Analysis

  • max time kernel
    1s
  • max time network
    297s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-10-2023 04:50

General

  • Target

    ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3.exe

  • Size

    4.2MB

  • MD5

    3846106708654eaa9433f717849774d8

  • SHA1

    a8c36621b19991da6f45b73e5287ed77178baa13

  • SHA256

    ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3

  • SHA512

    9535319edf324b91ecfb59352db745f9e9c67ea5f9fa850473c9b8eb60b116ea87db39aa15bf3f4090db9f73832781af8fa57202e30dadbf8952dda69dfbca7f

  • SSDEEP

    98304:eSkVqNhRHpKBRuAihDmYYmAkw9jzqk4WR+erAuF:sVqYuAiV0d9je5ns

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba payload 28 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3.exe
    "C:\Users\Admin\AppData\Local\Temp\ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3.exe"
    1⤵
      PID:5048
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        2⤵
          PID:2696
        • C:\Users\Admin\AppData\Local\Temp\ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3.exe
          "C:\Users\Admin\AppData\Local\Temp\ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3.exe"
          2⤵
            PID:1864
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -nologo -noprofile
              3⤵
                PID:5052
              • C:\Windows\System32\cmd.exe
                C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                3⤵
                  PID:4280
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell -nologo -noprofile
                  3⤵
                    PID:2784
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -nologo -noprofile
                    3⤵
                      PID:2288
                    • C:\Windows\rss\csrss.exe
                      C:\Windows\rss\csrss.exe
                      3⤵
                        PID:4624
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -nologo -noprofile
                          4⤵
                            PID:5072
                          • C:\Windows\SYSTEM32\schtasks.exe
                            schtasks /delete /tn ScheduledUpdate /f
                            4⤵
                              PID:4236
                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              powershell -nologo -noprofile
                              4⤵
                                PID:4052
                              • C:\Windows\SYSTEM32\schtasks.exe
                                schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                4⤵
                                • Creates scheduled task(s)
                                PID:2096
                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                powershell -nologo -noprofile
                                4⤵
                                  PID:2188
                                • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                                  C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                  4⤵
                                    PID:1632
                                  • C:\Windows\SYSTEM32\schtasks.exe
                                    schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                    4⤵
                                    • Creates scheduled task(s)
                                    PID:3968
                                  • C:\Windows\windefender.exe
                                    "C:\Windows\windefender.exe"
                                    4⤵
                                      PID:3428
                              • C:\Windows\system32\netsh.exe
                                netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                1⤵
                                • Modifies Windows Firewall
                                PID:2408
                              • C:\Windows\SysWOW64\sc.exe
                                sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                1⤵
                                • Launches sc.exe
                                PID:2784
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                1⤵
                                  PID:4028
                                • C:\Windows\windefender.exe
                                  C:\Windows\windefender.exe
                                  1⤵
                                    PID:1392

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v2dmbxor.t2g.ps1

                                    Filesize

                                    1B

                                    MD5

                                    c4ca4238a0b923820dcc509a6f75849b

                                    SHA1

                                    356a192b7913b04c54574d18c28d46e6395428ab

                                    SHA256

                                    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                    SHA512

                                    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                  • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

                                    Filesize

                                    281KB

                                    MD5

                                    d98e33b66343e7c96158444127a117f6

                                    SHA1

                                    bb716c5509a2bf345c6c1152f6e3e1452d39d50d

                                    SHA256

                                    5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

                                    SHA512

                                    705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

                                  • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

                                    Filesize

                                    281KB

                                    MD5

                                    d98e33b66343e7c96158444127a117f6

                                    SHA1

                                    bb716c5509a2bf345c6c1152f6e3e1452d39d50d

                                    SHA256

                                    5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

                                    SHA512

                                    705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

                                    Filesize

                                    2KB

                                    MD5

                                    1c19c16e21c97ed42d5beabc93391fc5

                                    SHA1

                                    8ad83f8e0b3acf8dfbbf87931e41f0d664c4df68

                                    SHA256

                                    1bcd97396c83babfe6c5068ba590d7a3f8b70e72955a9d1e4070648e404cbf05

                                    SHA512

                                    7d18776d8f649b3d29c182ff03efc6cea8b527542ee55304980f24577aae8b64e37044407776e220984346c3998ace5f8853afa58c8b38407482a728e9495e0c

