Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    1s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 01:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0db4410289fb1727f206846a566d2687982266a747359bcce2dbc9675c5b1b1.exe

  • Size

    4.1MB

  • MD5

    b72a05c666edee4876ab8ceb408bcb1f

  • SHA1

    5ba470aef5c716042678b369e3bf13d00cc8fb7c

  • SHA256

    e0db4410289fb1727f206846a566d2687982266a747359bcce2dbc9675c5b1b1

  • SHA512

    0f623072b94ff70844a37ee310abff2faea3955c8fa271ac6a7a60c37cb9d7b3cee57e731abd787a39bbe8ba31def63c5c57de4b91b3758d47187f5a16ad16a6

  • SSDEEP

    98304:CQGLdTw13YmTlGi/xMFRAVNS6wnhY59m5e0z8345H:CLpT0YNaxn5wu5s59Y2

Score
10/10
gluptebadropperevasionexecutionloaderupx

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 8 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

    Using powershell.exe command.

    execution
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0db4410289fb1727f206846a566d2687982266a747359bcce2dbc9675c5b1b1.exe
    "C:\Users\Admin\AppData\Local\Temp\e0db4410289fb1727f206846a566d2687982266a747359bcce2dbc9675c5b1b1.exe"
    1⤵
      PID:4836
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        2⤵
        • Command and Scripting Interpreter: PowerShell
        PID:4204
      • C:\Users\Admin\AppData\Local\Temp\e0db4410289fb1727f206846a566d2687982266a747359bcce2dbc9675c5b1b1.exe
        "C:\Users\Admin\AppData\Local\Temp\e0db4410289fb1727f206846a566d2687982266a747359bcce2dbc9675c5b1b1.exe"
        2⤵
          PID:5040
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            3⤵
            • Command and Scripting Interpreter: PowerShell
            PID:1460
          • C:\Windows\system32\cmd.exe
            C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
            3⤵
              PID:5104
              • C:\Windows\system32\netsh.exe
                netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                4⤵
                • Modifies Windows Firewall
                PID:4260
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -nologo -noprofile
              3⤵
              • Command and Scripting Interpreter: PowerShell
              PID:428
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -nologo -noprofile
              3⤵
              • Command and Scripting Interpreter: PowerShell
              PID:3280
            • C:\Windows\rss\csrss.exe
              C:\Windows\rss\csrss.exe
              3⤵
                PID:4676
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell -nologo -noprofile
                  4⤵
                  • Command and Scripting Interpreter: PowerShell
                  PID:3152
                • C:\Windows\SYSTEM32\schtasks.exe
                  schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                  4⤵
                  • Creates scheduled task(s)
                  PID:440
                • C:\Windows\SYSTEM32\schtasks.exe
                  schtasks /delete /tn ScheduledUpdate /f
                  4⤵
                    PID:2348
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -nologo -noprofile
                    4⤵
                    • Command and Scripting Interpreter: PowerShell
                    PID:5116
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -nologo -noprofile
                    4⤵
                    • Command and Scripting Interpreter: PowerShell
                    PID:2276
                  • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                    C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                    4⤵
                      PID:2036
                    • C:\Windows\SYSTEM32\schtasks.exe
                      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                      4⤵
                      • Creates scheduled task(s)
                      PID:1836
                    • C:\Windows\windefender.exe
                      "C:\Windows\windefender.exe"
                      4⤵
                        PID:1996
                        • C:\Windows\SysWOW64\cmd.exe
                          cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                          5⤵
                            PID:4144
                            • C:\Windows\SysWOW64\sc.exe
                              sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                              6⤵
                              • Launches sc.exe
                              PID:4520
                  • C:\Windows\windefender.exe
                    C:\Windows\windefender.exe
                    1⤵
                      PID:4080

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hdcs2meh.o0n.ps1
                      Filesize

                      60B

                      MD5

                      d17fe0a3f47be24a6453e9ef58c94641

                      SHA1

                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                      SHA256

                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                      SHA512

                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                      Filesize

                      281KB

                      MD5

                      d98e33b66343e7c96158444127a117f6

                      SHA1

                      bb716c5509a2bf345c6c1152f6e3e1452d39d50d

                      SHA256

                      5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

                      SHA512

                      705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

                      Download Submit

                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                      Filesize

                      2KB

                      MD5

                      968cb9309758126772781b83adb8a28f

                      SHA1

                      8da30e71accf186b2ba11da1797cf67f8f78b47c

                      SHA256

                      92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                      SHA512

                      4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                      Download Submit

                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                      Filesize

                      19KB

                      MD5

                      d470ccbde95bbccd38376fad0856e2d3

                      SHA1

                      c406ddb2fe200280f7f38a76920d4033cde5d2ce

                      SHA256

                      125f03776e8fb16ab25791b164b1bc34a4754e2d2b62a50378f5e07ca19b4ad5

                      SHA512

                      0434b0fb93d2564743395a9d4f41a4e7ca44674cde29306aefe8fb31faed61a3a6f86e5cb541a0b7d33e58a67f0b818db959dd3a191c131c060645fd95a67cb1

