Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    11s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2024, 01:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b.exe

  • Size

    4.1MB

  • MD5

    a9ff8e69692def51525760f51284539a

  • SHA1

    dcb401e525396487ee3f19c4892c8e75f10da42f

  • SHA256

    6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b

  • SHA512

    be71258a9d21904eaaa9d4b9363547cdf16977283f13b97c19b562a811fe415abd2f263ce569c02b0e47f6917b29fe16004e1666a2df27a23423cf3d2ab0e1a4

  • SSDEEP

    98304:8rbgSYZm0VZ47d2LjXdY+WeqK35WW/TEhU3Gu22L:8rcnZFqd2LRPP3hYhQZL

Score
10/10
gluptebadiscoverydropperevasionexecutionloaderpersistenceupx

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 19 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 5 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

    Using powershell.exe command.

    execution
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b.exe
    "C:\Users\Admin\AppData\Local\Temp\6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3044
    • C:\Users\Admin\AppData\Local\Temp\6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b.exe
      "C:\Users\Admin\AppData\Local\Temp\6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4980
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2356
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4004
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          PID:4820
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1144
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -nologo -noprofile
        3⤵
        • Drops file in System32 directory
        • Command and Scripting Interpreter: PowerShell
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3808
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4384
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -nologo -noprofile
          4⤵
          • Drops file in System32 directory
          • Command and Scripting Interpreter: PowerShell
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:5072
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Creates scheduled task(s)
          PID:1328
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:4004
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Command and Scripting Interpreter: PowerShell
            PID:4908
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            4⤵
            • Command and Scripting Interpreter: PowerShell
            PID:4180
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
              PID:4736
            • C:\Windows\SYSTEM32\schtasks.exe
              schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
              4⤵
              • Creates scheduled task(s)
              PID:1384
            • C:\Windows\windefender.exe
              "C:\Windows\windefender.exe"
              4⤵
                PID:5112
                • C:\Windows\SysWOW64\cmd.exe
                  cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                  5⤵
                    PID:2964
                    • C:\Windows\SysWOW64\sc.exe
                      sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                      6⤵
                      • Launches sc.exe
                      PID:2356
          • C:\Windows\windefender.exe
            C:\Windows\windefender.exe
            1⤵
              PID:2672

            Network

            MITRE ATT&CK Enterprise v15

            Reconnaissance

            Resource Development

            Initial Access

            Execution

            Command and Scripting Interpreter

            1
            T1059

            PowerShell

            1
            T1059.001

            Scheduled Task/Job

            1
            T1053

            Persistence

            Boot or Logon Autostart Execution

            1
            T1547

            Registry Run Keys / Startup Folder

            1
            T1547.001

            Create or Modify System Process

            1
            T1543

            Windows Service

            1
            T1543.003

            Scheduled Task/Job

            1
            T1053

            Privilege Escalation

            Boot or Logon Autostart Execution

            1
            T1547

            Registry Run Keys / Startup Folder

            1
            T1547.001

            Create or Modify System Process

            1
            T1543

            Windows Service

            1
            T1543.003

            Scheduled Task/Job

            1
            T1053

            Defense Evasion

            Impair Defenses

            1
            T1562

            Disable or Modify System Firewall

            1
            T1562.004

            Modify Registry

            1
            T1112

            Credential Access

            Discovery

            Query Registry

            2
            T1012

            System Information Discovery

            1
            T1082

            Lateral Movement

            Collection

            Command and Control

            Exfiltration

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2kkmvzo4.seb.ps1
              Filesize

              60B

              MD5

              d17fe0a3f47be24a6453e9ef58c94641

              SHA1

              6ab83620379fc69f80c0242105ddffd7d98d5d9d

              SHA256

              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

              SHA512

              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
              Filesize

              281KB

              MD5

              d98e33b66343e7c96158444127a117f6

              SHA1

              bb716c5509a2bf345c6c1152f6e3e1452d39d50d

              SHA256

              5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

              SHA512

              705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
              Filesize

              2KB

              MD5

              3d086a433708053f9bf9523e1d87a4e8

              SHA1

              b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

              SHA256

              6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

              SHA512

              931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              026ac2f7d7d2ab45c41f8b300adcb697

              SHA1

              f6dd9232772cf47703637c67b3f667b42f05c5c3

              SHA256

              13c682f4957406a7a56234505b7edec33cd510b69aaa04d956844014f1c0ed0e

              SHA512

              89f868462efff44c99264d2fcffdc33faaf096619e50d9b2c32400471daea8996e50b7a7d87acf59514c17520f8f398df8d1914957109b56dc54eeed7aea6a51

