SHA512
3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\temp\jre1.8.0_251\lib\images\cursors\win32_CopyNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\java\temp\jre1.8.0_251\lib\security\policy\unlimited\US_export_policy.jar

Filesize
7KB

MD5
12f971b6e65cbc7184701235469f0339

SHA1
06cb165157c5e0078b872c48707a1328b1dcba19

SHA256
84e035372ca8979bb4a387428a74942ffc7248a0e61988b7033b5b266cd187c8

SHA512
58646fc81de2e4750a3259d79a207a8cff2dc6692f178a63d92a453fc408c8d1088007ef4e93157d1017be706565716a0236039dbac848c40745a0ad89c4d0de

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\klauncher.json

Filesize
829B

MD5
90a1f8b57e78a540cc22f20d5685f68c

SHA1
df1e19a407235aea527fc2255c326ce5c802bf44

SHA256
24b1090850264d1f52c5fb082d792189f78c4c32285560e6d87116c0701fea89

SHA512
8c4385f8e89e49d9e59fd9f9e81027c23ec1b5e8df08e09aeecaea04d0e15b2409b9740d50a0cf7e3528eae5701ab091d03d6d47e044d3c176f17103567dc481

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\kupdater.jar

Filesize
3KB

MD5
c4d3e570725472c320c330e6771f0695

SHA1
7a38a7a28e1a35449f9b864ea886b013df2035fe

SHA256
51d149e303f6492860e40d25ea338f1ebafa28feef1347c93c23a15da8d7ddf9

SHA512
defca9be696baa82fc43e6d56724830d64027432954f9d3c92ebdd371e91ad0c05b32d29d0df67808d01e2d84ed105d312ce67acb27675b97a655901c37afa74

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\logs\klauncher\launcher.log

Filesize
1KB

MD5
e9936c00b100cb1b46d9e0ecf22b683c

SHA1
079196fd00a7a50fc75b81d39b8b7da25cfcfa43

SHA256
0cf59741a44f5a6bcf2672fdc8c96232e903cfaef8c8b9c0e62c12d79d577ebd

SHA512
18a0c7b9765a6cbd235c9cc3ddcfa04af82fb525be1a37fd87b66d3170a55c1221dc6b07f6eb72816c132ce97577c32551b6f1a1722da552859cc6da83177db2

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\replace.bat

Filesize
495B

MD5
8f62a173fb56ee0706252bf71b1c01c0

SHA1
befb263fddb49d73d39af354a8ccc4333a0ed33e

SHA256
22eaf23150300acd6ab06bc18757cb25f8f0ac999a6cefb0e9176eb76696c858

SHA512
86c446569364570f2a9387ecc2a69850656e42367de98ca106c8f92f3a0d0b93d825697939da669bdea0fb8d2a89d1eb2bd65ba0494ad88d1ad9e71878ac0687

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-786284298-625481688-3210388970-1000\83aa4cc77f591dfc2374580bbd95f6ba_1b74ca46-c49b-4c52-a57d-8cd1ff70c625

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
memory/1588-475-0x00000259D4430000-0x00000259D4431000-memory.dmp

Filesize
4KB

Download
memory/1780-71-0x0000020C919E0000-0x0000020C919F0000-memory.dmp

Filesize
64KB

Download
memory/1780-163-0x0000020C91A90000-0x0000020C91AA0000-memory.dmp

Filesize
64KB

Download
memory/1780-48-0x0000020C918D0000-0x0000020C918E0000-memory.dmp

Filesize
64KB

Download
memory/1780-49-0x0000020C91970000-0x0000020C91980000-memory.dmp

Filesize
64KB

Download
memory/1780-53-0x0000020C91980000-0x0000020C91990000-memory.dmp

Filesize
64KB

Download
memory/1780-52-0x0000020C918F0000-0x0000020C91900000-memory.dmp

Filesize
64KB

Download
memory/1780-51-0x0000020C918E0000-0x0000020C918F0000-memory.dmp

Filesize
64KB

Download
memory/1780-56-0x0000020C91990000-0x0000020C919A0000-memory.dmp

Filesize
64KB

Download
memory/1780-58-0x0000020C91910000-0x0000020C91920000-memory.dmp

Filesize
64KB

Download
memory/1780-60-0x0000020C919A0000-0x0000020C919B0000-memory.dmp

Filesize
64KB

Download
memory/1780-57-0x0000020C91900000-0x0000020C91910000-memory.dmp

Filesize
64KB

Download
memory/1780-64-0x0000020C91920000-0x0000020C91930000-memory.dmp

Filesize
64KB

Download
memory/1780-63-0x0000020C919C0000-0x0000020C919D0000-memory.dmp

Filesize
64KB

Download
memory/1780-62-0x0000020C919B0000-0x0000020C919C0000-memory.dmp

Filesize
64KB

Download
memory/1780-66-0x0000020C91930000-0x0000020C91940000-memory.dmp

Filesize
64KB

Download
memory/1780-67-0x0000020C919D0000-0x0000020C919E0000-memory.dmp

Filesize
64KB

Download
memory/1780-2-0x0000020C91630000-0x0000020C918A0000-memory.dmp

Filesize
2.4MB

Download
memory/1780-70-0x0000020C91940000-0x0000020C91950000-memory.dmp

Filesize
64KB

Download
memory/1780-77-0x0000020C919F0000-0x0000020C91A00000-memory.dmp

Filesize
64KB

Download
memory/1780-76-0x0000020C91950000-0x0000020C91960000-memory.dmp

Filesize
64KB

Download
memory/1780-80-0x0000020C91A00000-0x0000020C91A10000-memory.dmp

Filesize
64KB

Download
memory/1780-79-0x0000020C91960000-0x0000020C91970000-memory.dmp

Filesize
64KB

Download
memory/1780-82-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-83-0x0000020C91970000-0x0000020C91980000-memory.dmp

