Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    25s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/05/2024, 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5993e5e0d13b465d1c5e447e4619945aa07a713bfe06625d9db5c2714806dcf.exe

  • Size

    4.1MB

  • MD5

    9856f2974ded9886133f901e486e9268

  • SHA1

    caa019b7ec09dd2ad6564634e90fe8fa54b871f3

  • SHA256

    d5993e5e0d13b465d1c5e447e4619945aa07a713bfe06625d9db5c2714806dcf

  • SHA512

    ae5ece10fed7ce8f34f369d51b6c9bbde0e7ea0dd53ddb4c4365aa60a25a074027c27ebcb3fc7358d342f5239225c7360b4a567b068a21d9e1f73c8db13783ee

  • SSDEEP

    98304:qs2jgy4MUNNVHeFaTqjdOyQ0R/hqQN/vMpF4ZtiU:RhJVGa+OxWhJNXm4iU

Score
10/10
gluptebadropperevasionexecutionloaderpersistenceupx

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 16 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

    Using powershell.exe command.

    execution
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5993e5e0d13b465d1c5e447e4619945aa07a713bfe06625d9db5c2714806dcf.exe
    "C:\Users\Admin\AppData\Local\Temp\d5993e5e0d13b465d1c5e447e4619945aa07a713bfe06625d9db5c2714806dcf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2060
    • C:\Users\Admin\AppData\Local\Temp\d5993e5e0d13b465d1c5e447e4619945aa07a713bfe06625d9db5c2714806dcf.exe
      "C:\Users\Admin\AppData\Local\Temp\d5993e5e0d13b465d1c5e447e4619945aa07a713bfe06625d9db5c2714806dcf.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1312
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3872
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          PID:4804
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4476
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:708
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3576
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nologo -noprofile
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:568
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Creates scheduled task(s)
          PID:1876
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:4624
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Command and Scripting Interpreter: PowerShell
            PID:1900
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Command and Scripting Interpreter: PowerShell
            PID:2140
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
              PID:4076
            • C:\Windows\SYSTEM32\schtasks.exe
              schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
              4⤵
              • Creates scheduled task(s)
              PID:3668
            • C:\Windows\windefender.exe
              "C:\Windows\windefender.exe"
              4⤵
                PID:2444
                • C:\Windows\SysWOW64\cmd.exe
                  cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                  5⤵
                    PID:3604
                    • C:\Windows\SysWOW64\sc.exe
                      sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                      6⤵
                      • Launches sc.exe
                      PID:4596
          • C:\Windows\windefender.exe
            C:\Windows\windefender.exe
            1⤵
              PID:3680

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s5vnupsv.qms.ps1
              Filesize

              60B

              MD5

              d17fe0a3f47be24a6453e9ef58c94641

              SHA1

              6ab83620379fc69f80c0242105ddffd7d98d5d9d

              SHA256

              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

              SHA512

              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
              Filesize

              281KB

              MD5

              d98e33b66343e7c96158444127a117f6

              SHA1

              bb716c5509a2bf345c6c1152f6e3e1452d39d50d

              SHA256

              5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

              SHA512

              705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
              Filesize

              2KB

              MD5

              d0c46cad6c0778401e21910bd6b56b70

              SHA1

              7be418951ea96326aca445b8dfe449b2bfa0dca6

              SHA256

              9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

              SHA512

              057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              1270ab102fe871ea8bca7ad717247c26

              SHA1

              8229e25ab3e30aeebbabdfc561da164449f2c8f3

              SHA256

              d75e80f7657bc4c95bd14278b1b52f5b6c57360237b2c4c7867c79b6e5967f84

              SHA512

              2cff320c9d92e7d52f1055eeefbaf6c7e1eb344a7d64a1b3c83cb17550f0681a959b31bc70d34463704df9b393a0c8b107e5126f198f5f59f47bd9aba3fd280c

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              1bc99b70166cd2ed6ea20a7489dc6a46

