glupteba | f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507

Analysis

max time kernel
2s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
17-05-2024 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe
Size

4.1MB
MD5

689d3ce68157244af7f45b105664e675
SHA1

617c4dd0e34b0e207a5c9da4fe367f129f5ba8cf
SHA256

f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507
SHA512

b4f53f02888adb9885460fae741d1abef13facfe79c822aa0cd03d8d41f586d3b790f112276defe463e1d267b2c2fa07a01440b93c6e67a2b977d515834405db
SSDEEP

98304:d/1aS45wg9wCj95WS7Tld+z+RCAmv1nHALSIS:d/oSJg9H959pd0eCv1HALS1

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 18 IoCs

resource	yara_rule
behavioral2/memory/3524-2-0x0000000004D40000-0x000000000562B000-memory.dmp	family_glupteba
behavioral2/memory/3524-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/3524-133-0x0000000004D40000-0x000000000562B000-memory.dmp	family_glupteba
behavioral2/memory/3524-132-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/3524-192-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/1144-191-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-199-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-210-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-214-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-218-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-221-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-226-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-230-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-234-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-238-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-246-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-250-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba
behavioral2/memory/2996-254-0x0000000000400000-0x0000000002B08000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2208	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000200000002aa1f-202.dat	upx
behavioral2/memory/3116-205-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/3116-208-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1036-207-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1036-212-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1036-220-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2032	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4824	powershell.exe
2392	powershell.exe
3784	powershell.exe
2868	powershell.exe
3004	powershell.exe
1240	powershell.exe
1160	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2740	schtasks.exe
3596	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4824	powershell.exe
4824	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4824	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 4824	3524	f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe	81
PID 3524 wrote to memory of 4824	3524	f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe	81
PID 3524 wrote to memory of 4824	3524	f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe	81

C:\Users\Admin\AppData\Local\Temp\f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe
"C:\Users\Admin\AppData\Local\Temp\f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4824
- C:\Users\Admin\AppData\Local\Temp\f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe
  "C:\Users\Admin\AppData\Local\Temp\f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507.exe"
  2⤵
  PID:1144
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:2964
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:2208
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3784
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2868
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:2996
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:3004
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2740
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:3668
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1240
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:1048
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:3596
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:3116
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:1064
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:2032

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:1036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xoa5enno.oco.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
84bea8b442085aed9b31203f7d6ed56e

SHA1
aad971c4886fdd3d90ad702d71570f2205afae7e

SHA256
c200c49de937654b0bea60936382a91803352ca94788e17ad73db2f2d5c8b047

SHA512
a5a7dfa4ca1852703871a7f5ca4787c6d02716409cb6ca38fb86a5dc32c566be5bf43681b8497f7434caac76459ec8ca6fe435d83d7a375eff18345985ce047b

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
e161de76fbaee5096d04e795c1602bd3

SHA1
19acd18114c391ec33f01b7fcc22160ec5af40f5

SHA256
4556346022b0b14946bae61ee1c010e973c7bde5a26d5d4786a89ddae1a30874

SHA512
677d663149a3dbf258d4a2bfe20c794d6e828573ed5e496e68140737f120459276a55c91c82390dd48f4416744ac3abb73ba64e65f9103f647beb7a2c40310f3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
ef1771a90c6a1a56f7e83fcf8f46b5f6

SHA1
ffff260aa4f031004de06d459918fcd8c9fdff9a

SHA256
aea66ff9a83aece54e1e7f572f31487f59cf861fc17f83c7f5a22ed3c8c93ae9

SHA512
222a99326dd96ecc4c27cacf34327dadc6350093077fee3316b969c361e293d13897f8da076dafd071c2d18be621196337f6b0c5ecc47e4bf406dd79287613f5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
5a4b2755f0f42612b8b65f5aa417bd46

SHA1
6b84a715975e347f66edd6021d6eac04c5d3d8d4

SHA256
e12b5e0a8a64c7cdf0ee36aa17de2554d352aefb366a757e27c9faac9868fe1b

SHA512
0851e85215f2615552660375a4c10c06cd189d4a93c5e0113065bf03384e67fa04272e7ce12a43aa0d93cd60ec3bbc94812d2c9c83991b6d7b2f782b17367238

