Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/05/2024, 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    096a5882217ecf9c4b8edbd4ae28d1035d6ed089b47561ec83ae871565be54b4.exe

  • Size

    4.1MB

  • MD5

    ca83d211183ef814aec4870006d579b6

  • SHA1

    43ba657450d69d8670f43f2627d331882faa2772

  • SHA256

    096a5882217ecf9c4b8edbd4ae28d1035d6ed089b47561ec83ae871565be54b4

  • SHA512

    ea9e104548069b35051f52bead75af9791993837e69aa6ba5ae263ce3999a93a9053bfa551c89db19784012bdb581e8a9b537d47135e0778550eefb8c284c190

  • SSDEEP

    49152:ffnInHQDK0wlO9rfJPTTANkdvq5+Duji334xe6X5+X6+m4ZNLcl7ubrDe/c0eSCw:0RCfJXOkdCGujW3ocq+CWmE2BmkIV7WH

Score
10/10
gluptebadiscoverydropperevasionexecutionloaderpersistence

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 13 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 6 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

    Using powershell.exe command.

    execution
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\096a5882217ecf9c4b8edbd4ae28d1035d6ed089b47561ec83ae871565be54b4.exe
    "C:\Users\Admin\AppData\Local\Temp\096a5882217ecf9c4b8edbd4ae28d1035d6ed089b47561ec83ae871565be54b4.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3700
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3968
    • C:\Users\Admin\AppData\Local\Temp\096a5882217ecf9c4b8edbd4ae28d1035d6ed089b47561ec83ae871565be54b4.exe
      "C:\Users\Admin\AppData\Local\Temp\096a5882217ecf9c4b8edbd4ae28d1035d6ed089b47561ec83ae871565be54b4.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1840
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:716
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4056
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          PID:1568
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1808
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1624
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:996
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nologo -noprofile
          4⤵
          • Drops file in System32 directory
          • Command and Scripting Interpreter: PowerShell
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:5040
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Creates scheduled task(s)
          PID:2384
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:536
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Drops file in System32 directory
            • Command and Scripting Interpreter: PowerShell
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2068
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Command and Scripting Interpreter: PowerShell
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3232
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
              PID:2436
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4548

        Network

        MITRE ATT&CK Enterprise v15

        Reconnaissance

        Resource Development

        Initial Access

        Execution

        Command and Scripting Interpreter

        1
        T1059

        PowerShell

        1
        T1059.001

        Scheduled Task/Job

        1
        T1053

        Persistence

        Boot or Logon Autostart Execution

        1
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Scheduled Task/Job

        1
        T1053

        Privilege Escalation

        Boot or Logon Autostart Execution

        1
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Create or Modify System Process

        1
        T1543

        Windows Service

        1
        T1543.003

        Scheduled Task/Job

        1
        T1053

        Defense Evasion

        Impair Defenses

        1
        T1562

        Disable or Modify System Firewall

        1
        T1562.004

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        Query Registry

        2
        T1012

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Command and Control

        Exfiltration

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hnsj414t.jdc.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
          Filesize

          281KB

          MD5

          d98e33b66343e7c96158444127a117f6

          SHA1

          bb716c5509a2bf345c6c1152f6e3e1452d39d50d

          SHA256

          5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

          SHA512

          705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
          Filesize

          2KB

          MD5

          3d086a433708053f9bf9523e1d87a4e8

          SHA1

          b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

          SHA256

          6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

          SHA512

          931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          1e7caa45a51b5075a65f821f06fa48f9

          SHA1

          19fb54d99cf87e12abead56582c6b630452ca7eb

          SHA256

          fea910b104328e4f5b06c0b5c20a41dbf61184c4ba15bbe55b7da6fb43145213

          SHA512

          4ef138f99b423d935b3273a0fc446d2fd605feaa8aa9fa88d01634fb636a5e6bfbbadc5077b27f4c7d57a1f7fc208470d8b2226e5e9551b2e0f16dcd810fdb43

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          f90bddb8b8ee5b9542b229b365d2e7d3

          SHA1

          94198243e0abc26a3cfe9f6f4b999cec9b429920

          SHA256

          84752751f30f2fc02cfa67d63268d2dcabd4314cf9485f9f03da767443031d79

          SHA512

          d5de8d2d252cc3fda5069a3e40753d5179807b6fe840c322f340ef09441fa0036814f6659e8486f79eb5c9aa746dad0f0539ea46b9a2a8d7d3c4047cd1d9b7d0

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          0b7938dc1478a48a98b0a8bd2709c36d

          SHA1

          3b0f77f554580fae256f9a0190b5d4d46b687f04

          SHA256

          fff1e4abbea8fd5a36e64a5bf1121bb9a245fcd9bd134127a9eca1457cc82ae7

          SHA512

          ced1097fd29da7ceb2b020dcff8e892ecbbc1e3515f355c995cc4be602770f4bf7ac3d1a8165e2be55f98edc15698bfc288c957c3d1c7adcada454ae01516588

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          8893c8b058eb620acb039a4564c93b63

          SHA1

          63380f06b8a822f66af87d0e49d3b1d610d93109

          SHA256

          fde3a7490a53c3967624ce97807b7a572eab5490445b223837666f1f79e815e3

          SHA512

          419844f396f01879f84ea907042799312eaf61ee1f1f502ffbd4bd2d8177599a453d69851303585406dd9863f7564d73c2a2d9fb3b499acc1dca144d2696b29f

          Download Submit

        • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
          Filesize

          19KB

          MD5

          f46bfccd93e796c7c29d12e8ca3949e6

          SHA1

          6524e7f324c6e19723d0af90de63955873cb4ead

          SHA256

          7721b39643c84ed22a80a08be8e97c5bcbbe2b30117c80bae307992f915052bf

          SHA512

          f7f4a75b4ace047561134be47c24646cb29ffd08097e3b552660feeb1b88aa4a4c5625548295ef112def64afc262010f4a836976b832ae06772a9667e4efc576