Filesize
64KB

Download
memory/1780-84-0x0000020C91A10000-0x0000020C91A20000-memory.dmp

Filesize
64KB

Download
memory/1780-100-0x0000020C91980000-0x0000020C91990000-memory.dmp

Filesize
64KB

Download
memory/1780-101-0x0000020C91A20000-0x0000020C91A30000-memory.dmp

Filesize
64KB

Download
memory/1780-104-0x0000020C91A30000-0x0000020C91A40000-memory.dmp

Filesize
64KB

Download
memory/1780-103-0x0000020C91990000-0x0000020C919A0000-memory.dmp

Filesize
64KB

Download
memory/1780-107-0x0000020C91A40000-0x0000020C91A50000-memory.dmp

Filesize
64KB

Download
memory/1780-106-0x0000020C919A0000-0x0000020C919B0000-memory.dmp

Filesize
64KB

Download
memory/1780-109-0x0000020C919B0000-0x0000020C919C0000-memory.dmp

Filesize
64KB

Download
memory/1780-111-0x0000020C91A50000-0x0000020C91A60000-memory.dmp

Filesize
64KB

Download
memory/1780-110-0x0000020C919C0000-0x0000020C919D0000-memory.dmp

Filesize
64KB

Download
memory/1780-114-0x0000020C91A60000-0x0000020C91A70000-memory.dmp

Filesize
64KB

Download
memory/1780-113-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-116-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-121-0x0000020C919E0000-0x0000020C919F0000-memory.dmp

Filesize
64KB

Download
memory/1780-125-0x0000020C919F0000-0x0000020C91A00000-memory.dmp

Filesize
64KB

Download
memory/1780-124-0x0000020C91A90000-0x0000020C91AA0000-memory.dmp

Filesize
64KB

Download
memory/1780-134-0x0000020C91A20000-0x0000020C91A30000-memory.dmp

Filesize
64KB

Download
memory/1780-135-0x0000020C91AD0000-0x0000020C91AE0000-memory.dmp

Filesize
64KB

Download
memory/1780-132-0x0000020C91A10000-0x0000020C91A20000-memory.dmp

Filesize
64KB

Download
memory/1780-131-0x0000020C91AC0000-0x0000020C91AD0000-memory.dmp

Filesize
64KB

Download
memory/1780-130-0x0000020C91AB0000-0x0000020C91AC0000-memory.dmp

Filesize
64KB

Download
memory/1780-129-0x0000020C91AA0000-0x0000020C91AB0000-memory.dmp

Filesize
64KB

Download
memory/1780-128-0x0000020C91A00000-0x0000020C91A10000-memory.dmp

Filesize
64KB

Download
memory/1780-123-0x0000020C91A80000-0x0000020C91A90000-memory.dmp

Filesize
64KB

Download
memory/1780-118-0x0000020C91A70000-0x0000020C91A80000-memory.dmp

Filesize
64KB

Download
memory/1780-117-0x0000020C919D0000-0x0000020C919E0000-memory.dmp

Filesize
64KB

Download
memory/1780-138-0x0000020C91AE0000-0x0000020C91AF0000-memory.dmp

Filesize
64KB

Download
memory/1780-137-0x0000020C91A30000-0x0000020C91A40000-memory.dmp

Filesize
64KB

Download
memory/1780-148-0x0000020C91A40000-0x0000020C91A50000-memory.dmp

Filesize
64KB

Download
memory/1780-152-0x0000020C91A50000-0x0000020C91A60000-memory.dmp

Filesize
64KB

Download
memory/1780-160-0x0000020C91A70000-0x0000020C91A80000-memory.dmp

Filesize
64KB

Download
memory/1780-159-0x0000020C91B40000-0x0000020C91B50000-memory.dmp

Filesize
64KB

Download
memory/1780-162-0x0000020C91A80000-0x0000020C91A90000-memory.dmp

Filesize
64KB

Download
memory/1780-165-0x0000020C91B60000-0x0000020C91B70000-memory.dmp

Filesize
64KB

Download
memory/1780-164-0x0000020C91B50000-0x0000020C91B60000-memory.dmp

Filesize
64KB

Download
memory/1780-46-0x0000020C91960000-0x0000020C91970000-memory.dmp

Filesize
64KB

Download
memory/1780-158-0x0000020C91B30000-0x0000020C91B40000-memory.dmp

Filesize
64KB

Download
memory/1780-157-0x0000020C91B20000-0x0000020C91B30000-memory.dmp

Filesize
64KB

Download
memory/1780-156-0x0000020C91A60000-0x0000020C91A70000-memory.dmp

Filesize
64KB

Download
memory/1780-151-0x0000020C91B10000-0x0000020C91B20000-memory.dmp

Filesize
64KB

Download
memory/1780-150-0x0000020C91B00000-0x0000020C91B10000-memory.dmp

Filesize
64KB

Download
memory/1780-149-0x0000020C91AF0000-0x0000020C91B00000-memory.dmp

Filesize
64KB

Download
memory/1780-143-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-174-0x0000020C91B70000-0x0000020C91B80000-memory.dmp

