glupteba | 7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19

Analysis

max time kernel
10s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe
Size

4.2MB
MD5

b10b71806ed7fcd1b97d1b020139475e
SHA1

9089294c4bd28005fd85f52f558a990ea35a3d2f
SHA256

7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19
SHA512

8ab382905b723b4c6cec584b727a50dc42de503608c5b84302fce3f7a4733f59da4776fb23c81540a624e05f0c776b605797e23d8ea5bbfc44d661f4764ccea3
SSDEEP

98304:JlPNnLMcliXgk6mZUGEiVLqbbhuqLV4AlEjP7j:JlP9LMc0wkDbEiV0LVI3

Score

10^/10

glupteba dropper evasion loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 12 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4048-2-0x0000000005160000-0x0000000005A4B000-memory.dmp	family_glupteba
behavioral1/memory/4048-3-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/4048-21-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/4048-54-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/4048-56-0x0000000005160000-0x0000000005A4B000-memory.dmp	family_glupteba
behavioral1/memory/4400-58-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/4400-105-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/4400-119-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/4400-156-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/3280-227-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/3280-259-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba
behavioral1/memory/3280-268-0x0000000000400000-0x000000000300B000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

4432 netsh.exe

pid	process
4432	netsh.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Windows\windefender.exe	upx
behavioral1/memory/1044-267-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral1/memory/4100-269-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exe

pid process

2664 sc.exe

pid	process
2664	sc.exe

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1404	4400	WerFault.exe	7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe
4952	4400	WerFault.exe	7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe
1668	4400	WerFault.exe	7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe

Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

4940 schtasks.exe
1428 schtasks.exe

pid	process
4940	schtasks.exe
1428	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe
"C:\Users\Admin\AppData\Local\Temp\7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe"
1⤵
PID:4048

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
2⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe
"C:\Users\Admin\AppData\Local\Temp\7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19.exe"
2⤵
PID:4400

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
3⤵
PID:4988

C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
3⤵
PID:1336

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
4⤵
- Modifies Windows Firewall
PID:4432

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
3⤵
PID:4072

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
3⤵
PID:1268

C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
3⤵
PID:3280

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
4⤵
PID:3624

C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
4⤵
- Creates scheduled task(s)
PID:4940

C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
4⤵
PID:1424

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
4⤵
PID:4772

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
4⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
4⤵
PID:2620

C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
4⤵
- Creates scheduled task(s)
PID:1428

C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
4⤵
PID:1044

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
5⤵
PID:3164

C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
6⤵
- Launches sc.exe
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 868
3⤵
- Program crash
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 872
3⤵
- Program crash
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 600
3⤵
- Program crash
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3096 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4400 -ip 4400
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4400 -ip 4400
1⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4400 -ip 4400
1⤵
PID:1560

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fonrxx3w.1az.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
3d086a433708053f9bf9523e1d87a4e8

SHA1
b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

SHA256
6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

SHA512
931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
2c49353c1265c940d0590badab4a66e4

SHA1
7ede5f62b052d1d4d8ea957c469aba8607138a55

SHA256
c3171e5565b37e97ee3ebe80f122f108d88353e21b177d21b9a01e7fea1a3752

SHA512
e841c9b9bd2509150cca48a13d5e6121aa4d010602e21923057d2a4b612f8108127ed70278a6e74fbf00aae2723b2337c5ad5df912d3951ab7aa9df14bcbcd90

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
b79e5db674de18b011ceef5e05ad6c54

SHA1
d1fff27036d5f464e19e7f1778e7109dac254e2a

SHA256
9eba44494101ad4c35168de29be4e48fdbb4e870dd2319ce6f2067aa1c91b828

SHA512
a53b6bc4296dbe4114a9c943ad27d51b8c179435594628db9398d7dd45ae587cd6282d5fa36fdcfa1d1422c2f23ce628f2a3488224676c8fe2cd951e1c677d56

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
457b0fa7b9ffb8ca202b36335b3fe4a5

SHA1
66b57418c44da308a4ab0621640d801c16c88472

SHA256
4a1019ed695d0135e8f4852a98d275e8e426dcbe3bd5f58ecbf91203d0d6b893

SHA512
144ee660d0dc4ac4f31a343bb22241c241355381ab7a9de34fc18d81d38b1d827e62386deafa35c4dd228ad5e1f92f9fe89cb49ab4212c3ddc624094456644e1