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              9c2e10ef176785ff6f29e05bf4299e6a

              SHA1

              8c47776d79c17c991bf1f30b63bba0ffdcd92ce9

              SHA256

              af07d72890a2f3c541123dc52667aea9d8fda7e1216c82aba04fffb0e0d5232c

              SHA512

              f92b4e09c34a3b87965af994ec84e615c9ea7ef89d7781312758176adb6b1be9614b312f0c4820abf0cb64057b0ece6c7f281594c94ec3010ec3952ba2ffcf49

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              236f9094a4bed6c692dc2e0984a76cf7

              SHA1

              002a2f0a4dd43fb53c020350c192d52fc12061fe

              SHA256

              84ef63ccf2304274b8eb7f4897fd079fa80d01c11c1fa1bf776405bbaccfba2f

              SHA512

              e8f074a1f91c5e5fdcbec050c85969a2245fcb4cc637b0801e436715c0acbb7ab53dd7e8e698cfc53c990a463836172c3171cbef89813d54665b4e5186f169f8

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              8b5cb71c80143d4329d905ef567e6c25

              SHA1

              6b9b8c36c24ea7730c6bcb82c8947bdfd3408bb9

              SHA256

              43d1d13e02261a1a10bb992ca6d5cf6e475837d1e0d70be797b55ac4d3904d6f

              SHA512

              a254963857aac87a6b139cd96a8a2bd5eaf898a60942b49e4a0247cb514e40589eb8288e764eba80abf5e01b9753ddf740acf2e9f23986d07449f946e0dda9b1

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
              Filesize

              19KB

              MD5

              7664b4b155431f1a98326e6cf40768bb

              SHA1

              3b48a2f1242550c572b2f11b5804c0ef5fa5f862

              SHA256

              c220a6b5df27e0685f0c6b6667b59b340d31178066b0ea576ed9821c986ad74c

              SHA512

              936222a99321bf96a175318597f4e43a22c8ce813e64995490e1466b90f39b892e010af85b42c49b5036b13d31f4cd3a6101fd5f54ff1880e39ec78c6811aba8

              Download Submit

            • C:\Windows\rss\csrss.exe
              Filesize

              4.1MB

              MD5

              a9ff8e69692def51525760f51284539a

              SHA1

              dcb401e525396487ee3f19c4892c8e75f10da42f

              SHA256

              6f18a37dff3bd99962843de1a8842fe97b75c60c980ed62b2a0e414864552c1b

              SHA512

              be71258a9d21904eaaa9d4b9363547cdf16977283f13b97c19b562a811fe415abd2f263ce569c02b0e47f6917b29fe16004e1666a2df27a23423cf3d2ab0e1a4

              Download Submit

            • C:\Windows\windefender.exe
              Filesize

              2.0MB

              MD5

              8e67f58837092385dcf01e8a2b4f5783

              SHA1

              012c49cfd8c5d06795a6f67ea2baf2a082cf8625

              SHA256

              166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

              SHA512

              40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

              Download Submit

            • memory/1144-93-0x000000006FED0000-0x000000006FF1C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/1144-94-0x0000000070650000-0x00000000709A4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/1144-91-0x0000000005E20000-0x0000000006174000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/2356-64-0x00000000063B0000-0x0000000006704000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/2356-78-0x0000000007D00000-0x0000000007D14000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2356-77-0x0000000007CB0000-0x0000000007CC1000-memory.dmp

              Filesize

              68KB

              Download

            • memory/2356-65-0x000000006FED0000-0x000000006FF1C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/2356-76-0x0000000007960000-0x0000000007A03000-memory.dmp

              Filesize

              652KB

              Download

            • memory/2356-66-0x0000000070050000-0x00000000703A4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/2672-229-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/2672-237-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/2672-223-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/3044-28-0x0000000007900000-0x0000000007932000-memory.dmp

              Filesize

              200KB

              Download

            • memory/3044-27-0x0000000007740000-0x000000000775A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/3044-44-0x0000000007A50000-0x0000000007A5A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/3044-43-0x0000000074030000-0x00000000747E0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/3044-41-0x0000000074030000-0x00000000747E0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/3044-45-0x0000000007B10000-0x0000000007BA6000-memory.dmp

