a7a1e32a295fe3d501fa623d6986ff0febd60d770223d699e01735666128b5f0

Analysis

max time kernel
133s
max time network
20s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launch4j-3.50-win32.exe
Size

8.4MB
MD5

3aebc6d06d7696559b945240c1f3f3d6
SHA1

ec0d69800f5d350d30e8d800f92da8870d7f653b
SHA256

a7a1e32a295fe3d501fa623d6986ff0febd60d770223d699e01735666128b5f0
SHA512

7f6d25508ecf6d8d5ca4ea7b4d5ff2a75c25689f49d96373b10c809d468d5233003362a82ed94ff2298cd0475be3a4665f9b6e6f284866c1f485a2f48f236b38
SSDEEP

196608:XCH8Ddw0vUhpNize0uNN9qbEdGHlHke5r3NyPie7WBzaKHaXbAYm4OCA7djI:XCcv8hye1rdaHksrNyPiXoKHaXbAYUCB

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4516	launch4j.exe

Loads dropped DLL 3 IoCs

pid	Process
784	launch4j-3.50-win32.exe
784	launch4j-3.50-win32.exe
784	launch4j-3.50-win32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\ant\Launch4jTask.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\formimpl\ConfigFormImpl.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\formimpl\HeaderFormImpl.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\web\changelog.html	launch4j-3.50-win32.exe
File opened for modification	C:\Program Files (x86)\Launch4j\Launch4j.url	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\bin\ld.exe	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\maven\.classpath	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\maven\assembly\assemble-win32.xml	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\images\new16.png	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\images\asterix-o.gif	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\binding\JRadioButtonBinding.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\form\SplashForm.jfrm	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head_jni_BETA\jnihead.o	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head_src\consolehead\Makefile.win	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\lib\commons-logging.jar	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\sign4j\sign.bat	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\lib\xstream.jar	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\config\Messages.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\build.xml	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\demo\SimpleApp\SimpleApp.exe	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head_src\jnihead.h	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\form\Messages.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\w32api\libmingwex.a	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head\LICENSE.txt	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\images\info.png	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\config\ConfigPersister.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head_src\jnihead.c	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\images\asterix.gif	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\web\docs.html	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\demo\ConsoleApp\build.bat	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\config\messages.properties	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head_src\head.c	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\ant\Messages.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\form\ConfigForm.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\formimpl\GlassPane.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\maven\assembly\assemble-mac.xml	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\sign4j\Bouncy Castle.LICENSE.txt	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\binding\JToggleButtonBinding.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\web\index.html	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\binding\Bindings.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\form\ClassPathForm.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\w32api\libmoldname.a	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\w32api\libuser32.a	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\w32api\MinGW.LICENSE.txt	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\.settings\org.eclipse.jdt.core.prefs	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head_src\jniguihead_BETA\Makefile.win	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\lib\commons.LICENSE.txt	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\launch4j.properties	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\.settings\org.eclipse.core.resources.prefs	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\.vscode\c_cpp_properties.json	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\lib\JGoodies.Forms.LICENSE.txt	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\formimpl\SplashFormImpl.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\.settings\org.eclipse.m2e.core.prefs	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\demo\SimpleApp\src\net\sf\launch4j\example\SimpleApp.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\binding\messages.properties	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\config\Msg.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\maven\assembly\assemble-linux.xml	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\images\build.png	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\binding\JListBinding.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\formimpl\SingleInstanceFormImpl.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\src\net\sf\launch4j\form\BasicForm.java	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\w32api\libadvapi32.a	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\w32api\libgcc.a	launch4j-3.50-win32.exe
File created	C:\Program Files (x86)\Launch4j\head_jni_BETA\jniconsolehead.o	launch4j-3.50-win32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launch4j-3.50-win32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launch4j.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	javaw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	javaw.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4924	javaw.exe
4924	javaw.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 4516	784	launch4j-3.50-win32.exe	79
PID 784 wrote to memory of 4516	784	launch4j-3.50-win32.exe	79
PID 784 wrote to memory of 4516	784	launch4j-3.50-win32.exe	79
PID 4516 wrote to memory of 4924	4516	launch4j.exe	80
PID 4516 wrote to memory of 4924	4516	launch4j.exe	80

