glupteba | ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c

Analysis

max time kernel
3s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
19-05-2024 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe
Size

4.1MB
MD5

8f1e4ee65e57ba509d34471bd128ca9c
SHA1

1193ff42997f774d0d530b80b88db60952a89cde
SHA256

ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c
SHA512

d9f1ea8d7eafe928fe9282da91d15c4f4f59cfc75e62557530c6be950e2654d18d5742bafb52c66ae3a1e135b2fb995faa340dee54184a477124d6f5d9c264be
SSDEEP

98304:UX33DbWGkLHuFK+TwQmBC6reQ4TTNXYvI8KgvjrB0rm:UXPWAwQyCdJYw8Kggm

Score

10^/10

glupteba dropper evasion execution loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 19 IoCs

resource	yara_rule
behavioral2/memory/1316-2-0x0000000004910000-0x00000000051FB000-memory.dmp	family_glupteba
behavioral2/memory/1316-3-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/1316-134-0x0000000004910000-0x00000000051FB000-memory.dmp	family_glupteba
behavioral2/memory/1316-133-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/1316-193-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral2/memory/2896-192-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-200-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-211-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-215-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-219-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-223-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-226-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-231-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-235-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-239-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-242-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-247-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-251-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba
behavioral2/memory/3232-255-0x0000000000400000-0x0000000002733000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3716	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000200000002a9dc-203.dat	upx
behavioral2/memory/3520-206-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/3520-209-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/948-208-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/948-213-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/948-221-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
656	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4224	powershell.exe
2080	powershell.exe
5012	powershell.exe
2356	powershell.exe
4952	powershell.exe
1772	powershell.exe
1724	powershell.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
484	schtasks.exe
3492	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4224	powershell.exe
4224	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4224	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4224	1316	ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe	78
PID 1316 wrote to memory of 4224	1316	ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe	78
PID 1316 wrote to memory of 4224	1316	ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe	78

C:\Users\Admin\AppData\Local\Temp\ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe
"C:\Users\Admin\AppData\Local\Temp\ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4224
- C:\Users\Admin\AppData\Local\Temp\ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe
  "C:\Users\Admin\AppData\Local\Temp\ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c.exe"
  2⤵
  PID:2896
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2080
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:656
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:3716
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5012
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2356
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:3232
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4952
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:484
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:432
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1772
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:4832
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:3492
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:3520
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:3008
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:656

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_k5r3dj45.l5g.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
ebd9a3d3e10b48a311799e017be3aada

SHA1
d6843e3d1fbf0d36c4455caec6908636709b00f5

SHA256
e18d12e5b2402a5a7c3c2af1a4818a33be8c27cbaf911fbba3561512de0b0074

SHA512
8c24ea926c2a06da34a2bd331c4f3a8c92f9808d01e33a2da1e10a2d7e4d909017e887378535ced58c14aaeaeeeb1be5a2ccc1805cf9410ac2fcd8d90df42ec7

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
5de4ad20b0ac457c8cddef4359baf37a

SHA1
0b80db30c09e66ce1b1bd175245df1063ae84200

SHA256
6ee157a9aeec5faece092965bb2c595a5f09770c4115c2a228746ff78ed9a347

SHA512
7a0eced6296e50b74bf4890847e5831b574a3b28e33365713590b32e97f67d7a07536209c62a872ef5ced86977e35bc013fbebb1e2bb52bda5b0e0d372824da4

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
8fa350d3b79195cdf8280f1c73ab0b15

SHA1
0b691807a52a84fc374b5dbc26d3f4dbe1006af9

SHA256
3aa94894b38d81e3c925bfcac26e5e772bc6bfc09c2ac7400581828d7c70a944

SHA512
9d6adccb87d47f48db1f251c66e45fade817d7ea50c3ba2e5b9c7bb76d6ca2e073fbcebba3cea0452d01fcdb23bdecd5f3e67164b2b02f8a2055ecccd1eabf5f

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
dcef8210203364af3a87fb6453a7cc06

