Analysis

  • max time kernel
    12s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 19:23

General

  • Target

    f18cedf4b99abbcc778c1b6925a46c64bf7383782c9a48dbcca4e7949f8381f6.exe

  • Size

    4.2MB

  • MD5

    0796ac200d1f3642b598d14cf31606a1

  • SHA1

    149e9647d003952a2b1a001c1510167158022cea

  • SHA256

    f18cedf4b99abbcc778c1b6925a46c64bf7383782c9a48dbcca4e7949f8381f6

  • SHA512

    bb49e5f61975654800fa822e018275266c28c9fbec3dd6a2c93484a815d8e72d0df4d6dd66d3eb6d9e4c228272ab6d22896cc92c31d19857e06f3b8a741c69a5

  • SSDEEP

    98304:btwUIgr6Tu/hivXD0fl0IvZVjhgp1+mYFjvUcmYnimsjZaHeK:Jw6rquKXDtU1Y2GYniVjUH3

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba payload 19 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in System32 directory 2 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Program crash 1 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f18cedf4b99abbcc778c1b6925a46c64bf7383782c9a48dbcca4e7949f8381f6.exe
    "C:\Users\Admin\AppData\Local\Temp\f18cedf4b99abbcc778c1b6925a46c64bf7383782c9a48dbcca4e7949f8381f6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4980
    • C:\Users\Admin\AppData\Local\Temp\f18cedf4b99abbcc778c1b6925a46c64bf7383782c9a48dbcca4e7949f8381f6.exe
      "C:\Users\Admin\AppData\Local\Temp\f18cedf4b99abbcc778c1b6925a46c64bf7383782c9a48dbcca4e7949f8381f6.exe"
      2⤵
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4104
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1440
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2680
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          PID:1560
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1272
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
          PID:2492
        • C:\Windows\rss\csrss.exe
          C:\Windows\rss\csrss.exe
          3⤵
            PID:4468
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -nologo -noprofile
              4⤵
                PID:1300
              • C:\Windows\SYSTEM32\schtasks.exe
                schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                4⤵
                • Creates scheduled task(s)
                PID:3228
              • C:\Windows\SYSTEM32\schtasks.exe
                schtasks /delete /tn ScheduledUpdate /f
                4⤵
                  PID:4360
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell -nologo -noprofile
                  4⤵
                    PID:3132
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -nologo -noprofile
                    4⤵
                      PID:2620
                    • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                      4⤵
                        PID:1396
                      • C:\Windows\SYSTEM32\schtasks.exe
                        schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                        4⤵
                        • Creates scheduled task(s)
                        PID:2276
                      • C:\Windows\windefender.exe
                        "C:\Windows\windefender.exe"
                        4⤵
                          PID:4540
                          • C:\Windows\SysWOW64\cmd.exe
                            cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                            5⤵
                              PID:4616
                              • C:\Windows\SysWOW64\sc.exe
                                sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                6⤵
                                • Launches sc.exe
                                PID:1172
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 592
                          3⤵
                          • Program crash
                          PID:4604
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4104 -ip 4104
                      1⤵
                        PID:2908
                      • C:\Windows\windefender.exe
                        C:\Windows\windefender.exe
                        1⤵
                          PID:2248

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hx0ilhtq.02x.ps1

                                Filesize

                                60B

                                MD5

                                d17fe0a3f47be24a6453e9ef58c94641

                                SHA1

                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                SHA256

                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                SHA512

                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                              • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

                                Filesize

                                281KB

                                MD5

                                d98e33b66343e7c96158444127a117f6

                                SHA1

                                bb716c5509a2bf345c6c1152f6e3e1452d39d50d

                                SHA256

                                5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

                                SHA512

                                705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

                                Filesize

                                2KB

                                MD5

                                3d086a433708053f9bf9523e1d87a4e8

                                SHA1

                                b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

                                SHA256

                                6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

                                SHA512

                                931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                Filesize

                                19KB

                                MD5

                                22d4f368f1bb41ba795b964af88e71cf

                                SHA1

                                12ae06d7aeee4cc6c21d208c0a740dcb8604896f

                                SHA256

                                52c70987c803730ee047f0db687471b03b90b7f63d4752071ddb9221e1e2101d

                                SHA512

                                a3d9c100e2a86759a9b966bf93e58ba6d0367ed25d39407293a13772de9e424aa499a99e94bb953cc4118fc23d3725e88b3b70625fed88341765f32a4c4703ef

                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                Filesize

                                19KB

                                MD5

                                8db52f59e4e3a6689f426ea306bfb228

                                SHA1

                                4d7ddde94ca06302716b3f6a282744d8bd7db8e3

                                SHA256

                                61267d8f8d67d7c13aeda9921a26b76717e89933d2c674d1366390ef55cbe598

                                SHA512

                                b869ded8a080700e0abf8342fa991180abd4f5fad6191a62220238a96d5b8e1deede11c8289fa504f8b882603e5b3f48795effd0a1789520f7b029a51acc352d