C:\Users\Admin\AppData\Local\Temp\launch4j-3.50-win32.exe
"C:\Users\Admin\AppData\Local\Temp\launch4j-3.50-win32.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:784
- C:\Program Files (x86)\Launch4j\launch4j.exe
  "C:\Program Files (x86)\Launch4j\launch4j.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4516
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Program Files (x86)\Launch4j\launch4j.jar"
    3⤵
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Launch4j\launch4j.exe

Filesize
63KB

MD5
7cd18deed5755993aad29eaaa8a4785d

SHA1
56e92a1b1604eec026c9ca10a30001386977ce45

SHA256
c2c92657b1730d15f51f5e5690e4b477aa8c0c3b43af22dbd7265aca049df59d

SHA512
393fe48a8c18b250ff19b9e73129b19daab38e06fe8242aa7053a6e6c11fdbd276c444f9249daecd35ace4960b3cb8445b359515a1329a6ef8207d50810e9774

Download Submit
C:\Program Files (x86)\Launch4j\launch4j.jar

Filesize
192KB

MD5
8d50acd45f26165f289b29ec445190c1

SHA1
08c216d04e2cd9416001f9965a9e825bdb165bf9

SHA256
c82fa95a0584dfb61fbae57966ad5ef37739158254faf4961173e81900574d8b

SHA512
5ce44b251d6aa64ce7c30c2371d7b2f6280025461d1b105847b4ccbf9f6f4c366ea958847a1ebcf9e6fa76a216680f4c6485e91d40924049d51872e903fb52e5

Download Submit
C:\Program Files (x86)\Launch4j\lib\commons-beanutils.jar

Filesize
241KB

MD5
07dc532ee316fe1f2f0323e9bd2f8df4

SHA1
d52b9abcd97f38c81342bb7e7ae1eee9b73cba51

SHA256
7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a

SHA512
7762b348caecead49038a38a89754ff7d9be6199324315495ba47cf24f52c06faadf9306d925c8fe47c587589a939c82e491e1c730267fdf354243a68c0f96ff

Download Submit
C:\Program Files (x86)\Launch4j\lib\commons-logging.jar

Filesize
60KB

MD5
040b4b4d8eac886f6b4a2a3bd2f31b00

SHA1
4bfc12adfe4842bf07b657f0369c4cb522955686

SHA256
daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636

SHA512
ed00dbfabd9ae00efa26dd400983601d076fe36408b7d6520084b447e5d1fa527ce65bd6afdcb58506c3a808323d28e88f26cb99c6f5db9ff64f6525ecdfa557

Download Submit
C:\Program Files (x86)\Launch4j\lib\flatlaf.jar

Filesize
486KB

MD5
61781e3435d02a6dc2e04ff8071e5671

SHA1
a807c984f00b683c65503803720821f12e136e93

SHA256
135d8d5ac39fec29d9b3ff52cb30726d3f976b0698615be32534fd7924f29ec7

SHA512
00fc3966e9ef4dca0603aaa8b2afafca00a9edf3024459f59abc7762b5ce9e211c3a503a1065d6ca8f1bab5f188b639e0f1d8460ee46b137f1e11fd3e22637a8

Download Submit
C:\Program Files (x86)\Launch4j\lib\formsrt.jar

Filesize
320KB

MD5
d081c2c1a56f2a9d395db35078b444e4

SHA1
f98e65e891e91643de4ae088fadf7e8867e3dffa

SHA256
6484cada4819ea586e5b137f987277ab36f6e55bc9aac89ae68b83b1df8aca46

SHA512
c3889b511e563e5e1cb6fa5f23253cdc847312bcc66008f9868e4e97cbb235e84d79f7254eaf90b797f05f5868a7d7e5d18a6bb724514959a65e7397ce491f07