                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                    Filesize

                                    18KB

                                    MD5

                                    4014541be58876cf916f8d67b5c28acf

                                    SHA1

                                    d689e495e832e4cef2843eb759f58d0e9d74b284

                                    SHA256

                                    1adb3f0701da2a76e31e8ffefcde809e86665a8dc90e37e36448780ca2d73fed

                                    SHA512

                                    8c198dabc3bf4d80e5c47ea2a72e9f276275c193cc91fc8ab2c2fef373ab94c18abf4c86a2d9a829a07226560c70990621f0338a9145cd0677bf04e416497b89

                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                    Filesize

                                    18KB

                                    MD5

                                    6607b660c1aa711fcbd52fd3b9938fc2

                                    SHA1

                                    7030d02fd06f433ace8b9e0dbe892a7d96d7d64f

                                    SHA256

                                    937bc9d76823ce4a4ce9d3dd989b2832de996d050de8657cbf4d956253a7997f

                                    SHA512

                                    a238dd5d3bbb2e90c4062fe4c16c79d3b8be160a486c84f1c710a634c95ef468c7d1676333bef148e71a63df044c79f64dcaf7950452a823136219d8d86eb731

                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                    Filesize

                                    18KB

                                    MD5

                                    70ca9f70b59f9c52ba5966756b0da81a

                                    SHA1

                                    c35ea8b6109cc5a8ed339d7a120be681dcbd058d

                                    SHA256

                                    d195a07dca8c091bf4976869f8067dcd80c77b632b6dda340b08cde9bbc02fce

                                    SHA512

                                    a691c3b9711fe55db357998756be7d7dd59d9c0a8c26833363f09c621752ca04678212843e04deac4838f86024fbd96dd3969ff22c204a6ccfee0cee5cae5bce

                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                    Filesize

                                    18KB

                                    MD5

                                    24cc8674ee8fa672417ef366c6a660ba

                                    SHA1

                                    8c57cb29b4e1baf3e1cc8709f5d8977b0b70ecbe

                                    SHA256

                                    7fe815023603a675f36c67aecfad228d9bcd7c2fc409bc21f8c81a394fcfed46

                                    SHA512

                                    32c154806ff10679cff5c0662c9e29484f4eeb81723d6ab447f3c9c913afda870fa577c43008d186f53442fd5322a17ada5880c847c042286cf87a202d49e2a9

                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                    Filesize

                                    18KB

                                    MD5

                                    4ed136f51f8a935b520ac88fee14ef3f

                                    SHA1

                                    b162054ad0dc34dc5ee874ab7c65939d50c7520e

                                    SHA256

                                    6bf815435e0db8bb29208be802726004fb801ad660d26a4887f1511f7721c3bd

                                    SHA512

                                    1a9d2e80be1b72ec2a37cc959329b2c53872fa7392c19542f0dc9861d6cb6238f35967bc334947b759a2a4ae8550b01bbebabc0fb47d563a34f96bae06374b31

                                  • C:\Windows\rss\csrss.exe

                                    Filesize

                                    4.2MB

                                    MD5

                                    3846106708654eaa9433f717849774d8

                                    SHA1

                                    a8c36621b19991da6f45b73e5287ed77178baa13

                                    SHA256

                                    ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3

                                    SHA512

                                    9535319edf324b91ecfb59352db745f9e9c67ea5f9fa850473c9b8eb60b116ea87db39aa15bf3f4090db9f73832781af8fa57202e30dadbf8952dda69dfbca7f

                                  • C:\Windows\rss\csrss.exe

                                    Filesize

                                    4.2MB

                                    MD5

                                    3846106708654eaa9433f717849774d8

                                    SHA1

                                    a8c36621b19991da6f45b73e5287ed77178baa13

                                    SHA256

                                    ce7b0783e87e1974213864280e37b1ab730e793ab7dcc5412259f38d534d23e3

                                    SHA512

                                    9535319edf324b91ecfb59352db745f9e9c67ea5f9fa850473c9b8eb60b116ea87db39aa15bf3f4090db9f73832781af8fa57202e30dadbf8952dda69dfbca7f