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
4eb6f97113f0e9fa86932778a698a59c

SHA1
d556fab01fb0f8e78a53e5fa1022ddb6bad137e4

SHA256
9ed5ba198ffc8c6e67d2382e0a48870bd315810d5cb8380c4f23c29fd17d2579

SHA512
7ca47cd3606fb60c983cc727b21136ad89e152d6050e6c06b374d141f37c6b99f564c8c8e94aa60d1cdf4be519b9bef64ebc3a13888baf31d802beed564fa7f4

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
ec55897494e2b57badab150c50c19aff

SHA1
071b06501f5df0c992bbd8c58def624d5531e0cb

SHA256
31b89fb5279155dfa70dee216715e3f217f2ca3f9d83d98d87de7ef992e3910e

SHA512
4c4f98ba36ed94569ce24ecb7c5cc557a49a8fbad91cc66965a3a5b5b7b51fda8907a6d635a301597d425b3a2f6ecee2bf466278fc1a73ba653565bb9f1f8dd7

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.2MB

MD5
b10b71806ed7fcd1b97d1b020139475e

SHA1
9089294c4bd28005fd85f52f558a990ea35a3d2f

SHA256
7a153d0272fcdc446a34357c9e79e1ef3b04876c59b150190b523ab959d55b19

SHA512
8ab382905b723b4c6cec584b727a50dc42de503608c5b84302fce3f7a4733f59da4776fb23c81540a624e05f0c776b605797e23d8ea5bbfc44d661f4764ccea3

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/1044-267-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1268-137-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1268-135-0x0000000006150000-0x00000000064A4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-125-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1268-124-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1268-123-0x00000000741B0000-0x0000000074960000-memory.dmp

Filesize
7.7MB

Download
memory/1268-138-0x00000000700B0000-0x00000000700FC000-memory.dmp

Filesize
304KB

Download
memory/1268-139-0x0000000070870000-0x0000000070BC4000-memory.dmp

Filesize
3.3MB

Download
memory/3280-270-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/3280-272-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/3280-268-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/3280-227-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/3280-259-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4048-56-0x0000000005160000-0x0000000005A4B000-memory.dmp

Filesize
8.9MB

Download
memory/4048-2-0x0000000005160000-0x0000000005A4B000-memory.dmp

Filesize
8.9MB

Download
memory/4048-1-0x00000000035C0000-0x00000000039BD000-memory.dmp

Filesize
4.0MB

Download
memory/4048-3-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4048-54-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4048-21-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4072-122-0x00000000741B0000-0x0000000074960000-memory.dmp

Filesize
7.7MB

Download
memory/4072-109-0x0000000070850000-0x0000000070BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4072-108-0x00000000700B0000-0x00000000700FC000-memory.dmp

Filesize
304KB

Download
memory/4072-107-0x0000000004AF0000-0x0000000004B00000-memory.dmp

Filesize
64KB

Download
memory/4072-120-0x000000007F210000-0x000000007F220000-memory.dmp

Filesize
64KB

Download
memory/4072-92-0x00000000741B0000-0x0000000074960000-memory.dmp

Filesize
7.7MB

Download
memory/4072-93-0x0000000004AF0000-0x0000000004B00000-memory.dmp

Filesize
64KB

Download
memory/4072-94-0x0000000004AF0000-0x0000000004B00000-memory.dmp

Filesize
64KB

Download
memory/4100-269-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4400-57-0x00000000035E0000-0x00000000039E6000-memory.dmp

Filesize
4.0MB

Download
memory/4400-106-0x00000000035E0000-0x00000000039E6000-memory.dmp

Filesize
4.0MB

Download
memory/4400-105-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4400-58-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4400-119-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4400-156-0x0000000000400000-0x000000000300B000-memory.dmp