Download Submit
C:\Program Files (x86)\Launch4j\lib\jgoodies-common.jar

Filesize
35KB

MD5
9efb791e475730e67007bb23dd286f4d

SHA1
d4bca11ba89cf082960f78597f79d8d1f8ce1943

SHA256
bc2336a74aaf7233aae156a1750953941248544247ff0d97fa58d84e3ebf0735

SHA512
2e0ce30ccfce12794b94ff640d3446ecbd7e3f24f3b5cc77b532bd71661a48d94d42b7af4d85e6ae790ca58eda6addbbfce7e7d8cb6e8f6430e41595c4cbb8ff

Download Submit
C:\Program Files (x86)\Launch4j\lib\jgoodies-forms.jar

Filesize
116KB

MD5
37e4059f79a934c99fa1fbd08648beb2

SHA1
5b4e37f8d48cf99905297e40988af9528750d542

SHA256
a2ae46793814fa6c42dabb561c59336029907a3c03d1b82f977f1ed6a4e5011e

SHA512
333d03e8a7acbdfd96d901a29f4a33b1d4ddc753d028b9807da66cf8ec0266870423ca2545c2fc16413d8a3b994f90dcf4bb917c40c2ffe6a79e9d6de0857e02

Download Submit
C:\Program Files (x86)\Launch4j\lib\xstream.jar

Filesize
613KB

MD5
2620598f2c9d990daa3d95be57757280

SHA1
1fe575549a9fb8b0024c011d6b9b6ebb0ba00066

SHA256
3277849961aa9eb055f8771810450086d38cc2e407eeb8346d0239ea0218a453

SHA512
c99b012aaaa1ed438984631d221f0fe5e8f4db236d51c1d09700521b8a57402205a95f0d5b2f365567af66c2217e226dc20d16a94ebb2591ebb3ba94c7fa7d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7773.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7773.tmp\System.dll

Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7773.tmp\ioSpecial.ini

Filesize
1KB

MD5
7ac1cf58db2c5bc9cd0b2ff2c73c4c1c

SHA1
81b842c41807cf506e42c991db6b329f913bbcbf

SHA256
108f297abb67ee32f13b8dfac2a5bb7e258d00f746cd9b5bd64648dd0b578ecc

SHA512
3ff9a122b5816cefa6c09c5306793935663efd4456420df14efb74fdaf763f5f19128986cd248102efaa0b121dbe3342e9b62a0bed0340a47c2715d484176794

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7773.tmp\ioSpecial.ini

Filesize
1KB

MD5
81aa0a6d03f5e60cd0f130fdbd8e0e7d

SHA1
e08439f2e4ba4ac516e30b5233ba9747fc6e722a

SHA256
0b8daeba8e2070928b54b519bb83a4f87b83aa83b32b0d35e207013a1c3f947b

SHA512
ba5caa2da075a13aec18c849002ca128e6f73ad5915ce051add3791c6124419c513e07698d2f2266c632b822626569b3f34d5bccbcf374813984ee5de29536cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7773.tmp\ioSpecial.ini

Filesize
1KB

MD5
68951fe1ca53d92bc9a601e70b914639

SHA1
a5303504d65e12bdb48cc9a4f49dff97589f2b0e

SHA256
e300ab9ca5dc2d0467f25658597edfc4f70ea62e4f3cf3beeb507ba4d8ba095d

SHA512
aaece6a1ef02d1dd401c1b434764a01b5af077869a749f82fb3d5a1b034620e0520a1e0a9d8d056dd095f032956c45bd9a0a7eaf7d130b9eca36094b876c5ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse7773.tmp\ioSpecial.ini

