glupteba | fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3

Analysis

max time kernel
0s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3.exe
Size

4.2MB
MD5

ea4e6e9c8e1aec8f2682e8c0afa6224b
SHA1

71e81eea8a1e2d5e36d635f7eb992ac3605c9d12
SHA256

fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3
SHA512

102358f8ea06d335b3a77d77cb2b48feebd5030b68cb7624b5dd99951f120da87271c6ab46eb34e7d1945f03747e570d2eac62d57b561c5d39e53c843e227072
SSDEEP

98304:1+Gg6aXQ+/QyN9wV3/YhHbVpnwBVKjBiw+3St8K4I:WXQwQ89A3/Y5DnwBWu3Q8KF

Score

10^/10

glupteba dropper evasion loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 17 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2800-2-0x0000000006680000-0x0000000006F6B000-memory.dmp	family_glupteba
behavioral1/memory/2800-88-0x0000000006680000-0x0000000006F6B000-memory.dmp	family_glupteba
behavioral1/memory/2800-116-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/4692-180-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-249-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-253-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-258-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-266-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-270-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-274-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-278-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-282-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-286-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-290-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-294-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-298-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba
behavioral1/memory/1964-302-0x0000000000400000-0x0000000004426000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

2216 netsh.exe

pid	process
2216	netsh.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Windows\windefender.exe	upx
behavioral1/memory/4104-262-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/1940-267-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/1940-276-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exe

pid process

888 sc.exe
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

5016 schtasks.exe
2296 schtasks.exe

pid	process
888	sc.exe

pid	process
5016	schtasks.exe
2296	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3.exe
"C:\Users\Admin\AppData\Local\Temp\fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3.exe"
1⤵
PID:2800

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
2⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3.exe
"C:\Users\Admin\AppData\Local\Temp\fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3.exe"
2⤵
PID:4692

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
3⤵
PID:4504

C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
3⤵
PID:4860

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
4⤵
- Modifies Windows Firewall
PID:2216

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
3⤵
PID:2980

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
3⤵
PID:4444

C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
3⤵
PID:1964

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
4⤵
PID:3332

C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
4⤵
- Creates scheduled task(s)
PID:5016

C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
4⤵
PID:1480

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
4⤵
PID:4460

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
4⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
4⤵
PID:5096

C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
4⤵
- Creates scheduled task(s)
PID:2296

C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
4⤵
PID:4104

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
5⤵
PID:2188

C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
6⤵
- Launches sc.exe
PID:888

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:1940

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ha1yozc.sew.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
19KB

MD5
c6d66e29ffc0899482d8fa21243fec34

SHA1
1d25508a0bf4281bbf83e55ccbebbfc23b5025ce

SHA256
bbcba872f6e2e5dc5a65922b5147e6a03da93b0d59dee4f0428922a4918953af

SHA512
abc73dd7654e41853879c856fcf415f130635afa3dba0da2314a1076b14ce2bf6d17ad614442a2fd38a07909a4227542010120b0472c121c9d23b4fe07ea3816

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
19KB

MD5
044da96174a3bd392967b534b0803cb3

SHA1
336fca3087c7f5acba45420fb73b3c48d381bd46

SHA256
dc58fcbb8a5ecf330ba01973e83ace6db6018a53af79fd8c871671593c7f5a49

SHA512
f3ba0c95847df9a2eb8f8ab58a9cd1b75ea77356e1f6d4819c7237e888f777ed697e51746497b822ad47fc443f4f8789f5b7a572eae4ce25be7255491ccd9192

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
19KB

MD5
fe5f0433ec6f9e1c39cc22c97cd0e4aa

SHA1
8299f640abcdb15239661be92eb8e4d19e00da70

SHA256
1a26307ffa3c5f13ff3b772ab1f77ca2747cecd0db4a134a09a20669ea5ae0d0

SHA512
358023a91a3a3649b77cbc48c4b1bdba67cebf47d0468749e1fe124bd03d39242c0710d889457a7b438c91abae67e9dcb540f7442a495b050e0dae048cd61a61