                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                Filesize

                                19KB

                                MD5

                                57d0307b083b4346b5a6db37b80eb11e

                                SHA1

                                80aadb4a6add989f5c112b746d2c3e297296ec33

                                SHA256

                                1d9fa9b6b89f2496fab006f80673d999efd7e7635877d931d738c56ee2209f64

                                SHA512

                                f9630d06a86e1ff80131cf86ad25f09715eeb55988733685d09ab5ffc825153b9ccb1c6b82aa7ee5dd66a5158513e3b1da25916ad2363f6ffd7a3e643f2a7a7b

                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                Filesize

                                19KB

                                MD5

                                b53f458dd5f927145710b7329d499885

                                SHA1

                                11d80370115425770acffd3663f16d11b1a5c905

                                SHA256

                                e7c0dc0599038668b540911e06ebe002aa0d991146cc4e0e93d1932725326814

                                SHA512

                                13923aa15561977202e1c0d3b05fbf8d3febd994eba6d441577e7767e53af97d9f42573eee8ac12d83e4ee1bd370664f572241d9274d2d6a89ed6b73d2703828

                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                Filesize

                                19KB

                                MD5

                                b9158e689cc8351463949bab0defd447

                                SHA1

                                b6792c6d2b21774383a1b802e96b03e15f31b1e5

                                SHA256

                                07f17763960940f7eaa9c344066746949bfd4c1ae534ff2c096cb754b0d77c77

                                SHA512

                                4f952db2d0b094e1b847650033f051112a991ccf577fb3675d4e0420a1c6a1e619bad225428ebf9eb4126b9f8724274a7ed1dd3995fec3ee2dbc7374296edeaa

                              • C:\Windows\rss\csrss.exe

                                Filesize

                                4.2MB

                                MD5

                                0796ac200d1f3642b598d14cf31606a1

                                SHA1

                                149e9647d003952a2b1a001c1510167158022cea

                                SHA256

                                f18cedf4b99abbcc778c1b6925a46c64bf7383782c9a48dbcca4e7949f8381f6

                                SHA512

                                bb49e5f61975654800fa822e018275266c28c9fbec3dd6a2c93484a815d8e72d0df4d6dd66d3eb6d9e4c228272ab6d22896cc92c31d19857e06f3b8a741c69a5

                              • C:\Windows\windefender.exe

                                Filesize

                                2.0MB

                                MD5

                                8e67f58837092385dcf01e8a2b4f5783

                                SHA1

                                012c49cfd8c5d06795a6f67ea2baf2a082cf8625

                                SHA256

                                166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

                                SHA512

                                40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

                              • memory/1272-108-0x00000000712D0000-0x0000000071624000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/1272-103-0x00000000063D0000-0x0000000006724000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/1272-92-0x0000000074C80000-0x0000000075430000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/1272-104-0x0000000005560000-0x0000000005570000-memory.dmp

                                Filesize

                                64KB

                              • memory/1272-122-0x0000000074C80000-0x0000000075430000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/1272-107-0x0000000070B20000-0x0000000070B6C000-memory.dmp

                                Filesize

                                304KB

                              • memory/1272-119-0x0000000005560000-0x0000000005570000-memory.dmp

                                Filesize

                                64KB

                              • memory/1272-120-0x0000000005560000-0x0000000005570000-memory.dmp

                                Filesize

                                64KB

                              • memory/1272-102-0x0000000005560000-0x0000000005570000-memory.dmp

                                Filesize

                                64KB

                              • memory/1272-106-0x000000007F700000-0x000000007F710000-memory.dmp

                                Filesize

                                64KB

                              • memory/1440-84-0x00000000024E0000-0x00000000024F0000-memory.dmp

                                Filesize

                                64KB

                              • memory/1440-59-0x0000000074C80000-0x0000000075430000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/1440-60-0x00000000024E0000-0x00000000024F0000-memory.dmp

                                Filesize

                                64KB

                              • memory/1440-70-0x0000000070B20000-0x0000000070B6C000-memory.dmp

                                Filesize

                                304KB

                              • memory/1440-71-0x0000000070CA0000-0x0000000070FF4000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/1440-81-0x0000000006D50000-0x0000000006DF3000-memory.dmp

                                Filesize

                                652KB

                              • memory/1440-89-0x0000000074C80000-0x0000000075430000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/1440-86-0x00000000070D0000-0x00000000070E4000-memory.dmp

                                Filesize

                                80KB

                              • memory/1440-85-0x0000000007080000-0x0000000007091000-memory.dmp

                                Filesize

                                68KB

                              • memory/1440-83-0x00000000024E0000-0x00000000024F0000-memory.dmp

                                Filesize

                                64KB

                              • memory/1672-1-0x0000000003CC0000-0x00000000040BB000-memory.dmp

                                Filesize

                                4.0MB

                              • memory/1672-2-0x00000000040C0000-0x00000000049AB000-memory.dmp

                                Filesize

                                8.9MB

                              • memory/1672-82-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/1672-3-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/1672-56-0x0000000003CC0000-0x00000000040BB000-memory.dmp