              Filesize

              600KB

              Download

            • memory/3044-46-0x0000000007A70000-0x0000000007A81000-memory.dmp

              Filesize

              68KB

              Download

            • memory/3044-47-0x0000000007AB0000-0x0000000007ABE000-memory.dmp

              Filesize

              56KB

              Download

            • memory/3044-49-0x0000000007BB0000-0x0000000007BCA000-memory.dmp

              Filesize

              104KB

              Download

            • memory/3044-50-0x0000000007B00000-0x0000000007B08000-memory.dmp

              Filesize

              32KB

              Download

            • memory/3044-48-0x0000000007AC0000-0x0000000007AD4000-memory.dmp

              Filesize

              80KB

              Download

            • memory/3044-53-0x0000000074030000-0x00000000747E0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/3044-4-0x000000007403E000-0x000000007403F000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3044-30-0x0000000070480000-0x00000000707D4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/3044-40-0x0000000007940000-0x000000000795E000-memory.dmp

              Filesize

              120KB

              Download

            • memory/3044-29-0x000000006FED0000-0x000000006FF1C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/3044-26-0x0000000007DA0000-0x000000000841A000-memory.dmp

              Filesize

              6.5MB

              Download

            • memory/3044-6-0x0000000074030000-0x00000000747E0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/3044-25-0x00000000076A0000-0x0000000007716000-memory.dmp

              Filesize

              472KB

              Download

            • memory/3044-24-0x00000000074F0000-0x0000000007534000-memory.dmp

              Filesize

              272KB

              Download

            • memory/3044-23-0x00000000063C0000-0x000000000640C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/3044-22-0x0000000006380000-0x000000000639E000-memory.dmp

              Filesize

              120KB

              Download

            • memory/3044-21-0x0000000005DE0000-0x0000000006134000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/3044-10-0x0000000005C90000-0x0000000005CF6000-memory.dmp

              Filesize

              408KB

              Download

            • memory/3044-8-0x0000000074030000-0x00000000747E0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/3044-7-0x0000000005430000-0x0000000005A58000-memory.dmp

              Filesize

              6.2MB

              Download

            • memory/3044-11-0x0000000005D70000-0x0000000005DD6000-memory.dmp

              Filesize

              408KB

              Download

            • memory/3044-9-0x00000000053F0000-0x0000000005412000-memory.dmp

              Filesize

              136KB

              Download

            • memory/3044-5-0x0000000004DB0000-0x0000000004DE6000-memory.dmp

              Filesize

              216KB

              Download

            • memory/3044-42-0x0000000007960000-0x0000000007A03000-memory.dmp

              Filesize

              652KB

              Download

            • memory/3808-115-0x000000006FED0000-0x000000006FF1C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/3808-116-0x0000000070050000-0x00000000703A4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/4180-195-0x000000006FDF0000-0x000000006FE3C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/4180-196-0x00000000705A0000-0x00000000708F4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/4180-193-0x00000000062A0000-0x00000000065F4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/4384-215-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-227-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-270-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-267-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-263-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-259-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-255-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-251-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-247-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-243-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-239-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-235-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4384-231-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4900-2-0x00000000043B0000-0x0000000004C9B000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/4900-213-0x0000000000400000-0x0000000000D1C000-memory.dmp

              Filesize

              9.1MB

              Download

            • memory/4900-153-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/4900-155-0x00000000043B0000-0x0000000004C9B000-memory.dmp

              Filesize

              8.9MB

              Download

            • memory/4900-1-0x0000000003FB0000-0x00000000043AB000-memory.dmp

              Filesize

              4.0MB

              Download

            • memory/4900-154-0x0000000003FB0000-0x00000000043AB000-memory.dmp

              Filesize

              4.0MB

              Download

            • memory/4900-3-0x0000000000400000-0x0000000000D1C000-memory.dmp

              Filesize

              9.1MB

              Download

            • memory/4908-165-0x0000000005890000-0x0000000005BE4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/4908-169-0x000000006FDF0000-0x000000006FE3C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/4908-168-0x00000000062A0000-0x00000000062EC000-memory.dmp

              Filesize

              304KB

              Download

            • memory/4908-182-0x0000000005D20000-0x0000000005D34000-memory.dmp

              Filesize

              80KB

              Download

            • memory/4908-181-0x0000000007480000-0x0000000007491000-memory.dmp

              Filesize

              68KB

              Download

            • memory/4908-170-0x0000000070580000-0x00000000708D4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/4908-180-0x0000000007190000-0x0000000007233000-memory.dmp

              Filesize

              652KB

              Download

            • memory/4980-212-0x0000000000400000-0x0000000002361000-memory.dmp

              Filesize

              31.4MB

              Download

            • memory/5072-142-0x000000006FED0000-0x000000006FF1C000-memory.dmp

              Filesize

              304KB

              Download

            • memory/5072-143-0x0000000070650000-0x00000000709A4000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/5112-224-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download

            • memory/5112-220-0x0000000000400000-0x00000000008DF000-memory.dmp

              Filesize

              4.9MB

              Download