              SHA1

              506e76fb7d17459c46de83aa70373e0b20f22d35

              SHA256

              248a2e2d6e0e3fa5e51761d957e783ce584b4ffb87c7c3abec44a55f397f6bde

              SHA512

              810cb85144a13ce25efabf380ca6f29e54a18d9d24e5beb895ee46aebd1ce0415e564632240a178332abbeaafcdc5888fd3fdaaa90e99b29a01b242ad85f8f22

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              63c743e2e4bed3a125a6dc58ef7607ce

              SHA1

              d160a36205e1576275bc3332f465aa9cb542cc87

              SHA256

              7721bfa32471627091206e06d0a195784a6ca7d1b42373e0bab1ec7b1233be80

              SHA512

              34a783b1760b40afc1621ac2530187a9b3d9d84d166bc705f2e6dbc8330aa5f06f565df19faaefd4ddd61f2e7d86b6865859e0edc28a32ad9e9ae6528fbb7022

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              d2aeab09b871f82d48111188e86b6484

              SHA1

              f33b0711f26d65ad771f201381ff1c994e89ef2d

              SHA256

              1cbc42549c58a76976785c005072e440c3c066d562e3b34d60eecda35d3c0bfc

              SHA512

              d41bd724339822ded9d161ade13a8db2fe4dc1feb07b58b6126bdd40b4b6cd6654a66480d9f8ba7b5037eeed2f50022982bd574a91ebba227079c9c40dc367ee

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              0ce6726816a4b9653b4bb830e3ec660c

              SHA1

              433fb6b0722a3ba727f438cfc475e342f805a21f

              SHA256

              6fe49cdfc3804cd324709dd4afd50e03a5756d43644ac7cb6fea75df1b8d1d96

              SHA512

              805ebc5ae3c75faeabcaa6feb331cecc61d0e80ce1400ad167e9a0a6eae11fa3a2a234ff90277b73503b9338cab77420ec66ee150c9cf2f63b1b1f853eb7b5cb

              Download Submit

            • C:\Windows\rss\csrss.exe
              Filesize

              4.1MB

              MD5

              9856f2974ded9886133f901e486e9268

              SHA1

              caa019b7ec09dd2ad6564634e90fe8fa54b871f3

              SHA256

              d5993e5e0d13b465d1c5e447e4619945aa07a713bfe06625d9db5c2714806dcf

              SHA512

              ae5ece10fed7ce8f34f369d51b6c9bbde0e7ea0dd53ddb4c4365aa60a25a074027c27ebcb3fc7358d342f5239225c7360b4a567b068a21d9e1f73c8db13783ee

              Download Submit

            • C:\Windows\windefender.exe
              Filesize

              2.0MB

              MD5

              8e67f58837092385dcf01e8a2b4f5783

              SHA1

              012c49cfd8c5d06795a6f67ea2baf2a082cf8625

              SHA256

              166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

              SHA512

              40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

              Download Submit

            • memory/568-138-0x0000000070800000-0x0000000070B57000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/568-137-0x0000000070680000-0x00000000706CC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/708-105-0x00000000054B0000-0x0000000005807000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/708-107-0x0000000070680000-0x00000000706CC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/708-108-0x0000000070FC0000-0x0000000071317000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/1312-71-0x0000000007A30000-0x0000000007A41000-memory.dmp

              Filesize

              68KB

              Download

            • memory/1312-59-0x0000000005FB0000-0x0000000006307000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/1312-60-0x0000000070680000-0x00000000706CC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/1312-61-0x0000000070890000-0x0000000070BE7000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/1312-70-0x0000000007710000-0x00000000077B4000-memory.dmp

              Filesize

              656KB

              Download

            • memory/1312-72-0x0000000007A80000-0x0000000007A95000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1900-170-0x0000000007BB0000-0x0000000007BC1000-memory.dmp

              Filesize

              68KB

              Download

            • memory/1900-171-0x00000000063F0000-0x0000000006405000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1900-169-0x0000000007880000-0x0000000007924000-memory.dmp