Filesize
1KB

MD5
a37e3f9a71898b67250b1611bc43bb5f

SHA1
2e2fd95942b61e27c6e936bfd96911347f341516

SHA256
28a2181a0a218b22d406a835a8ee2cd874540fde3587f8458be71d2f61fcbe62

SHA512
684818b1bfd73b58b9da105eaf0c2d2dab2a9e14d80a3ddae77f520ea51c7e4f1099876b1512d0cccf5448005b164094e1a8813ade7311c81802580e4bed1a23

Download Submit
memory/4516-433-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4924-476-0x000001281B510000-0x000001281B520000-memory.dmp

Filesize
64KB

Download
memory/4924-492-0x000001281B560000-0x000001281B570000-memory.dmp

Filesize
64KB

Download
memory/4924-461-0x000001281B4A0000-0x000001281B4B0000-memory.dmp

Filesize
64KB

Download
memory/4924-462-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-467-0x000001281B4C0000-0x000001281B4D0000-memory.dmp

Filesize
64KB

Download
memory/4924-466-0x000001281B4B0000-0x000001281B4C0000-memory.dmp

Filesize
64KB

Download
memory/4924-472-0x000001281B4F0000-0x000001281B500000-memory.dmp

Filesize
64KB

Download
memory/4924-471-0x000001281B4E0000-0x000001281B4F0000-memory.dmp

Filesize
64KB

Download
memory/4924-470-0x000001281B4D0000-0x000001281B4E0000-memory.dmp

Filesize
64KB

Download
memory/4924-475-0x000001281B500000-0x000001281B510000-memory.dmp

Filesize
64KB

Download
memory/4924-437-0x000001281B230000-0x000001281B4A0000-memory.dmp

Filesize
2.4MB

Download
memory/4924-478-0x000001281B520000-0x000001281B530000-memory.dmp

Filesize
64KB

Download
memory/4924-481-0x000001281B230000-0x000001281B4A0000-memory.dmp

Filesize
2.4MB

Download
memory/4924-482-0x000001281B530000-0x000001281B540000-memory.dmp

Filesize
64KB

Download
memory/4924-484-0x000001281B540000-0x000001281B550000-memory.dmp

Filesize
64KB

Download
memory/4924-485-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-488-0x000001281B4A0000-0x000001281B4B0000-memory.dmp

Filesize
64KB

Download
memory/4924-489-0x000001281B550000-0x000001281B560000-memory.dmp

Filesize
64KB

Download
memory/4924-491-0x000001281B4B0000-0x000001281B4C0000-memory.dmp

Filesize
64KB

Download
memory/4924-454-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-519-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-524-0x000001281B4C0000-0x000001281B4D0000-memory.dmp

Filesize
64KB

Download
memory/4924-536-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-547-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-552-0x000001281B4E0000-0x000001281B4F0000-memory.dmp

Filesize
64KB

Download
memory/4924-553-0x000001281B4F0000-0x000001281B500000-memory.dmp

Filesize
64KB

Download
memory/4924-561-0x000001281B500000-0x000001281B510000-memory.dmp

Filesize
64KB

Download
memory/4924-567-0x000001281B510000-0x000001281B520000-memory.dmp

Filesize
64KB

Download
memory/4924-595-0x000001281B520000-0x000001281B530000-memory.dmp

Filesize
64KB

Download
memory/4924-596-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-597-0x000001281B530000-0x000001281B540000-memory.dmp

Filesize
64KB

Download
memory/4924-600-0x000001281B540000-0x000001281B550000-memory.dmp

Filesize
64KB

Download
memory/4924-603-0x000001281B550000-0x000001281B560000-memory.dmp

Filesize
64KB

Download
memory/4924-606-0x000001281B560000-0x000001281B570000-memory.dmp

Filesize
64KB

Download
memory/4924-616-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-611-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download
memory/4924-629-0x0000012819A20000-0x0000012819A21000-memory.dmp

Filesize
4KB

Download