glupteba | 92a53acf35b82eaf96286b8a5dab6cef0513c48dff9e480fa3486033258c093b

Analysis

max time kernel
26s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2023, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2VITXIDiI5Oyy8xKpIJPPvdh.exe
Size

4.2MB
MD5

d373ff7cb6ac28b844d9c90fc8f1ab3f
SHA1

8bd2bd07e929d71f5c27ba7fab3777f29a4c48e3
SHA256

92a53acf35b82eaf96286b8a5dab6cef0513c48dff9e480fa3486033258c093b
SHA512

f89fce3365f1a9091b2523ea310089c53d67469e1d75b1e842eff2d59eb2a42fbbb49f03f3a45f9e56734895add9ac865e9adc1dbc0dfc4b34314b48bb0871a1
SSDEEP

98304:J1X44t3SGQ20KQ8fTQFYVjsb2ukZkh640j+5QlH/:HxbQ21QC5QrkWU40j+5QF

Score

10^/10

glupteba discordurls dropper loader

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 6 IoCs

resource	yara_rule
behavioral2/memory/3648-2-0x0000000002FA0000-0x000000000388B000-memory.dmp	family_glupteba
behavioral2/memory/3648-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/3648-23-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/3648-55-0x0000000002FA0000-0x000000000388B000-memory.dmp	family_glupteba
behavioral2/memory/3648-56-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/4044-59-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba

Detected executables Discord URL observed in first stage droppers 4 IoCs

DISCORD URLS.

discordurls

resource	yara_rule
behavioral2/memory/3648-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_DiscordURL
behavioral2/memory/3648-23-0x0000000000400000-0x0000000000D1C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_DiscordURL
behavioral2/memory/3648-56-0x0000000000400000-0x0000000000D1C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_DiscordURL
behavioral2/memory/4044-59-0x0000000000400000-0x0000000000D1C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1661 = "Bahia Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1971 = "Belarus Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-511 = "Central Asia Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-82 = "Atlantic Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-411 = "E. Africa Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-462 = "Afghanistan Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-842 = "Argentina Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-448 = "Azerbaijan Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1972 = "Belarus Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-141 = "Canada Central Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-452 = "Caucasus Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-172 = "Central Standard Time (Mexico)"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2161 = "Altai Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2182 = "Astrakhan Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2611 = "Bougainville Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2002 = "Cabo Verde Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-722 = "Central Pacific Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-572 = "China Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-681 = "E. Australia Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-441 = "Arabian Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-12 = "Azores Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-332 = "E. Europe Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2392 = "Aleutian Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-651 = "AUS Central Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-661 = "Cen. Australia Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-252 = "Dateline Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-412 = "E. Africa Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2372 = "Easter Island Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-221 = "Alaskan Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-401 = "Arabic Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1022 = "Bangladesh Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-41 = "E. South America Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2162 = "Altai Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-451 = "Caucasus Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time"	2VITXIDiI5Oyy8xKpIJPPvdh.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
816	powershell.exe
816	powershell.exe
816	powershell.exe
3648	2VITXIDiI5Oyy8xKpIJPPvdh.exe
3648	2VITXIDiI5Oyy8xKpIJPPvdh.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	816	powershell.exe
Token: SeDebugPrivilege	3648	2VITXIDiI5Oyy8xKpIJPPvdh.exe
Token: SeImpersonatePrivilege	3648	2VITXIDiI5Oyy8xKpIJPPvdh.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 816	3648	2VITXIDiI5Oyy8xKpIJPPvdh.exe	96
PID 3648 wrote to memory of 816	3648	2VITXIDiI5Oyy8xKpIJPPvdh.exe	96
PID 3648 wrote to memory of 816	3648	2VITXIDiI5Oyy8xKpIJPPvdh.exe	96

C:\Users\Admin\AppData\Local\Temp\2VITXIDiI5Oyy8xKpIJPPvdh.exe
"C:\Users\Admin\AppData\Local\Temp\2VITXIDiI5Oyy8xKpIJPPvdh.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:816
- C:\Users\Admin\AppData\Local\Temp\2VITXIDiI5Oyy8xKpIJPPvdh.exe
  "C:\Users\Admin\AppData\Local\Temp\2VITXIDiI5Oyy8xKpIJPPvdh.exe"
  2⤵
  - Modifies data under HKEY_USERS
  PID:4044
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:4940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uchxu0ck.ukf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/816-29-0x000000007EE10000-0x000000007EE20000-memory.dmp

