Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2023, 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61.exe

  • Size

    4.2MB

  • MD5

    b2393609deb4119903537e58339d743e

  • SHA1

    162fd16b9d2f0892f7f5f4d2f30835ee4647e4f0

  • SHA256

    d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61

  • SHA512

    1176cf631de41b8adfc51647291b77f307dd451189f0297ab977cc34ea67185e7ea5e386bab19f1fbca43a0f949da80a5688ba690c905a8155b491c82b03a3f1

  • SSDEEP

    98304:TuTcGkGclvNOD2hP0ZZ/cfYxJETx2j8jgtzyxAEoBfKrJybx:TGclYU0ng09tzMA1BfKgx

Score
10/10
gluptebadiscoverydropperevasionloaderpersistencerootkit

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 16 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Manipulates WinMonFS driver. 1 IoCs

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion
  • Drops file in System32 directory 7 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Program crash 2 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61.exe
    "C:\Users\Admin\AppData\Local\Temp\d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4224
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4788
    • C:\Users\Admin\AppData\Local\Temp\d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61.exe
      "C:\Users\Admin\AppData\Local\Temp\d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2072
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1168
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          PID:2872
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2848
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1468
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Manipulates WinMonFS driver.
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2908
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nologo -noprofile
          4⤵
          • Drops file in System32 directory
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3028
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Creates scheduled task(s)
          PID:1068
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:1280
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1520
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1180
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4576
          • C:\Windows\SYSTEM32\schtasks.exe
            schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
            4⤵
            • Creates scheduled task(s)
            PID:2244
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 744
          3⤵
          • Program crash
          PID:4864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 864
        2⤵
        • Program crash
        PID:1556
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4224 -ip 4224
      1⤵
        PID:3332
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2400 -ip 2400
        1⤵
          PID:1812

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mxeg0sdz.n4x.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
          Filesize

          281KB

          MD5

          d98e33b66343e7c96158444127a117f6

          SHA1

          bb716c5509a2bf345c6c1152f6e3e1452d39d50d

          SHA256

          5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

          SHA512

          705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
          Filesize

          281KB

          MD5

          d98e33b66343e7c96158444127a117f6

          SHA1

          bb716c5509a2bf345c6c1152f6e3e1452d39d50d

          SHA256

          5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

          SHA512

          705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
          Filesize

          2KB

          MD5

          968cb9309758126772781b83adb8a28f

          SHA1

          8da30e71accf186b2ba11da1797cf67f8f78b47c

          SHA256

          92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

          SHA512

          4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          f37fa18df2a4b3aa11e73751cf060d31

          SHA1

          70f48e590e887bca9371af1e9587c2ff390695ce

          SHA256

          1fc6f4f8b5b6d0bcad804453ab3b166926e38294a4fd70ce1480a051bda3f382

          SHA512

          04dab23136b41d8a6b600880c72666ec0d7fa6ef7eb406fa51b731d0a150c258a55553bda0da75700e2847f8aab6ed5b3878b98d5607fc9496d28ae981b8bb43

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          6e89fb6cab7b7cdadaa4bee9cea7c572

          SHA1

          b94490737d244e5893aa3083344a637f5542bfa0

          SHA256

          980f7c2cf479d0c3dbab92fa153e0d7e6108cefb1bca9c0c311956de03da68d0

          SHA512

          0ca20567346135527c507152b54894e9156fa898127288a15e428c817dc52c4d93d7c6089a39b60dc3e5ded167780a056036a71c9300ed5fbc77b17d7293e82c

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          23c24be7635bd4708f94370385e32b46

          SHA1

          96c757e3e6ef8da8d0dc2da893222804168be5bd

          SHA256

          8610e4a260b40112acabb75de503329765be80fb981d1d3205b804324bd6d308

          SHA512

          e39a48ecac445d8dba51975be455a0713e6ee568da902df143f95d0b33f4e61abdecccba83516b31d82aa7346f8cee6d0ed97dc21e6930f1b51aa5bd3e07b18a

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          129ea588cf5f67e98de7891ed3e500e3

          SHA1

          e508da6ff49ca65384ffaf5eed20383e243602fd

          SHA256

          2041a198d671e88851024615e8cd981e266fa3d67e8b6307633b390afbaef549

          SHA512

          e6f23d9d7ac9f0ba288cfee9da9dc59777c0a4fb8cb9de1bd69283c65b162fc608662b0176161141d31b24b0c5286882070c8227edd9af58943f5c9a4b164731

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          e8dd2476944deefe9d497d6ef95aff2e

          SHA1

          e8585b861155a10caa0e4a048efd6b705bea90a2

          SHA256

          9065d42047a7b49d9807ac8ae48370842489e1c2150ee7f263743a316c2facba

          SHA512

          fc95de26836752f9fb77b01a8a839d333433738c819e5e774074898ac90dd07d723f3a6340cf084b693ebc76d2b9807e6ade8ed796df0e54ba8e23d48f1b21a8