                      Download Submit

                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                      Filesize

                      19KB

                      MD5

                      e550514372648986ea69e1695d2c599a

                      SHA1

                      381a3451999a4c1ffce7850bc3f895dcc6cf2f7d

                      SHA256

                      9b6b9132225eb277b433a7df60cbabb42de40349917ab45c9f396430281ca560

                      SHA512

                      4df6cfe46d0bdf390fcfd236750a34474fc80fd8667cb173c41e051200c680ebd489ced6920a7fa752b75fc407e79fb93949d1b8344dd7117731ba9932a94d72

                      Download Submit

                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                      Filesize

                      19KB

                      MD5

                      71f9c36a74b43bd3cf7c353577be97e7

                      SHA1

                      b67eaceb24a97b57c579631fc0cfac074c88c1e6

                      SHA256

                      f82c6331b8a44ffba4ad9f3ae683fec301459f07d9e4228252f466327eba0d48

                      SHA512

                      7f6dec3a20194d75051652c186d99c19f3bd4bb9e33d07ba773fd38a10898934ecd4d869a35cb4044f2e0bb6d7285bc716ab2778f1826a8bf741dc9588a13fa3

                      Download Submit

                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                      Filesize

                      19KB

                      MD5

                      461805dddf17144b9e4e22c1d80f7dc0

                      SHA1

                      592cdb746b85a2f285ad753f4f4a8faa14519401

                      SHA256

                      497ad5adaa3ad503148fc205ebd81b6c9e4a4e29fd5f624e1f8835426ed719bf

                      SHA512

                      15a281985158fc20eaa04b7cac9a62493439a2c7d2535ac3104a005ed007f80e11b6bb47837f121ecffc23bc187ae4206d9b1ef088b7402f02fc97d2951f73a6

                      Download Submit

                    • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                      Filesize

                      19KB

                      MD5

                      5ed0d242babdb09d3b658b485e97b690

                      SHA1

                      d9943feb0d94d6cd284b08e9d506f33c7a5bb4d3

                      SHA256

                      bd704040b991c64dbc7adfee3457124453f2900bd9a2694a6fe5c35c5be6d810

                      SHA512

                      e23e57384484935f7799f961e697777f3612b50c5ceab84ed72971e2073a298a885b56dcf60153955f94c72ec296fecdd85cf83d1ad42ffbc11ccfb736dd65ee

                      Download Submit

                    • C:\Windows\rss\csrss.exe
                      Filesize

                      2.1MB

                      MD5

                      c5333a76e16f0570527e8c7256a0e13b

                      SHA1

                      3fd24cf50817ad30e8453a63d685af2f07454490

                      SHA256

                      740b5f1bd12033a36810f92b28b21689c8a5f4ebfb4f5dbf60722176d15d29c2

                      SHA512

                      0a3df1e9ac3dc456dd60f908cb9d9ae547e7cb20f09d12827dae34f8f51a0abdf4450a80ae42ba123d8d18de5d11601e8fcac3e59591933b942b0aeed2c0675c

                      Download Submit

                    • C:\Windows\windefender.exe
                      Filesize

                      2.0MB

                      MD5

                      8e67f58837092385dcf01e8a2b4f5783

                      SHA1

                      012c49cfd8c5d06795a6f67ea2baf2a082cf8625

                      SHA256

                      166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

                      SHA512

                      40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

                      Download Submit

                    • memory/428-94-0x0000000070FA0000-0x00000000712F4000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/428-93-0x0000000070820000-0x000000007086C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/428-91-0x0000000005990000-0x0000000005CE4000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/1460-62-0x0000000005680000-0x00000000059D4000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/1460-78-0x0000000007300000-0x0000000007314000-memory.dmp

                      Filesize

                      80KB

                      Download

                    • memory/1460-77-0x00000000072B0000-0x00000000072C1000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/1460-76-0x0000000006F80000-0x0000000007023000-memory.dmp

                      Filesize

                      652KB

                      Download

                    • memory/1460-66-0x0000000070FC0000-0x0000000071314000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/1460-65-0x0000000070820000-0x000000007086C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/1996-222-0x0000000000400000-0x00000000008DF000-memory.dmp

                      Filesize

                      4.9MB

                      Download

                    • memory/1996-224-0x0000000000400000-0x00000000008DF000-memory.dmp

                      Filesize

                      4.9MB

                      Download

                    • memory/2276-197-0x00000000708C0000-0x0000000070C14000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/2276-196-0x0000000070740000-0x000000007078C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/2276-194-0x0000000006150000-0x00000000064A4000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/3152-146-0x0000000070820000-0x000000007086C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/3152-147-0x0000000070FD0000-0x0000000071324000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/3152-141-0x00000000054D0000-0x0000000005824000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/3280-119-0x0000000070FA0000-0x00000000712F4000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/3280-118-0x0000000070820000-0x000000007086C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/4080-237-0x0000000000400000-0x00000000008DF000-memory.dmp