Filesize
64KB

Download
memory/816-26-0x0000000007060000-0x00000000070D6000-memory.dmp

Filesize
472KB

Download
memory/816-4-0x0000000004740000-0x0000000004776000-memory.dmp

Filesize
216KB

Download
memory/816-5-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/816-6-0x0000000004840000-0x0000000004850000-memory.dmp

Filesize
64KB

Download
memory/816-7-0x0000000004E80000-0x00000000054A8000-memory.dmp

Filesize
6.2MB

Download
memory/816-8-0x00000000054B0000-0x00000000054D2000-memory.dmp

Filesize
136KB

Download
memory/816-9-0x0000000005610000-0x0000000005676000-memory.dmp

Filesize
408KB

Download
memory/816-53-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/816-10-0x0000000005680000-0x00000000056E6000-memory.dmp

Filesize
408KB

Download
memory/816-20-0x0000000005810000-0x0000000005B64000-memory.dmp

Filesize
3.3MB

Download
memory/816-21-0x0000000005D40000-0x0000000005D5E000-memory.dmp

Filesize
120KB

Download
memory/816-22-0x0000000005D80000-0x0000000005DCC000-memory.dmp

Filesize
304KB

Download
memory/816-50-0x00000000074A0000-0x00000000074A8000-memory.dmp

Filesize
32KB

Download
memory/816-24-0x0000000006E90000-0x0000000006ED4000-memory.dmp

Filesize
272KB

Download
memory/816-25-0x0000000004840000-0x0000000004850000-memory.dmp

Filesize
64KB

Download
memory/816-49-0x00000000074B0000-0x00000000074CA000-memory.dmp

Filesize
104KB

Download
memory/816-27-0x0000000007760000-0x0000000007DDA000-memory.dmp

Filesize
6.5MB

Download
memory/816-48-0x0000000007460000-0x0000000007474000-memory.dmp

Filesize
80KB

Download
memory/816-28-0x0000000007100000-0x000000000711A000-memory.dmp

Filesize
104KB

Download
memory/816-42-0x00000000072A0000-0x00000000072BE000-memory.dmp

Filesize
120KB

Download
memory/816-31-0x0000000070890000-0x00000000708DC000-memory.dmp

Filesize
304KB

Download
memory/816-32-0x0000000070A10000-0x0000000070D64000-memory.dmp

Filesize
3.3MB

Download
memory/816-30-0x00000000072C0000-0x00000000072F2000-memory.dmp

Filesize
200KB

Download
memory/816-43-0x0000000007300000-0x00000000073A3000-memory.dmp

Filesize
652KB

Download
memory/816-44-0x00000000073F0000-0x00000000073FA000-memory.dmp

Filesize
40KB

Download
memory/816-45-0x0000000007500000-0x0000000007596000-memory.dmp

Filesize
600KB

Download
memory/816-46-0x0000000007400000-0x0000000007411000-memory.dmp

Filesize
68KB

Download
memory/816-47-0x0000000007440000-0x000000000744E000-memory.dmp

Filesize
56KB

Download
memory/3648-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3648-1-0x0000000002B90000-0x0000000002F97000-memory.dmp

Filesize
4.0MB

Download
memory/3648-23-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3648-2-0x0000000002FA0000-0x000000000388B000-memory.dmp

Filesize
8.9MB

Download
memory/3648-54-0x0000000002B90000-0x0000000002F97000-memory.dmp

Filesize
4.0MB

Download
memory/3648-55-0x0000000002FA0000-0x000000000388B000-memory.dmp

Filesize
8.9MB

Download
memory/3648-56-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4044-58-0x0000000002930000-0x0000000002D30000-memory.dmp

Filesize
4.0MB

Download
memory/4044-59-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/4940-60-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download