                                  • C:\Windows\windefender.exe

                                    Filesize

                                    2.0MB

                                    MD5

                                    8e67f58837092385dcf01e8a2b4f5783

                                    SHA1

                                    012c49cfd8c5d06795a6f67ea2baf2a082cf8625

                                    SHA256

                                    166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

                                    SHA512

                                    40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

                                  • C:\Windows\windefender.exe

                                    Filesize

                                    2.0MB

                                    MD5

                                    8e67f58837092385dcf01e8a2b4f5783

                                    SHA1

                                    012c49cfd8c5d06795a6f67ea2baf2a082cf8625

                                    SHA256

                                    166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

                                    SHA512

                                    40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

                                  • C:\Windows\windefender.exe

                                    Filesize

                                    2.0MB

                                    MD5

                                    8e67f58837092385dcf01e8a2b4f5783

                                    SHA1

                                    012c49cfd8c5d06795a6f67ea2baf2a082cf8625

                                    SHA256

                                    166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

                                    SHA512

                                    40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

                                  • memory/1392-1812-0x0000000000400000-0x00000000008DF000-memory.dmp

                                    Filesize

                                    4.9MB

                                  • memory/1392-1816-0x0000000000400000-0x00000000008DF000-memory.dmp

                                    Filesize

                                    4.9MB

                                  • memory/1864-562-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/1864-305-0x00000000043C0000-0x00000000047C7000-memory.dmp

                                    Filesize

                                    4.0MB

                                  • memory/1864-903-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/1864-555-0x00000000043C0000-0x00000000047C7000-memory.dmp

                                    Filesize

                                    4.0MB

                                  • memory/1864-1050-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/1864-307-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/1864-306-0x00000000047D0000-0x00000000050BB000-memory.dmp

                                    Filesize

                                    8.9MB

                                  • memory/2288-826-0x0000000070400000-0x000000007044B000-memory.dmp

                                    Filesize

                                    300KB

                                  • memory/2288-827-0x0000000070450000-0x00000000707A0000-memory.dmp

                                    Filesize

                                    3.3MB

                                  • memory/2288-806-0x0000000006910000-0x0000000006920000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2288-805-0x00000000736D0000-0x0000000073DBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/2288-1046-0x00000000736D0000-0x0000000073DBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/2288-832-0x0000000006910000-0x0000000006920000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2696-13-0x0000000007560000-0x00000000078B0000-memory.dmp

                                    Filesize

                                    3.3MB

                                  • memory/2696-84-0x0000000009AF0000-0x0000000009B84000-memory.dmp

                                    Filesize

                                    592KB

                                  • memory/2696-302-0x00000000735D0000-0x0000000073CBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/2696-300-0x00000000735D0000-0x0000000073CBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/2696-8-0x0000000006630000-0x0000000006640000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2696-73-0x00000000702E0000-0x000000007032B000-memory.dmp

                                    Filesize

                                    300KB

                                  • memory/2696-9-0x0000000006C70000-0x0000000007298000-memory.dmp

                                    Filesize

                                    6.2MB

                                  • memory/2696-10-0x0000000006B70000-0x0000000006B92000-memory.dmp

                                    Filesize

                                    136KB

                                  • memory/2696-11-0x0000000007380000-0x00000000073E6000-memory.dmp

                                    Filesize

                                    408KB

                                  • memory/2696-12-0x00000000074F0000-0x0000000007556000-memory.dmp

                                    Filesize

                                    408KB

                                  • memory/2696-282-0x0000000009A30000-0x0000000009A38000-memory.dmp

                                    Filesize

                                    32KB

                                  • memory/2696-277-0x0000000009A50000-0x0000000009A6A000-memory.dmp

                                    Filesize

                                    104KB

                                  • memory/2696-14-0x00000000078F0000-0x000000000790C000-memory.dmp

                                    Filesize

                                    112KB

                                  • memory/2696-15-0x0000000007E30000-0x0000000007E7B000-memory.dmp

                                    Filesize

                                    300KB

                                  • memory/2696-7-0x00000000065F0000-0x0000000006626000-memory.dmp

                                    Filesize

                                    216KB

                                  • memory/2696-6-0x00000000735D0000-0x0000000073CBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/2696-72-0x00000000098A0000-0x00000000098D3000-memory.dmp