          Download Submit

        • C:\Windows\rss\csrss.exe
          Filesize

          4.1MB

          MD5

          ca83d211183ef814aec4870006d579b6

          SHA1

          43ba657450d69d8670f43f2627d331882faa2772

          SHA256

          096a5882217ecf9c4b8edbd4ae28d1035d6ed089b47561ec83ae871565be54b4

          SHA512

          ea9e104548069b35051f52bead75af9791993837e69aa6ba5ae263ce3999a93a9053bfa551c89db19784012bdb581e8a9b537d47135e0778550eefb8c284c190

          Download Submit

        • memory/716-79-0x00000000062A0000-0x00000000062EC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/716-92-0x00000000077B0000-0x00000000077C1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/716-81-0x0000000070240000-0x0000000070594000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/716-78-0x0000000005D40000-0x0000000006094000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/716-80-0x00000000700B0000-0x00000000700FC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/716-94-0x0000000007820000-0x0000000007834000-memory.dmp

          Filesize

          80KB

          Download

        • memory/716-91-0x00000000074A0000-0x0000000007543000-memory.dmp

          Filesize

          652KB

          Download

        • memory/996-176-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/996-216-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/1624-133-0x0000000070230000-0x0000000070584000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1624-132-0x00000000700B0000-0x00000000700FC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1808-109-0x00000000700B0000-0x00000000700FC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1808-110-0x0000000070230000-0x0000000070584000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1808-107-0x0000000005D50000-0x00000000060A4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1840-147-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/1840-121-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/1840-68-0x00000000029B0000-0x0000000002DB7000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1840-93-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/2068-189-0x0000000006580000-0x00000000065CC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/2068-190-0x000000006FF30000-0x000000006FF7C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/2068-191-0x00000000706C0000-0x0000000070A14000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2068-185-0x0000000005960000-0x0000000005CB4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/2068-201-0x0000000007270000-0x0000000007313000-memory.dmp

          Filesize

          652KB

          Download

        • memory/2068-202-0x0000000007570000-0x0000000007581000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2068-203-0x0000000005DE0000-0x0000000005DF4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3232-210-0x0000000005830000-0x0000000005B84000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3232-217-0x000000006FF30000-0x000000006FF7C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3232-218-0x00000000706E0000-0x0000000070A34000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3700-66-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/3700-38-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/3700-2-0x0000000002E70000-0x000000000375B000-memory.dmp

          Filesize

          8.9MB

          Download

        • memory/3700-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/3700-4-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/3700-1-0x0000000002A60000-0x0000000002E67000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/3700-10-0x0000000002A60000-0x0000000002E67000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/3700-12-0x0000000002E70000-0x000000000375B000-memory.dmp

          Filesize

          8.9MB

          Download

        • memory/3700-57-0x0000000000400000-0x0000000000D1C000-memory.dmp

          Filesize

          9.1MB

          Download

        • memory/3968-30-0x0000000005CC0000-0x0000000005CDE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3968-15-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-54-0x0000000007400000-0x000000000740A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3968-53-0x0000000007310000-0x00000000073B3000-memory.dmp

          Filesize

          652KB

          Download

        • memory/3968-52-0x00000000072B0000-0x00000000072CE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3968-42-0x0000000070130000-0x0000000070484000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3968-41-0x000000006FFB0000-0x000000006FFFC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3968-40-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-39-0x00000000072D0000-0x0000000007302000-memory.dmp

          Filesize

          200KB

          Download

        • memory/3968-56-0x0000000007090000-0x00000000070A1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3968-37-0x0000000006F50000-0x0000000006F6A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/3968-36-0x00000000076D0000-0x0000000007D4A000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/3968-35-0x0000000006FD0000-0x0000000007046000-memory.dmp

          Filesize

          472KB

          Download

        • memory/3968-34-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-32-0x0000000006220000-0x0000000006264000-memory.dmp

          Filesize

          272KB

          Download

        • memory/3968-31-0x0000000005D90000-0x0000000005DDC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3968-60-0x0000000007430000-0x000000000744A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/3968-61-0x0000000007420000-0x0000000007428000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3968-24-0x0000000005650000-0x00000000059A4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3968-62-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-5-0x000000007411E000-0x000000007411F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3968-65-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-6-0x00000000026E0000-0x0000000002716000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3968-7-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-8-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-23-0x0000000074110000-0x00000000748C0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3968-17-0x0000000004CC0000-0x0000000004D26000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3968-16-0x0000000004C50000-0x0000000004CB6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3968-55-0x00000000074B0000-0x0000000007546000-memory.dmp

          Filesize

          600KB

          Download

        • memory/3968-13-0x0000000004A40000-0x0000000004A62000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3968-58-0x00000000073C0000-0x00000000073CE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3968-59-0x00000000073E0000-0x00000000073F4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3968-9-0x0000000005020000-0x0000000005648000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/5040-175-0x0000000006700000-0x0000000006714000-memory.dmp

          Filesize

          80KB

          Download

        • memory/5040-174-0x0000000007D40000-0x0000000007D51000-memory.dmp

          Filesize

          68KB

          Download

        • memory/5040-173-0x0000000007B80000-0x0000000007C23000-memory.dmp

          Filesize

          652KB

          Download

        • memory/5040-163-0x0000000070190000-0x00000000704E4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/5040-162-0x0000000070010000-0x000000007005C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/5040-161-0x00000000069C0000-0x0000000006A0C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/5040-159-0x0000000006380000-0x00000000066D4000-memory.dmp

          Filesize

          3.3MB

          Download