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
19KB

MD5
47954be2dc45fd9613f602930701889f

SHA1
8fd99ac57240601d15685bd0e67d6a8f72d61a7c

SHA256
10436ca944ca523f1dd71888224903cb4867fc7b27dcdaac55755295751940e7

SHA512
ba260a4271ec4a877fb996068ca19f6fb8f7516df1fd59a6fe6f0fc888be9f15ac3e10e72f22ceccb4e21f19a1943ff0f9fae526e26a4be72db177625fa80e93

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
Filesize
19KB

MD5
f23f9bff550905fef4fe11292919b7bd

SHA1
089bc523db9ca785337b951b9dfefa508d526b91

SHA256
3e3ed773c6fb8db0314cabffa137d9d9fddcb00c6c45315ccb2ee4527e20deec

SHA512
707aca9a53305aa08eb066fca17ebbc51192ffe9dcb3f3145db31899845335e0e1f83384c2a834b9984f8d0205242212cb3c254fed773e81e0b5b00a6214f3f2

Download Submit
C:\Windows\rss\csrss.exe
Filesize
4.2MB

MD5
ea4e6e9c8e1aec8f2682e8c0afa6224b

SHA1
71e81eea8a1e2d5e36d635f7eb992ac3605c9d12

SHA256
fe470fe640e6ce78331be4ca30542c1cb13268fa7a7c6b81186f7959a1139db3

SHA512
102358f8ea06d335b3a77d77cb2b48feebd5030b68cb7624b5dd99951f120da87271c6ab46eb34e7d1945f03747e570d2eac62d57b561c5d39e53c843e227072

Download Submit
C:\Windows\windefender.exe
Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/1940-267-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1940-276-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1964-249-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-294-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-266-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-258-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-274-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-253-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-302-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-278-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-282-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-286-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-290-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-298-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/1964-150-0x0000000004E00000-0x0000000005200000-memory.dmp

Filesize
4.0MB

Download
memory/1964-270-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/2800-1-0x0000000004AD0000-0x0000000004ED5000-memory.dmp

Filesize
4.0MB

Download
memory/2800-116-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/2800-66-0x0000000004AD0000-0x0000000004ED5000-memory.dmp

Filesize
4.0MB

Download
memory/2800-88-0x0000000006680000-0x0000000006F6B000-memory.dmp

Filesize
8.9MB

Download
memory/2800-2-0x0000000006680000-0x0000000006F6B000-memory.dmp

Filesize
8.9MB

Download
memory/2980-115-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/2980-102-0x000000007F460000-0x000000007F470000-memory.dmp

Filesize
64KB

Download
memory/2980-103-0x0000000070650000-0x000000007069C000-memory.dmp

Filesize
304KB

Download
memory/2980-104-0x0000000070DD0000-0x0000000071124000-memory.dmp

Filesize
3.3MB

Download
memory/2980-90-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/2980-96-0x00000000028D0000-0x00000000028E0000-memory.dmp

Filesize
64KB

Download
memory/2980-89-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/3332-152-0x0000000002410000-0x0000000002420000-memory.dmp

Filesize
64KB

Download
memory/3332-151-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/4104-262-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4112-26-0x00000000076C0000-0x00000000076DA000-memory.dmp

Filesize
104KB

Download
memory/4112-46-0x0000000007AC0000-0x0000000007AD4000-memory.dmp

Filesize
80KB

Download
memory/4112-3-0x0000000004DA0000-0x0000000004DD6000-memory.dmp

Filesize
216KB

Download
memory/4112-42-0x0000000007A50000-0x0000000007A5A000-memory.dmp

Filesize
40KB

Download
memory/4112-5-0x0000000005510000-0x0000000005B38000-memory.dmp

Filesize
6.2MB

Download
memory/4112-7-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4112-43-0x0000000007B10000-0x0000000007BA6000-memory.dmp

Filesize
600KB

Download
memory/4112-6-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4112-8-0x00000000054C0000-0x00000000054E2000-memory.dmp

Filesize
136KB

Download
memory/4112-9-0x0000000005BB0000-0x0000000005C16000-memory.dmp

Filesize
408KB

Download
memory/4112-10-0x0000000005D50000-0x0000000005DB6000-memory.dmp

Filesize
408KB

Download
memory/4112-51-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/4112-48-0x0000000007B00000-0x0000000007B08000-memory.dmp