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
ec70891529e3cc517f4fc2c4104c296d

SHA1
8fa2f937ddab8668211e9a71ba44b6c4239a1aa4

SHA256
48cba0e3dd3a8dd0c73333cec4e8ab4a830a99cf852ccdbfe97498cb64a9b87a

SHA512
092f40e2dbc1f1490188c19b4566c22d7ba090db29a28393592e49c5948c0ccb80b0e7914f79433e2ba62411ef31743d093c057e8f0e9eb80833a31997c616fb

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.1MB

MD5
689d3ce68157244af7f45b105664e675

SHA1
617c4dd0e34b0e207a5c9da4fe367f129f5ba8cf

SHA256
f664220007be5b388030b309d696b62f16faccce628feab953fb510f20708507

SHA512
b4f53f02888adb9885460fae741d1abef13facfe79c822aa0cd03d8d41f586d3b790f112276defe463e1d267b2c2fa07a01440b93c6e67a2b977d515834405db

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/1036-207-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1036-212-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1036-220-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1144-191-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/1160-181-0x0000000070550000-0x00000000708A7000-memory.dmp

Filesize
3.3MB

Download
memory/1160-178-0x0000000005F40000-0x0000000006297000-memory.dmp

Filesize
3.3MB

Download
memory/1160-180-0x0000000070300000-0x000000007034C000-memory.dmp

Filesize
304KB

Download
memory/1240-168-0x0000000006300000-0x0000000006315000-memory.dmp

Filesize
84KB

Download
memory/1240-153-0x00000000063A0000-0x00000000066F7000-memory.dmp

Filesize
3.3MB

Download
memory/1240-157-0x0000000070480000-0x00000000707D7000-memory.dmp

Filesize
3.3MB

Download
memory/1240-167-0x0000000007D20000-0x0000000007D31000-memory.dmp

Filesize
68KB

Download
memory/1240-166-0x0000000007B30000-0x0000000007BD4000-memory.dmp

Filesize
656KB

Download
memory/1240-155-0x0000000006D20000-0x0000000006D6C000-memory.dmp

Filesize
304KB

Download
memory/1240-156-0x0000000070300000-0x000000007034C000-memory.dmp

Filesize
304KB

Download
memory/2392-70-0x0000000007410000-0x00000000074B4000-memory.dmp

Filesize
656KB

Download
memory/2392-72-0x00000000077A0000-0x00000000077B5000-memory.dmp

Filesize
84KB

Download
memory/2392-71-0x0000000007760000-0x0000000007771000-memory.dmp

Filesize
68KB

Download
memory/2392-60-0x00000000703E0000-0x000000007042C000-memory.dmp

Filesize
304KB

Download
memory/2392-61-0x0000000070560000-0x00000000708B7000-memory.dmp

Filesize
3.3MB

Download
memory/2868-107-0x00000000703E0000-0x000000007042C000-memory.dmp

Filesize
304KB

Download
memory/2868-108-0x0000000070630000-0x0000000070987000-memory.dmp

Filesize
3.3MB

Download
memory/2996-230-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-250-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-221-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-218-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-242-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-238-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-234-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-226-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-199-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-254-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-246-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-214-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-210-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/2996-257-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/3004-134-0x00000000703E0000-0x000000007042C000-memory.dmp

Filesize
304KB

Download
memory/3004-135-0x0000000070560000-0x00000000708B7000-memory.dmp

Filesize
3.3MB

Download
memory/3116-205-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3116-208-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3524-1-0x0000000004930000-0x0000000004D37000-memory.dmp

Filesize
4.0MB

Download
memory/3524-132-0x0000000000400000-0x0000000002B08000-memory.dmp

Filesize
39.0MB

Download
memory/3524-133-0x0000000004D40000-0x000000000562B000-memory.dmp

Filesize
8.9MB

Download
memory/3524-2-0x0000000004D40000-0x000000000562B000-memory.dmp

Filesize
8.9MB

Download
memory/3524-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3524-96-0x0000000004930000-0x0000000004D37000-memory.dmp