SHA1
52ef43a92f0738f69139c0c2eaed7fab38b8fb7a

SHA256
1a30414bb969408a4d748dc0cc69036c8e956128f55f972b8ca94beda8ef5555

SHA512
a5fcf00381f740e8111fef93e9d1bfed65bff7a767a8d1311ad0f9ffb8ad5cc4b4a94cdc6ec38d0bca90a65f64940dc1c6c332a0a42ad466ba8a47e9bbac6c3d

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
718adc6306258e8319d89d933499478c

SHA1
04f73e6a9b383ecdb3b8809b825745195e0d3039

SHA256
61f65260f78eecc5f1833dec70014fbedc1c3815e180a939e9079e3401c385cc

SHA512
542fafb434a0288b34a02737b584c9445e556384d883a7a97d2e9fe87b846d0c3f249ac3f1bba37014c7405fdde542ecaa3a1aa1b477aa9fb0bfdd85947de938

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.1MB

MD5
8f1e4ee65e57ba509d34471bd128ca9c

SHA1
1193ff42997f774d0d530b80b88db60952a89cde

SHA256
ba7e3d962063c2138062e25d31df4a930af2dce4bfcf4439f4d8e650805e907c

SHA512
d9f1ea8d7eafe928fe9282da91d15c4f4f59cfc75e62557530c6be950e2654d18d5742bafb52c66ae3a1e135b2fb995faa340dee54184a477124d6f5d9c264be

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/948-208-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/948-213-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/948-221-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1316-133-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/1316-134-0x0000000004910000-0x00000000051FB000-memory.dmp

Filesize
8.9MB

Download
memory/1316-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1316-1-0x0000000004500000-0x0000000004905000-memory.dmp

Filesize
4.0MB

Download
memory/1316-2-0x0000000004910000-0x00000000051FB000-memory.dmp

Filesize
8.9MB

Download
memory/1316-97-0x0000000004500000-0x0000000004905000-memory.dmp

Filesize
4.0MB

Download
memory/1316-193-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/1724-182-0x0000000070F40000-0x0000000071297000-memory.dmp

Filesize
3.3MB

Download
memory/1724-179-0x0000000005A50000-0x0000000005DA7000-memory.dmp

Filesize
3.3MB

Download
memory/1724-181-0x0000000070DA0000-0x0000000070DEC000-memory.dmp

Filesize
304KB

Download
memory/1772-154-0x0000000005930000-0x0000000005C87000-memory.dmp

Filesize
3.3MB

Download
memory/1772-156-0x0000000005FE0000-0x000000000602C000-memory.dmp

Filesize
304KB

Download
memory/1772-167-0x0000000007180000-0x0000000007224000-memory.dmp

Filesize
656KB

Download
memory/1772-158-0x0000000071770000-0x0000000071AC7000-memory.dmp

Filesize
3.3MB

Download
memory/1772-157-0x0000000070DA0000-0x0000000070DEC000-memory.dmp

Filesize
304KB

Download
memory/1772-168-0x00000000074C0000-0x00000000074D1000-memory.dmp

Filesize
68KB

Download
memory/1772-169-0x0000000005D30000-0x0000000005D45000-memory.dmp

Filesize
84KB

Download
memory/2080-72-0x00000000075B0000-0x00000000075C1000-memory.dmp

Filesize
68KB

Download
memory/2080-61-0x0000000070E80000-0x0000000070ECC000-memory.dmp

Filesize
304KB

Download
memory/2080-73-0x0000000007600000-0x0000000007615000-memory.dmp

Filesize
84KB

Download
memory/2080-60-0x0000000005AE0000-0x0000000005E37000-memory.dmp

Filesize
3.3MB

Download
memory/2080-62-0x0000000071020000-0x0000000071377000-memory.dmp

Filesize
3.3MB

Download
memory/2080-71-0x0000000007280000-0x0000000007324000-memory.dmp

Filesize
656KB

Download
memory/2356-109-0x0000000071020000-0x0000000071377000-memory.dmp

Filesize
3.3MB

Download
memory/2356-108-0x0000000070E80000-0x0000000070ECC000-memory.dmp

Filesize
304KB

Download
memory/2896-192-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-239-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-219-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-255-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-200-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-211-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-226-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-231-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-251-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-215-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-235-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-223-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-242-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3232-247-0x0000000000400000-0x0000000002733000-memory.dmp

