Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2023, 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e.exe

  • Size

    4.2MB

  • MD5

    fa5e956ae03f1747e5f7ffcb929f585d

  • SHA1

    c0f9272c42f24c20466d58426df5e31226eb03a4

  • SHA256

    6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e

  • SHA512

    6741261c80fd34d836e8f5d9c7873f671281dfb6f41c7dd3eed2d6d91d912fab2719a6827371e24af8c59ee4da2d09f792a17cebb8125e760e7afad1d40feb32

  • SSDEEP

    98304:Z80kK0psugryfHpgVJBY2uakw158j0FecvtH0hA5Njh1bz8ph:THulJgVJBYMkw100FntUhAXLsph

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkit

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 17 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Manipulates WinMonFS driver. 1 IoCs

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion
  • Drops file in System32 directory 7 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e.exe
    "C:\Users\Admin\AppData\Local\Temp\6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:636
    • C:\Users\Admin\AppData\Local\Temp\6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e.exe
      "C:\Users\Admin\AppData\Local\Temp\6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4468
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:824
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3860
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          PID:4824
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4796
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2064
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Manipulates WinMonFS driver.
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1744
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nologo -noprofile
          4⤵
          • Drops file in System32 directory
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:5052
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Creates scheduled task(s)
          PID:4104
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:4724
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4092
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4300
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:860
          • C:\Windows\SYSTEM32\schtasks.exe
            schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
            4⤵
            • Creates scheduled task(s)
            PID:3252
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 924
        2⤵
        • Program crash
        PID:1732
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1512 -ip 1512
      1⤵
        PID:3144

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_itrrjz1o.chg.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
        Filesize

        281KB

        MD5

        d98e33b66343e7c96158444127a117f6

        SHA1

        bb716c5509a2bf345c6c1152f6e3e1452d39d50d

        SHA256

        5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

        SHA512

        705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
        Filesize

        281KB

        MD5

        d98e33b66343e7c96158444127a117f6

        SHA1

        bb716c5509a2bf345c6c1152f6e3e1452d39d50d

        SHA256

        5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

        SHA512

        705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
        Filesize

        2KB

        MD5

        968cb9309758126772781b83adb8a28f

        SHA1

        8da30e71accf186b2ba11da1797cf67f8f78b47c

        SHA256

        92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

        SHA512

        4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        c2ca29becc9a6a5f543f1b0b507d6906

        SHA1

        1ebacfe8a7f79a4039f25bbb225f7efb6642dd22

        SHA256

        d63869eb24286d5769f3f7d0033ed54ed045dcc6099084c969ba980db8583ce7

        SHA512

        1d2636d713d99be1d571d7909e49adaf9e2d322af425cea45035aa53e1f0afa2ee594062d955a7e8ae3107cecc2134be8c05e173209129204a342077a0cd8e9d

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        540a960472c6d34f9ec2cb4a39c435d6

        SHA1

        6b14487a265e0d769221331ccc72c48ae6f09842

        SHA256

        bdfa164ef6f064068af976e6dde41041b1d7d1fabc2e79aa7cdc1389a252c288

        SHA512

        5b4b2ce115d0a088d98af0331e3db387f5f33c0da45c1191142a6bf33904721baf3e98efed99e09b89cf3f7a248a587907eb9e6d082eeb4638465393f554fe08

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        8d30c8194586f7a55d4098686a082efe

        SHA1

        f568be5c400c96439a740acf1cab9fce6cc73408

        SHA256

        bfa49b6c30a5b2fb883019b3bd005c5d61485c4c65b915b81bc1174b1e974c79

        SHA512

        33b7e2001dc35941b180472dbcfa6d819281b0afc8b60f26354c4cb06bdc031a82eae11aba9abf185dc98a5a7fe926cf3c1bbfe34db7cdb1658b9d8a073c4fd2

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        f4f4f8b285678e03271aef1e96bc516d

        SHA1

        0924cd6a902ec4dca3c32cc64812b8eaee823054

        SHA256

        b12e02887e4460ae772f950e12fe81e6274cc04913a0308e7f1d571e95ef1e72

        SHA512

        a7ce561f409b9d105343593278eabda7dfb5b3ea38312df73f49da29b6aa1f9d2e563f862b63178dfc35ced3c1c70f6b4592d484b984fd49397e8eed1bb058ed

        Download Submit

      • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
        Filesize

        19KB

        MD5

        8cbed11149d0ca7d3a63f5ab546541f8

        SHA1

        afcfe3742f1f02de6fc3eea325e60db9211d71cf

        SHA256

        e29979273865764ae2e0a4930c8d620feee7a84cb81ac304c078da8243296e1e

        SHA512

        31fbe8652e3d0301fa4e40bd5a3cb3d177d1013dda4eade95a301f8edc2eb47ba6fd138c7a6e4aef481491c356a643995df8667b2f0b449db2851eaae1793d7b

        Download Submit

      • C:\Windows\rss\csrss.exe
        Filesize

        4.2MB

        MD5

        fa5e956ae03f1747e5f7ffcb929f585d

        SHA1

        c0f9272c42f24c20466d58426df5e31226eb03a4

        SHA256

        6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e

        SHA512

        6741261c80fd34d836e8f5d9c7873f671281dfb6f41c7dd3eed2d6d91d912fab2719a6827371e24af8c59ee4da2d09f792a17cebb8125e760e7afad1d40feb32