Filesize
64KB

Download
memory/1780-173-0x0000020C91AC0000-0x0000020C91AD0000-memory.dmp

Filesize
64KB

Download
memory/1780-172-0x0000020C91AB0000-0x0000020C91AC0000-memory.dmp

Filesize
64KB

Download
memory/1780-171-0x0000020C91AA0000-0x0000020C91AB0000-memory.dmp

Filesize
64KB

Download
memory/1780-42-0x0000020C918B0000-0x0000020C918C0000-memory.dmp

Filesize
64KB

Download
memory/1780-195-0x0000020C91BC0000-0x0000020C91BD0000-memory.dmp

Filesize
64KB

Download
memory/1780-198-0x0000020C91AE0000-0x0000020C91AF0000-memory.dmp

Filesize
64KB

Download
memory/1780-204-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-203-0x0000020C91B10000-0x0000020C91B20000-memory.dmp

Filesize
64KB

Download
memory/1780-202-0x0000020C91B00000-0x0000020C91B10000-memory.dmp

Filesize
64KB

Download
memory/1780-210-0x0000020C91BF0000-0x0000020C91C00000-memory.dmp

Filesize
64KB

Download
memory/1780-209-0x0000020C91BE0000-0x0000020C91BF0000-memory.dmp

Filesize
64KB

Download
memory/1780-201-0x0000020C91AF0000-0x0000020C91B00000-memory.dmp

Filesize
64KB

Download
memory/1780-200-0x0000020C91BD0000-0x0000020C91BE0000-memory.dmp

Filesize
64KB

Download
memory/1780-199-0x0000020C91B90000-0x0000020C91BA0000-memory.dmp

Filesize
64KB

Download
memory/1780-194-0x0000020C91BA0000-0x0000020C91BB0000-memory.dmp

Filesize
64KB

Download
memory/1780-192-0x0000020C91B80000-0x0000020C91B90000-memory.dmp

Filesize
64KB

Download
memory/1780-43-0x0000020C918C0000-0x0000020C918D0000-memory.dmp

Filesize
64KB

Download
memory/1780-44-0x0000020C91950000-0x0000020C91960000-memory.dmp

Filesize
64KB

Download
memory/1780-197-0x0000020C91BB0000-0x0000020C91BC0000-memory.dmp

Filesize
64KB

Download
memory/1780-196-0x0000020C91AD0000-0x0000020C91AE0000-memory.dmp

Filesize
64KB

Download
memory/1780-231-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-256-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-292-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-366-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-35-0x0000020C91630000-0x0000020C918A0000-memory.dmp

Filesize
2.4MB

Download
memory/1780-40-0x0000020C918A0000-0x0000020C918B0000-memory.dmp

Filesize
64KB

Download
memory/1780-41-0x0000020C91940000-0x0000020C91950000-memory.dmp

Filesize
64KB

Download
memory/1780-36-0x0000020C91920000-0x0000020C91930000-memory.dmp

Filesize
64KB

Download
memory/1780-37-0x0000020C91930000-0x0000020C91940000-memory.dmp

Filesize
64KB

Download
memory/1780-12-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-18-0x0000020C918A0000-0x0000020C918B0000-memory.dmp

Filesize
64KB

Download
memory/1780-33-0x0000020C91910000-0x0000020C91920000-memory.dmp

Filesize
64KB

Download
memory/1780-30-0x0000020C91610000-0x0000020C91611000-memory.dmp

Filesize
4KB

Download
memory/1780-21-0x0000020C918C0000-0x0000020C918D0000-memory.dmp

Filesize
64KB

Download
memory/1780-20-0x0000020C918B0000-0x0000020C918C0000-memory.dmp

Filesize
64KB

Download
memory/1780-29-0x0000020C91900000-0x0000020C91910000-memory.dmp

Filesize
64KB

Download
memory/1780-23-0x0000020C918D0000-0x0000020C918E0000-memory.dmp

Filesize
64KB

Download
memory/1780-25-0x0000020C918E0000-0x0000020C918F0000-memory.dmp

Filesize
64KB

Download
memory/1780-28-0x0000020C918F0000-0x0000020C91900000-memory.dmp

Filesize
64KB

Download
memory/2788-626-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-646-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-894-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-609-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-601-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-587-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-543-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-523-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-502-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-1537-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download
memory/2788-491-0x0000027425DE0000-0x0000027425DE1000-memory.dmp

Filesize
4KB

Download