Filesize
32KB

Download
memory/4112-45-0x0000000007AB0000-0x0000000007ABE000-memory.dmp

Filesize
56KB

Download
memory/4112-47-0x0000000007BB0000-0x0000000007BCA000-memory.dmp

Filesize
104KB

Download
memory/4112-28-0x0000000007900000-0x0000000007932000-memory.dmp

Filesize
200KB

Download
memory/4112-44-0x0000000007A70000-0x0000000007A81000-memory.dmp

Filesize
68KB

Download
memory/4112-20-0x0000000005EC0000-0x0000000006214000-memory.dmp

Filesize
3.3MB

Download
memory/4112-21-0x0000000006350000-0x000000000636E000-memory.dmp

Filesize
120KB

Download
memory/4112-22-0x00000000063B0000-0x00000000063FC000-memory.dmp

Filesize
304KB

Download
memory/4112-23-0x00000000074D0000-0x0000000007514000-memory.dmp

Filesize
272KB

Download
memory/4112-24-0x00000000076E0000-0x0000000007756000-memory.dmp

Filesize
472KB

Download
memory/4112-25-0x0000000007DE0000-0x000000000845A000-memory.dmp

Filesize
6.5MB

Download
memory/4112-30-0x00000000707D0000-0x0000000070B24000-memory.dmp

Filesize
3.3MB

Download
memory/4112-40-0x0000000007940000-0x000000000795E000-memory.dmp

Filesize
120KB

Download
memory/4112-41-0x0000000007960000-0x0000000007A03000-memory.dmp

Filesize
652KB

Download
memory/4112-4-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/4112-27-0x000000007F9E0000-0x000000007F9F0000-memory.dmp

Filesize
64KB

Download
memory/4112-29-0x0000000070650000-0x000000007069C000-memory.dmp

Filesize
304KB

Download
memory/4444-128-0x0000000005040000-0x0000000005050000-memory.dmp

Filesize
64KB

Download
memory/4444-133-0x00000000707D0000-0x0000000070B24000-memory.dmp

Filesize
3.3MB

Download
memory/4444-129-0x0000000005040000-0x0000000005050000-memory.dmp

Filesize
64KB

Download
memory/4444-144-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/4444-126-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/4444-131-0x0000000070650000-0x000000007069C000-memory.dmp

Filesize
304KB

Download
memory/4444-132-0x000000007FA40000-0x000000007FA50000-memory.dmp

Filesize
64KB

Download
memory/4504-55-0x0000000003010000-0x0000000003020000-memory.dmp

Filesize
64KB

Download
memory/4504-86-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/4504-81-0x0000000003010000-0x0000000003020000-memory.dmp

Filesize
64KB

Download
memory/4504-67-0x000000007F1F0000-0x000000007F200000-memory.dmp

Filesize
64KB

Download
memory/4504-80-0x00000000077F0000-0x0000000007893000-memory.dmp

Filesize
652KB

Download
memory/4504-69-0x0000000070DD0000-0x0000000071124000-memory.dmp

Filesize
3.3MB

Download
memory/4504-79-0x0000000003010000-0x0000000003020000-memory.dmp

Filesize
64KB

Download
memory/4504-82-0x0000000007B00000-0x0000000007B11000-memory.dmp

Filesize
68KB

Download
memory/4504-54-0x00000000747B0000-0x0000000074F60000-memory.dmp

Filesize
7.7MB

Download
memory/4504-83-0x0000000007B50000-0x0000000007B64000-memory.dmp

Filesize
80KB

Download
memory/4504-61-0x0000000005FB0000-0x0000000006304000-memory.dmp

Filesize
3.3MB

Download
memory/4504-68-0x0000000070650000-0x000000007069C000-memory.dmp

Filesize
304KB

Download
memory/4692-127-0x0000000004AE0000-0x0000000004ED9000-memory.dmp

Filesize
4.0MB

Download
memory/4692-180-0x0000000000400000-0x0000000004426000-memory.dmp

Filesize
64.1MB

Download
memory/4692-53-0x0000000004AE0000-0x0000000004ED9000-memory.dmp

Filesize
4.0MB

Download