        Download Submit

      • C:\Windows\rss\csrss.exe
        Filesize

        4.2MB

        MD5

        fa5e956ae03f1747e5f7ffcb929f585d

        SHA1

        c0f9272c42f24c20466d58426df5e31226eb03a4

        SHA256

        6b1bbd84c0e2555a864f24eec342830de6993a5292dbd116870aa46d6cd4f88e

        SHA512

        6741261c80fd34d836e8f5d9c7873f671281dfb6f41c7dd3eed2d6d91d912fab2719a6827371e24af8c59ee4da2d09f792a17cebb8125e760e7afad1d40feb32

        Download Submit

      • memory/636-158-0x0000000070130000-0x000000007017C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/636-152-0x0000000006610000-0x0000000006654000-memory.dmp

        Filesize

        272KB

        Download

      • memory/636-155-0x0000000007460000-0x000000000747A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/636-156-0x0000000004B60000-0x0000000004B70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/636-157-0x0000000007620000-0x0000000007652000-memory.dmp

        Filesize

        200KB

        Download

      • memory/636-153-0x00000000073C0000-0x0000000007436000-memory.dmp

        Filesize

        472KB

        Download

      • memory/636-159-0x00000000702B0000-0x0000000070604000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/636-169-0x0000000007600000-0x000000000761E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/636-170-0x0000000007750000-0x000000000775A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/636-172-0x0000000007860000-0x00000000078F6000-memory.dmp

        Filesize

        600KB

        Download

      • memory/636-173-0x000000007EF60000-0x000000007EF70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/636-154-0x0000000007AC0000-0x000000000813A000-memory.dmp

        Filesize

        6.5MB

        Download

      • memory/636-174-0x00000000077C0000-0x00000000077CE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/636-175-0x0000000007810000-0x000000000782A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/636-176-0x0000000007800000-0x0000000007808000-memory.dmp

        Filesize

        32KB

        Download

      • memory/636-151-0x00000000060B0000-0x00000000060CE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/636-141-0x00000000059E0000-0x0000000005A46000-memory.dmp

        Filesize

        408KB

        Download

      • memory/636-140-0x0000000005900000-0x0000000005966000-memory.dmp

        Filesize

        408KB

        Download

      • memory/636-139-0x0000000005170000-0x0000000005192000-memory.dmp

        Filesize

        136KB

        Download

      • memory/636-138-0x0000000004B60000-0x0000000004B70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/636-137-0x0000000004B60000-0x0000000004B70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/636-136-0x00000000051A0000-0x00000000057C8000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/636-135-0x0000000004A90000-0x0000000004AC6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/824-190-0x0000000002780000-0x0000000002790000-memory.dmp

        Filesize

        64KB

        Download

      • memory/824-191-0x0000000002780000-0x0000000002790000-memory.dmp

        Filesize

        64KB

        Download

      • memory/824-192-0x0000000002780000-0x0000000002790000-memory.dmp

        Filesize

        64KB

        Download

      • memory/824-193-0x0000000070230000-0x000000007027C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/824-194-0x00000000703B0000-0x0000000070704000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/824-204-0x000000007F950000-0x000000007F960000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1512-134-0x0000000002D30000-0x000000000361B000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/1512-171-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1512-179-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-355-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-353-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-352-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-351-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-350-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-354-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-359-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-356-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-357-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-358-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-317-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/1744-360-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/2064-245-0x0000000002700000-0x0000000002710000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2064-259-0x000000007FD30000-0x000000007FD40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2064-246-0x0000000002700000-0x0000000002710000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2064-247-0x0000000002700000-0x0000000002710000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2064-248-0x0000000070230000-0x000000007027C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/2064-249-0x00000000709D0000-0x0000000070D24000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4092-316-0x000000007F270000-0x000000007F280000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4092-305-0x0000000070860000-0x0000000070BB4000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4092-303-0x0000000005430000-0x0000000005440000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4092-306-0x0000000005430000-0x0000000005440000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4092-304-0x00000000700B0000-0x00000000700FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4300-330-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4300-334-0x0000000070230000-0x0000000070584000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4300-329-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4300-332-0x00000000700B0000-0x00000000700FC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4300-331-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4300-333-0x000000007FAE0000-0x000000007FAF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4468-233-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/4468-264-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/4796-232-0x000000007F170000-0x000000007F180000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4796-208-0x0000000002770000-0x0000000002780000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4796-209-0x0000000002770000-0x0000000002780000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4796-220-0x0000000002770000-0x0000000002780000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4796-221-0x0000000070230000-0x000000007027C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4796-222-0x00000000709D0000-0x0000000070D24000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/5052-279-0x0000000005540000-0x0000000005550000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5052-276-0x0000000005540000-0x0000000005550000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5052-281-0x0000000070310000-0x0000000070664000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/5052-291-0x000000007F280000-0x000000007F290000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5052-280-0x0000000070190000-0x00000000701DC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/5052-277-0x0000000005540000-0x0000000005550000-memory.dmp

        Filesize

        64KB

        Download