Filesize
35.2MB

Download
memory/3520-209-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/3520-206-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4224-8-0x0000000074C10000-0x00000000753C1000-memory.dmp

Filesize
7.7MB

Download
memory/4224-46-0x00000000080F0000-0x000000000810A000-memory.dmp

Filesize
104KB

Download
memory/4224-38-0x0000000074C10000-0x00000000753C1000-memory.dmp

Filesize
7.7MB

Download
memory/4224-40-0x0000000007F30000-0x0000000007F4A000-memory.dmp

Filesize
104KB

Download
memory/4224-21-0x0000000006980000-0x000000000699E000-memory.dmp

Filesize
120KB

Download
memory/4224-22-0x00000000069A0000-0x00000000069EC000-memory.dmp

Filesize
304KB

Download
memory/4224-23-0x0000000006D70000-0x0000000006DB6000-memory.dmp

Filesize
280KB

Download
memory/4224-24-0x0000000007D80000-0x0000000007DB4000-memory.dmp

Filesize
208KB

Download
memory/4224-26-0x00000000710D0000-0x0000000071427000-memory.dmp

Filesize
3.3MB

Download
memory/4224-10-0x00000000061F0000-0x0000000006256000-memory.dmp

Filesize
408KB

Download
memory/4224-27-0x0000000074C10000-0x00000000753C1000-memory.dmp

Filesize
7.7MB

Download
memory/4224-11-0x0000000006450000-0x00000000064B6000-memory.dmp

Filesize
408KB

Download
memory/4224-9-0x00000000059D0000-0x00000000059F2000-memory.dmp

Filesize
136KB

Download
memory/4224-39-0x0000000008570000-0x0000000008BEA000-memory.dmp

Filesize
6.5MB

Download
memory/4224-25-0x0000000070E80000-0x0000000070ECC000-memory.dmp

Filesize
304KB

Download
memory/4224-41-0x0000000007F70000-0x0000000007F7A000-memory.dmp

Filesize
40KB

Download
memory/4224-6-0x0000000005B50000-0x000000000617A000-memory.dmp

Filesize
6.2MB

Download
memory/4224-42-0x0000000008030000-0x00000000080C6000-memory.dmp

Filesize
600KB

Download
memory/4224-37-0x0000000007E00000-0x0000000007EA4000-memory.dmp

Filesize
656KB

Download
memory/4224-7-0x0000000074C10000-0x00000000753C1000-memory.dmp

Filesize
7.7MB

Download
memory/4224-36-0x0000000007DE0000-0x0000000007DFE000-memory.dmp

Filesize
120KB

Download
memory/4224-5-0x00000000054C0000-0x00000000054F6000-memory.dmp

Filesize
216KB

Download
memory/4224-50-0x0000000074C10000-0x00000000753C1000-memory.dmp

Filesize
7.7MB

Download
memory/4224-47-0x00000000080D0000-0x00000000080D8000-memory.dmp

Filesize
32KB

Download
memory/4224-4-0x0000000074C1E000-0x0000000074C1F000-memory.dmp

Filesize
4KB

Download
memory/4224-20-0x00000000064C0000-0x0000000006817000-memory.dmp

Filesize
3.3MB

Download
memory/4224-45-0x0000000007FF0000-0x0000000008005000-memory.dmp

Filesize
84KB

Download
memory/4224-44-0x0000000007FE0000-0x0000000007FEE000-memory.dmp

Filesize
56KB

Download
memory/4224-43-0x0000000007FB0000-0x0000000007FC1000-memory.dmp

Filesize
68KB

Download
memory/4952-135-0x0000000070E80000-0x0000000070ECC000-memory.dmp

Filesize
304KB

Download
memory/4952-136-0x0000000071020000-0x0000000071377000-memory.dmp

Filesize
3.3MB

Download
memory/5012-85-0x00000000056E0000-0x0000000005A37000-memory.dmp

Filesize
3.3MB

Download
memory/5012-87-0x0000000070E80000-0x0000000070ECC000-memory.dmp

Filesize
304KB

Download
memory/5012-88-0x0000000071030000-0x0000000071387000-memory.dmp

Filesize
3.3MB

Download