                      Filesize

                      4.9MB

                      Download

                    • memory/4080-229-0x0000000000400000-0x00000000008DF000-memory.dmp

                      Filesize

                      4.9MB

                      Download

                    • memory/4080-225-0x0000000000400000-0x00000000008DF000-memory.dmp

                      Filesize

                      4.9MB

                      Download

                    • memory/4204-6-0x00000000055F0000-0x0000000005C18000-memory.dmp

                      Filesize

                      6.2MB

                      Download

                    • memory/4204-8-0x0000000074980000-0x0000000075130000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4204-44-0x0000000007AD0000-0x0000000007ADA000-memory.dmp

                      Filesize

                      40KB

                      Download

                    • memory/4204-41-0x00000000079C0000-0x00000000079DE000-memory.dmp

                      Filesize

                      120KB

                      Download

                    • memory/4204-29-0x0000000070820000-0x000000007086C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/4204-26-0x0000000007E30000-0x00000000084AA000-memory.dmp

                      Filesize

                      6.5MB

                      Download

                    • memory/4204-27-0x00000000077D0000-0x00000000077EA000-memory.dmp

                      Filesize

                      104KB

                      Download

                    • memory/4204-25-0x0000000007730000-0x00000000077A6000-memory.dmp

                      Filesize

                      472KB

                      Download

                    • memory/4204-24-0x0000000006970000-0x00000000069B4000-memory.dmp

                      Filesize

                      272KB

                      Download

                    • memory/4204-23-0x0000000006440000-0x000000000648C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/4204-22-0x0000000006400000-0x000000000641E000-memory.dmp

                      Filesize

                      120KB

                      Download

                    • memory/4204-9-0x0000000005530000-0x0000000005552000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4204-10-0x0000000005D10000-0x0000000005D76000-memory.dmp

                      Filesize

                      408KB

                      Download

                    • memory/4204-21-0x0000000005EF0000-0x0000000006244000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/4204-53-0x0000000074980000-0x0000000075130000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4204-46-0x0000000007AF0000-0x0000000007B01000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/4204-50-0x0000000007B80000-0x0000000007B88000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4204-49-0x0000000007C30000-0x0000000007C4A000-memory.dmp

                      Filesize

                      104KB

                      Download

                    • memory/4204-45-0x0000000007B90000-0x0000000007C26000-memory.dmp

                      Filesize

                      600KB

                      Download

                    • memory/4204-11-0x0000000005D80000-0x0000000005DE6000-memory.dmp

                      Filesize

                      408KB

                      Download

                    • memory/4204-48-0x0000000007B40000-0x0000000007B54000-memory.dmp

                      Filesize

                      80KB

                      Download

                    • memory/4204-4-0x000000007498E000-0x000000007498F000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4204-47-0x0000000007B30000-0x0000000007B3E000-memory.dmp

                      Filesize

                      56KB

                      Download

                    • memory/4204-28-0x0000000007980000-0x00000000079B2000-memory.dmp

                      Filesize

                      200KB

                      Download

                    • memory/4204-5-0x0000000002E30000-0x0000000002E66000-memory.dmp

                      Filesize

                      216KB

                      Download

                    • memory/4204-43-0x0000000074980000-0x0000000075130000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4204-31-0x0000000074980000-0x0000000075130000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4204-42-0x00000000079E0000-0x0000000007A83000-memory.dmp

                      Filesize

                      652KB

                      Download

                    • memory/4204-7-0x0000000074980000-0x0000000075130000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4204-30-0x00000000709A0000-0x0000000070CF4000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/4676-235-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-239-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-247-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-251-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-255-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-259-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-243-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-231-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-263-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-216-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-227-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-267-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4676-271-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4836-117-0x0000000004950000-0x000000000523B000-memory.dmp

                      Filesize

                      8.9MB

                      Download

                    • memory/4836-116-0x0000000004540000-0x0000000004946000-memory.dmp

                      Filesize

                      4.0MB

                      Download

                    • memory/4836-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

                      Filesize

                      9.1MB

                      Download

                    • memory/4836-208-0x0000000000400000-0x0000000000D1C000-memory.dmp

                      Filesize

                      9.1MB

                      Download

                    • memory/4836-1-0x0000000004540000-0x0000000004946000-memory.dmp

                      Filesize

                      4.0MB

                      Download

                    • memory/4836-115-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/4836-2-0x0000000004950000-0x000000000523B000-memory.dmp

                      Filesize

                      8.9MB

                      Download

                    • memory/5040-207-0x0000000000400000-0x0000000002732000-memory.dmp

                      Filesize

                      35.2MB

                      Download

                    • memory/5116-182-0x0000000007480000-0x0000000007491000-memory.dmp

                      Filesize

                      68KB

                      Download

                    • memory/5116-171-0x00000000708F0000-0x0000000070C44000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/5116-181-0x0000000007140000-0x00000000071E3000-memory.dmp

                      Filesize

                      652KB

                      Download

                    • memory/5116-169-0x0000000005F40000-0x0000000005F8C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/5116-164-0x0000000005940000-0x0000000005C94000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/5116-170-0x0000000070740000-0x000000007078C000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/5116-183-0x0000000005CF0000-0x0000000005D04000-memory.dmp

                      Filesize

                      80KB

                      Download