              Filesize

              656KB

              Download

            • memory/1900-153-0x0000000006020000-0x0000000006377000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/1900-158-0x0000000006900000-0x000000000694C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/1900-159-0x00000000705A0000-0x00000000705EC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/1900-160-0x00000000707F0000-0x0000000070B47000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/2020-125-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/2060-38-0x0000000006FF0000-0x000000000700A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/2060-25-0x0000000070680000-0x00000000706CC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/2060-8-0x0000000074410000-0x0000000074BC1000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/2060-45-0x0000000007190000-0x0000000007198000-memory.dmp

              Filesize

              32KB

              Download

            • memory/2060-44-0x00000000071B0000-0x00000000071CA000-memory.dmp

              Filesize

              104KB

              Download

            • memory/2060-43-0x00000000070B0000-0x00000000070C5000-memory.dmp

              Filesize

              84KB

              Download

            • memory/2060-42-0x00000000070A0000-0x00000000070AE000-memory.dmp

              Filesize

              56KB

              Download

            • memory/2060-41-0x0000000007060000-0x0000000007071000-memory.dmp

              Filesize

              68KB

              Download

            • memory/2060-40-0x00000000070F0000-0x0000000007186000-memory.dmp

              Filesize

              600KB

              Download

            • memory/2060-39-0x0000000007030000-0x000000000703A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2060-11-0x0000000005520000-0x0000000005586000-memory.dmp

              Filesize

              408KB

              Download

            • memory/2060-37-0x0000000007630000-0x0000000007CAA000-memory.dmp

              Filesize

              6.5MB

              Download

            • memory/2060-10-0x0000000004C30000-0x0000000004C96000-memory.dmp

              Filesize

              408KB

              Download

            • memory/2060-20-0x0000000005590000-0x00000000058E7000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/2060-48-0x0000000074410000-0x0000000074BC1000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/2060-7-0x0000000004D80000-0x00000000053AA000-memory.dmp

              Filesize

              6.2MB

              Download

            • memory/2060-26-0x0000000070800000-0x0000000070B57000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/2060-35-0x0000000006EA0000-0x0000000006EBE000-memory.dmp

              Filesize

              120KB

              Download

            • memory/2060-4-0x000000007441E000-0x000000007441F000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2060-5-0x0000000002210000-0x0000000002246000-memory.dmp

              Filesize

              216KB

              Download

            • memory/2060-36-0x0000000006EC0000-0x0000000006F64000-memory.dmp

              Filesize

              656KB

              Download

            • memory/2060-24-0x0000000006E60000-0x0000000006E94000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2060-6-0x0000000074410000-0x0000000074BC1000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/2060-23-0x0000000006A10000-0x0000000006A56000-memory.dmp

              Filesize

              280KB

              Download

            • memory/2060-22-0x0000000005A60000-0x0000000005AAC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/2060-21-0x0000000005A30000-0x0000000005A4E000-memory.dmp

              Filesize

              120KB

              Download

            • memory/2060-9-0x0000000004A90000-0x0000000004AB2000-memory.dmp

              Filesize

              136KB

              Download

            • memory/2140-182-0x00000000705A0000-0x00000000705EC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/2140-183-0x00000000707F0000-0x0000000070B47000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/2444-206-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/2444-211-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/3448-1-0x00000000033F0000-0x00000000037F7000-memory.dmp

              Filesize

              4.0MB

              Download

            • memory/3448-2-0x00000000050A0000-0x000000000598B000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/3448-117-0x00000000033F0000-0x00000000037F7000-memory.dmp

              Filesize

              4.0MB

              Download

            • memory/3448-118-0x00000000050A0000-0x000000000598B000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/3448-127-0x0000000000400000-0x0000000000D1C000-memory.dmp

              Filesize

              9.1MB

              Download

            • memory/3448-50-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3448-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

              Filesize

              9.1MB

              Download

            • memory/3576-214-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-230-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-205-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-250-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-246-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-199-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-242-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-238-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-218-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-234-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-222-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3576-226-0x0000000000400000-0x0000000002ED7000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/3680-210-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/3680-223-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/3680-216-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/4476-87-0x0000000070820000-0x0000000070B77000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/4476-86-0x0000000070680000-0x00000000706CC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/4476-84-0x0000000005570000-0x00000000058C7000-memory.dmp

              Filesize

              3.3MB

              Download