                                    Filesize

                                    204KB

                                  • memory/2696-74-0x0000000070330000-0x0000000070680000-memory.dmp

                                    Filesize

                                    3.3MB

                                  • memory/2696-75-0x0000000009880000-0x000000000989E000-memory.dmp

                                    Filesize

                                    120KB

                                  • memory/2696-34-0x00000000089B0000-0x00000000089EC000-memory.dmp

                                    Filesize

                                    240KB

                                  • memory/2696-81-0x0000000006630000-0x0000000006640000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2696-65-0x0000000008A70000-0x0000000008AE6000-memory.dmp

                                    Filesize

                                    472KB

                                  • memory/2696-80-0x00000000098E0000-0x0000000009985000-memory.dmp

                                    Filesize

                                    660KB

                                  • memory/2784-584-0x0000000070450000-0x00000000707A0000-memory.dmp

                                    Filesize

                                    3.3MB

                                  • memory/2784-582-0x000000007F720000-0x000000007F730000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2784-589-0x0000000006C10000-0x0000000006C20000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2784-802-0x00000000736D0000-0x0000000073DBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/2784-583-0x0000000070400000-0x000000007044B000-memory.dmp

                                    Filesize

                                    300KB

                                  • memory/2784-563-0x0000000006C10000-0x0000000006C20000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/2784-559-0x00000000736D0000-0x0000000073DBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/2784-560-0x0000000006C10000-0x0000000006C20000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/3428-1810-0x0000000000400000-0x00000000008DF000-memory.dmp

                                    Filesize

                                    4.9MB

                                  • memory/4624-1801-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1802-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1837-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1835-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1833-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1831-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1053-0x0000000004900000-0x0000000004CF9000-memory.dmp

                                    Filesize

                                    4.0MB

                                  • memory/4624-1056-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1829-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1827-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1825-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1823-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1821-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1819-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1817-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1815-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1813-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1795-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/4624-1811-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/5048-2-0x0000000004900000-0x00000000051EB000-memory.dmp

                                    Filesize

                                    8.9MB

                                  • memory/5048-1-0x00000000044F0000-0x00000000048F2000-memory.dmp

                                    Filesize

                                    4.0MB

                                  • memory/5048-299-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/5048-83-0x0000000004900000-0x00000000051EB000-memory.dmp

                                    Filesize

                                    8.9MB

                                  • memory/5048-82-0x00000000044F0000-0x00000000048F2000-memory.dmp

                                    Filesize

                                    4.0MB

                                  • memory/5048-303-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/5048-3-0x0000000000400000-0x0000000002675000-memory.dmp

                                    Filesize

                                    34.5MB

                                  • memory/5052-314-0x0000000007E50000-0x0000000007E9B000-memory.dmp

                                    Filesize

                                    300KB

                                  • memory/5052-333-0x0000000070400000-0x000000007044B000-memory.dmp

                                    Filesize

                                    300KB

                                  • memory/5052-312-0x00000000049D0000-0x00000000049E0000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/5052-313-0x0000000007860000-0x0000000007BB0000-memory.dmp

                                    Filesize

                                    3.3MB

                                  • memory/5052-310-0x00000000736D0000-0x0000000073DBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/5052-554-0x00000000736D0000-0x0000000073DBE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/5052-340-0x00000000049D0000-0x00000000049E0000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/5052-311-0x00000000049D0000-0x00000000049E0000-memory.dmp

                                    Filesize

                                    64KB

                                  • memory/5052-339-0x00000000093B0000-0x0000000009455000-memory.dmp

                                    Filesize

                                    660KB

                                  • memory/5052-334-0x0000000070450000-0x00000000707A0000-memory.dmp

                                    Filesize

                                    3.3MB

                                  • memory/5072-1057-0x0000000073600000-0x0000000073CEE000-memory.dmp

                                    Filesize

                                    6.9MB

                                  • memory/5072-1058-0x0000000007500000-0x0000000007850000-memory.dmp

                                    Filesize

                                    3.3MB

                                  • memory/5072-1060-0x0000000007F60000-0x0000000007FAB000-memory.dmp

                                    Filesize

                                    300KB

                                  • memory/5072-1079-0x0000000070360000-0x00000000703AB000-memory.dmp

                                    Filesize

                                    300KB