Filesize
4.0MB

Download
memory/3524-192-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3784-84-0x0000000005E00000-0x0000000006157000-memory.dmp

Filesize
3.3MB

Download
memory/3784-86-0x00000000703E0000-0x000000007042C000-memory.dmp

Filesize
304KB

Download
memory/3784-87-0x0000000070630000-0x0000000070987000-memory.dmp

Filesize
3.3MB

Download
memory/4824-21-0x0000000005E10000-0x0000000005E2E000-memory.dmp

Filesize
120KB

Download
memory/4824-26-0x0000000070560000-0x00000000708B7000-memory.dmp

Filesize
3.3MB

Download
memory/4824-20-0x0000000005930000-0x0000000005C87000-memory.dmp

Filesize
3.3MB

Download
memory/4824-10-0x00000000058C0000-0x0000000005926000-memory.dmp

Filesize
408KB

Download
memory/4824-9-0x0000000005850000-0x00000000058B6000-memory.dmp

Filesize
408KB

Download
memory/4824-8-0x0000000004F60000-0x0000000004F82000-memory.dmp

Filesize
136KB

Download
memory/4824-22-0x0000000005E60000-0x0000000005EAC000-memory.dmp

Filesize
304KB

Download
memory/4824-6-0x0000000005030000-0x000000000565A000-memory.dmp

Filesize
6.2MB

Download
memory/4824-7-0x0000000074170000-0x0000000074921000-memory.dmp

Filesize
7.7MB

Download
memory/4824-37-0x00000000072B0000-0x0000000007354000-memory.dmp

Filesize
656KB

Download
memory/4824-5-0x0000000004970000-0x00000000049A6000-memory.dmp

Filesize
216KB

Download
memory/4824-45-0x0000000007490000-0x00000000074A5000-memory.dmp

Filesize
84KB

Download
memory/4824-27-0x0000000074170000-0x0000000074921000-memory.dmp

Filesize
7.7MB

Download
memory/4824-4-0x000000007417E000-0x000000007417F000-memory.dmp

Filesize
4KB

Download
memory/4824-23-0x0000000006230000-0x0000000006276000-memory.dmp

Filesize
280KB

Download
memory/4824-19-0x0000000074170000-0x0000000074921000-memory.dmp

Filesize
7.7MB

Download
memory/4824-25-0x00000000703E0000-0x000000007042C000-memory.dmp

Filesize
304KB

Download
memory/4824-24-0x0000000007250000-0x0000000007284000-memory.dmp

Filesize
208KB

Download
memory/4824-36-0x0000000007290000-0x00000000072AE000-memory.dmp

Filesize
120KB

Download
memory/4824-40-0x00000000073D0000-0x00000000073EA000-memory.dmp

Filesize
104KB

Download
memory/4824-38-0x0000000074170000-0x0000000074921000-memory.dmp

Filesize
7.7MB

Download
memory/4824-39-0x0000000007A20000-0x000000000809A000-memory.dmp

Filesize
6.5MB

Download
memory/4824-41-0x0000000007410000-0x000000000741A000-memory.dmp

Filesize
40KB

Download
memory/4824-42-0x0000000007520000-0x00000000075B6000-memory.dmp

Filesize
600KB

Download
memory/4824-43-0x0000000007430000-0x0000000007441000-memory.dmp

Filesize
68KB

Download
memory/4824-44-0x0000000007480000-0x000000000748E000-memory.dmp

Filesize
56KB

Download
memory/4824-46-0x00000000074E0000-0x00000000074FA000-memory.dmp

Filesize
104KB

Download
memory/4824-50-0x0000000074170000-0x0000000074921000-memory.dmp

Filesize
7.7MB

Download
memory/4824-47-0x0000000007500000-0x0000000007508000-memory.dmp

Filesize
32KB

Download