                                Filesize

                                4.0MB

                              • memory/2248-265-0x0000000000400000-0x00000000008DF000-memory.dmp

                                Filesize

                                4.9MB

                              • memory/2248-271-0x0000000000400000-0x00000000008DF000-memory.dmp

                                Filesize

                                4.9MB

                              • memory/2492-137-0x00000000712A0000-0x00000000715F4000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/2492-123-0x0000000074C80000-0x0000000075430000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/2492-124-0x0000000002C20000-0x0000000002C30000-memory.dmp

                                Filesize

                                64KB

                              • memory/2492-125-0x0000000005BE0000-0x0000000005F34000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/2492-136-0x0000000070B20000-0x0000000070B6C000-memory.dmp

                                Filesize

                                304KB

                              • memory/4104-58-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4104-57-0x0000000003FF0000-0x00000000048DB000-memory.dmp

                                Filesize

                                8.9MB

                              • memory/4104-55-0x0000000003BF0000-0x0000000003FE9000-memory.dmp

                                Filesize

                                4.0MB

                              • memory/4104-118-0x0000000003BF0000-0x0000000003FE9000-memory.dmp

                                Filesize

                                4.0MB

                              • memory/4104-157-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-290-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-275-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-272-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-269-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-266-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-263-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-278-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-253-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-281-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-284-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-287-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-293-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4468-296-0x0000000000400000-0x0000000001E08000-memory.dmp

                                Filesize

                                26.0MB

                              • memory/4540-261-0x0000000000400000-0x00000000008DF000-memory.dmp

                                Filesize

                                4.9MB

                              • memory/4980-6-0x0000000003110000-0x0000000003120000-memory.dmp

                                Filesize

                                64KB

                              • memory/4980-4-0x0000000005150000-0x0000000005186000-memory.dmp

                                Filesize

                                216KB

                              • memory/4980-25-0x0000000007A20000-0x0000000007A96000-memory.dmp

                                Filesize

                                472KB

                              • memory/4980-27-0x0000000007AC0000-0x0000000007ADA000-memory.dmp

                                Filesize

                                104KB

                              • memory/4980-22-0x0000000006700000-0x000000000671E000-memory.dmp

                                Filesize

                                120KB

                              • memory/4980-21-0x0000000006310000-0x0000000006664000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/4980-26-0x0000000008120000-0x000000000879A000-memory.dmp

                                Filesize

                                6.5MB

                              • memory/4980-11-0x0000000005F60000-0x0000000005FC6000-memory.dmp

                                Filesize

                                408KB

                              • memory/4980-28-0x000000007F2D0000-0x000000007F2E0000-memory.dmp

                                Filesize

                                64KB

                              • memory/4980-10-0x0000000005EF0000-0x0000000005F56000-memory.dmp

                                Filesize

                                408KB

                              • memory/4980-9-0x0000000005710000-0x0000000005732000-memory.dmp

                                Filesize

                                136KB

                              • memory/4980-8-0x00000000057C0000-0x0000000005DE8000-memory.dmp

                                Filesize

                                6.2MB

                              • memory/4980-7-0x0000000003110000-0x0000000003120000-memory.dmp

                                Filesize

                                64KB

                              • memory/4980-31-0x0000000070CA0000-0x0000000070FF4000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/4980-24-0x0000000006C90000-0x0000000006CD4000-memory.dmp

                                Filesize

                                272KB

                              • memory/4980-23-0x0000000006740000-0x000000000678C000-memory.dmp

                                Filesize

                                304KB

                              • memory/4980-44-0x0000000007DD0000-0x0000000007DDA000-memory.dmp

                                Filesize

                                40KB

                              • memory/4980-5-0x0000000074C80000-0x0000000075430000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/4980-41-0x0000000007CC0000-0x0000000007CDE000-memory.dmp

                                Filesize

                                120KB

                              • memory/4980-30-0x0000000070B20000-0x0000000070B6C000-memory.dmp

                                Filesize

                                304KB

                              • memory/4980-42-0x0000000003110000-0x0000000003120000-memory.dmp

                                Filesize

                                64KB

                              • memory/4980-29-0x0000000007C80000-0x0000000007CB2000-memory.dmp

                                Filesize

                                200KB

                              • memory/4980-43-0x0000000007CE0000-0x0000000007D83000-memory.dmp

                                Filesize

                                652KB

                              • memory/4980-45-0x0000000007E90000-0x0000000007F26000-memory.dmp

                                Filesize

                                600KB

                              • memory/4980-46-0x0000000007DF0000-0x0000000007E01000-memory.dmp

                                Filesize

                                68KB

                              • memory/4980-47-0x0000000007E30000-0x0000000007E3E000-memory.dmp

                                Filesize

                                56KB

                              • memory/4980-48-0x0000000007E40000-0x0000000007E54000-memory.dmp

                                Filesize

                                80KB

                              • memory/4980-50-0x0000000007E80000-0x0000000007E88000-memory.dmp

                                Filesize

                                32KB

                              • memory/4980-49-0x0000000007F30000-0x0000000007F4A000-memory.dmp

                                Filesize

                                104KB

                              • memory/4980-53-0x0000000074C80000-0x0000000075430000-memory.dmp

                                Filesize

                                7.7MB