          Download Submit

        • C:\Windows\rss\csrss.exe
          Filesize

          4.2MB

          MD5

          b2393609deb4119903537e58339d743e

          SHA1

          162fd16b9d2f0892f7f5f4d2f30835ee4647e4f0

          SHA256

          d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61

          SHA512

          1176cf631de41b8adfc51647291b77f307dd451189f0297ab977cc34ea67185e7ea5e386bab19f1fbca43a0f949da80a5688ba690c905a8155b491c82b03a3f1

          Download Submit

        • C:\Windows\rss\csrss.exe
          Filesize

          4.2MB

          MD5

          b2393609deb4119903537e58339d743e

          SHA1

          162fd16b9d2f0892f7f5f4d2f30835ee4647e4f0

          SHA256

          d6b81c1dc800d979622aa9d7b003c9c9ecc213bf426cc7934dcd5bcda6c88b61

          SHA512

          1176cf631de41b8adfc51647291b77f307dd451189f0297ab977cc34ea67185e7ea5e386bab19f1fbca43a0f949da80a5688ba690c905a8155b491c82b03a3f1

          Download Submit

        • memory/1180-332-0x0000000070CE0000-0x0000000071034000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1180-329-0x00000000032F0000-0x0000000003300000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1180-330-0x00000000032F0000-0x0000000003300000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1180-331-0x0000000070550000-0x000000007059C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1180-342-0x00000000032F0000-0x0000000003300000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1180-343-0x000000007F830000-0x000000007F840000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1468-258-0x000000007FD90000-0x000000007FDA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1468-257-0x0000000002EF0000-0x0000000002F00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1468-247-0x0000000070E70000-0x00000000711C4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1468-246-0x00000000706D0000-0x000000007071C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1468-244-0x0000000002EF0000-0x0000000002F00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1468-245-0x0000000002EF0000-0x0000000002F00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1520-306-0x0000000070950000-0x0000000070CA4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1520-302-0x00000000022A0000-0x00000000022B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1520-303-0x00000000022A0000-0x00000000022B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1520-304-0x00000000022A0000-0x00000000022B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1520-305-0x0000000070550000-0x000000007059C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1520-317-0x000000007F390000-0x000000007F3A0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2072-190-0x00000000027F0000-0x0000000002800000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2072-191-0x00000000027F0000-0x0000000002800000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2072-193-0x00000000706D0000-0x000000007071C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/2072-192-0x000000007EE40000-0x000000007EE50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2072-194-0x0000000070E70000-0x00000000711C4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2400-264-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2400-232-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2848-230-0x0000000002730000-0x0000000002740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2848-220-0x0000000070E50000-0x00000000711A4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2848-219-0x00000000706D0000-0x000000007071C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/2848-231-0x000000007F5C0000-0x000000007F5D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2848-217-0x0000000002730000-0x0000000002740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2848-218-0x0000000002730000-0x0000000002740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2908-352-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-354-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-353-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-355-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-351-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-350-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-356-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-316-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-357-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-358-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-359-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2908-360-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/3028-279-0x0000000070630000-0x000000007067C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3028-280-0x0000000070DD0000-0x0000000071124000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3028-290-0x000000007F840000-0x000000007F850000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3028-278-0x0000000004F80000-0x0000000004F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3028-276-0x0000000004F80000-0x0000000004F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3028-275-0x0000000004F80000-0x0000000004F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4224-134-0x0000000002E10000-0x00000000036FB000-memory.dmp

          Filesize

          8.9MB

          Download

        • memory/4224-179-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/4224-173-0x0000000000400000-0x0000000000D1B000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/4788-140-0x0000000006050000-0x00000000060B6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4788-135-0x0000000005340000-0x0000000005376000-memory.dmp

          Filesize

          216KB

          Download

        • memory/4788-156-0x0000000007C90000-0x0000000007CAA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/4788-152-0x0000000007A50000-0x0000000007A94000-memory.dmp

          Filesize

          272KB

          Download

        • memory/4788-151-0x00000000068D0000-0x00000000068EE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4788-141-0x00000000062B0000-0x0000000006316000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4788-175-0x0000000008040000-0x000000000805A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/4788-139-0x0000000005920000-0x0000000005942000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4788-138-0x0000000005330000-0x0000000005340000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4788-137-0x0000000005330000-0x0000000005340000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4788-136-0x00000000059B0000-0x0000000005FD8000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/4788-155-0x00000000082F0000-0x000000000896A000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/4788-157-0x0000000007E50000-0x0000000007E82000-memory.dmp

          Filesize

          200KB

          Download

        • memory/4788-158-0x00000000705D0000-0x000000007061C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4788-159-0x00000000709A0000-0x0000000070CF4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/4788-169-0x0000000007E30000-0x0000000007E4E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4788-170-0x0000000007F80000-0x0000000007F8A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4788-171-0x0000000008090000-0x0000000008126000-memory.dmp

          Filesize

          600KB

          Download

        • memory/4788-172-0x000000007F280000-0x000000007F290000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4788-154-0x0000000005330000-0x0000000005340000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4788-174-0x0000000007FF0000-0x0000000007FFE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4788-153-0x0000000007BF0000-0x0000000007C66000-memory.dmp

          Filesize

          472KB

          Download

        • memory/4788-176-0x0000000008030000-0x0000000008038000-memory.dmp

          Filesize

          32KB

          Download