Filesize
44.0MB

Download
memory/4924-32-0x00000000706D0000-0x0000000070A24000-memory.dmp

Filesize
3.3MB

Download
memory/4924-23-0x00000000063D0000-0x000000000641C000-memory.dmp

Filesize
304KB

Download
memory/4924-4-0x0000000074110000-0x00000000748C0000-memory.dmp

Filesize
7.7MB

Download
memory/4924-6-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/4924-5-0x0000000004D20000-0x0000000004D56000-memory.dmp

Filesize
216KB

Download
memory/4924-7-0x00000000054A0000-0x0000000005AC8000-memory.dmp

Filesize
6.2MB

Download
memory/4924-8-0x0000000005310000-0x0000000005332000-memory.dmp

Filesize
136KB

Download
memory/4924-9-0x0000000005B40000-0x0000000005BA6000-memory.dmp

Filesize
408KB

Download
memory/4924-10-0x0000000005BB0000-0x0000000005C16000-memory.dmp

Filesize
408KB

Download
memory/4924-16-0x0000000005D20000-0x0000000006074000-memory.dmp

Filesize
3.3MB

Download
memory/4924-22-0x0000000006390000-0x00000000063AE000-memory.dmp

Filesize
120KB

Download
memory/4924-24-0x0000000006970000-0x00000000069B4000-memory.dmp

Filesize
272KB

Download
memory/4924-25-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/4924-53-0x0000000074110000-0x00000000748C0000-memory.dmp

Filesize
7.7MB

Download
memory/4924-50-0x0000000007B00000-0x0000000007B08000-memory.dmp

Filesize
32KB

Download
memory/4924-49-0x0000000007BC0000-0x0000000007BDA000-memory.dmp

Filesize
104KB

Download
memory/4924-48-0x0000000007AD0000-0x0000000007AE4000-memory.dmp

Filesize
80KB

Download
memory/4924-47-0x0000000007AC0000-0x0000000007ACE000-memory.dmp

Filesize
56KB

Download
memory/4924-46-0x0000000007A80000-0x0000000007A91000-memory.dmp

Filesize
68KB

Download
memory/4924-45-0x0000000007B20000-0x0000000007BB6000-memory.dmp

Filesize
600KB

Download
memory/4924-44-0x0000000007A50000-0x0000000007A5A000-memory.dmp

Filesize
40KB

Download
memory/4924-29-0x000000007F0A0000-0x000000007F0B0000-memory.dmp

Filesize
64KB

Download
memory/4924-30-0x0000000007920000-0x0000000007952000-memory.dmp

Filesize
200KB

Download
memory/4924-42-0x0000000007900000-0x000000000791E000-memory.dmp

Filesize
120KB

Download
memory/4924-43-0x0000000007960000-0x0000000007A03000-memory.dmp

Filesize
652KB

Download
memory/4924-31-0x000000006FFB0000-0x000000006FFFC000-memory.dmp

Filesize
304KB

Download
memory/4924-27-0x0000000007D40000-0x00000000083BA000-memory.dmp

Filesize
6.5MB

Download
memory/4924-28-0x00000000076E0000-0x00000000076FA000-memory.dmp

Filesize
104KB

Download
memory/4924-26-0x0000000007640000-0x00000000076B6000-memory.dmp

Filesize
472KB

Download
memory/4988-59-0x00000000741B0000-0x0000000074960000-memory.dmp

Filesize
7.7MB

Download
memory/4988-61-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/4988-75-0x0000000070850000-0x0000000070BA4000-memory.dmp

Filesize
3.3MB

Download
memory/4988-60-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/4988-67-0x0000000006130000-0x0000000006484000-memory.dmp

Filesize
3.3MB

Download
memory/4988-72-0x0000000006BA0000-0x0000000006BEC000-memory.dmp

Filesize
304KB

Download
memory/4988-73-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/4988-74-0x00000000700B0000-0x00000000700FC000-memory.dmp

Filesize
304KB

Download
memory/4988-90-0x00000000741B0000-0x0000000074960000-memory.dmp

Filesize
7.7MB

Download
memory/4988-87-0x0000000007CE0000-0x0000000007CF4000-memory.dmp

Filesize
80KB

Download
memory/4988-86-0x0000000007C70000-0x0000000007C81000-memory.dmp

Filesize
68KB

Download
memory/4988-85-0x0000000007970000-0x0000000007A13000-memory.dmp

Filesize
652KB

Download