Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2024, 18:42 UTC

General

  • Target

    JaffaCakes118_7698f71461f6be19bcd08b58ab7e4c2f7e226bb1410fa3fa5902445846a7edba.exe

  • Size

    4.3MB

  • MD5

    96fd0f878771bed5078fa43d497be8d9

  • SHA1

    f0becdf26b1df6e4443d4484f0404eb54eaf0f94

  • SHA256

    7698f71461f6be19bcd08b58ab7e4c2f7e226bb1410fa3fa5902445846a7edba

  • SHA512

    98aec4a75643d13afef1f0625a4a08a8aec642890efe51275d3e8f5fde2ca69b528470e4abcb145359864b53cc63cbe81c401a86bedea35aaa9111a4583acace

  • SSDEEP

    98304:D3xSkZ/7Oc7vzvTI3Uel/dxYHiv9V7kSwrQrF3+o1Cy0:zb/q2vzvs3Uod6I9azrQrZk

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba family
  • Glupteba payload 20 IoCs
  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Manipulates WinMonFS driver. 1 IoCs

    Roottkits write to WinMonFS to hide directories/files from being detected.

  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7698f71461f6be19bcd08b58ab7e4c2f7e226bb1410fa3fa5902445846a7edba.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7698f71461f6be19bcd08b58ab7e4c2f7e226bb1410fa3fa5902445846a7edba.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3572
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7698f71461f6be19bcd08b58ab7e4c2f7e226bb1410fa3fa5902445846a7edba.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7698f71461f6be19bcd08b58ab7e4c2f7e226bb1410fa3fa5902445846a7edba.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4448
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1892
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          • Event Triggered Execution: Netsh Helper DLL
          PID:2456
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe /305-305
        3⤵
        • Executes dropped EXE
        • Manipulates WinMonFS driver.
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3844
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Scheduled Task/Job: Scheduled Task
          PID:3848
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:2996
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:3276
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 892
          3⤵
          • Program crash
          PID:968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4448 -ip 4448
      1⤵
        PID:368

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        228.249.119.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        228.249.119.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.144.22.2.in-addr.arpa
        IN PTR
        Response
        81.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-81deploystaticakamaitechnologiescom
      • flag-us
        DNS
        20.160.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        20.160.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        trumops.com
        IN TXT
        Response
        trumops.com
        IN TXT
        .v=spf1 include:_incspfcheck.mailspike.net ?all
      • flag-us
        DNS
        retoti.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        retoti.com
        IN TXT
        Response
        retoti.com
        IN TXT
        .v=spf1 include:_incspfcheck.mailspike.net ?all
      • flag-us
        DNS
        logs.trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        logs.trumops.com
        IN TXT
        Response
      • flag-us
        DNS
        logs.retoti.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        logs.retoti.com
        IN TXT
        Response
      • flag-us
        DNS
        5ea1c33f-2451-467e-aa89-1bd9d2f7df4c.uuid.trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        5ea1c33f-2451-467e-aa89-1bd9d2f7df4c.uuid.trumops.com
        IN TXT
        Response
      • flag-us
        DNS
        server4.trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        server4.trumops.com
        IN A
        Response
        server4.trumops.com
        IN A
        44.221.84.105
      • flag-us
        DNS
        105.84.221.44.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        105.84.221.44.in-addr.arpa
        IN PTR
        Response
        105.84.221.44.in-addr.arpa
        IN PTR
        ec2-44-221-84-105 compute-1 amazonawscom
      • flag-us
        DNS
        212.20.149.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        212.20.149.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        21.49.80.91.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.49.80.91.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        154.239.44.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        154.239.44.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.49.80.91.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.49.80.91.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        server4.retoti.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        server4.retoti.com
        IN A
        Response
        server4.retoti.com
        IN A
        44.221.84.105
      • flag-us
        DNS
        raw.githubusercontent.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        raw.githubusercontent.com
        IN A
        Response
        raw.githubusercontent.com
        IN A
        185.199.108.133
        raw.githubusercontent.com
        IN A
        185.199.109.133
        raw.githubusercontent.com
        IN A
        185.199.110.133
        raw.githubusercontent.com
        IN A
        185.199.111.133
      • flag-us
        DNS
        19.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        alviss.coinjoined.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        alviss.coinjoined.com
        IN A
        Response
        alviss.coinjoined.com
        IN A
        128.140.49.4
      • flag-us
        DNS
        e2.keff.org
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        e2.keff.org
        IN A
        Response
        e2.keff.org
        IN A
        45.154.252.100
      • flag-us
        DNS
        133.108.199.185.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.108.199.185.in-addr.arpa
        IN PTR
        Response
        133.108.199.185.in-addr.arpa
        IN PTR
        cdn-185-199-108-133githubcom
      • flag-us
        DNS
        4.49.140.128.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        4.49.140.128.in-addr.arpa
        IN PTR
        Response
        4.49.140.128.in-addr.arpa
        IN PTR
        static449140128clients your-serverde
      • flag-us
        DNS
        2electrumx.hopto.me
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        2electrumx.hopto.me
        IN A
        Response
        2electrumx.hopto.me
        IN A
        8.8.8.8
      • flag-us
        DNS
        38.6.93.142.in-addr.arpa
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        38.6.93.142.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        skbxmit.coinjoined.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        skbxmit.coinjoined.com
        IN A
        Response
        skbxmit.coinjoined.com
        IN A
        49.12.38.161
      • flag-us
        DNS
        161.38.12.49.in-addr.arpa
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        161.38.12.49.in-addr.arpa
        IN PTR
        Response
        161.38.12.49.in-addr.arpa
        IN PTR
        static161381249clients your-serverde
      • flag-us
        DNS
        104.65.78.5.in-addr.arpa
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        104.65.78.5.in-addr.arpa
        IN PTR
        Response
        104.65.78.5.in-addr.arpa
        IN PTR
        static10465785clients your-serverde
      • flag-us
        DNS
        self.events.data.microsoft.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        self.events.data.microsoft.com
        IN A
        Response
        self.events.data.microsoft.com
        IN CNAME
        self-events-data.trafficmanager.net
        self-events-data.trafficmanager.net
        IN CNAME
        onedscolprduks04.uksouth.cloudapp.azure.com
        onedscolprduks04.uksouth.cloudapp.azure.com
        IN A
        51.104.15.253
      • flag-us
        DNS
        253.15.104.51.in-addr.arpa
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        253.15.104.51.in-addr.arpa
        IN PTR
        Response
      • 44.221.84.105:443
        server4.trumops.com
        tls
        csrss.exe
        15.7kB
        10.3kB
        34
        24
      • 44.221.84.105:443
        server4.retoti.com
        tls
        csrss.exe
        1.9kB
        5.5kB
        13
        12
      • 185.199.108.133:443
        raw.githubusercontent.com
        tls
        csrss.exe
        1.2kB
        6.9kB
        12
        14
      • 128.140.49.4:50001
        alviss.coinjoined.com
        csrss.exe
        439 B
        9.9kB
        8
        10
      • 45.154.252.100:50001
        e2.keff.org
        csrss.exe
        260 B
        200 B
        5
        5
      • 142.93.6.38:50001
        csrss.exe
        485 B
        11.5kB
        9
        12
      • 8.8.8.8:56021
        2electrumx.hopto.me
        csrss.exe
        104 B
        2
      • 49.12.38.161:50001
        skbxmit.coinjoined.com
        csrss.exe
        958 B
        5.5kB
        10
        10
      • 5.78.65.104:50002
        tls
        csrss.exe
        1.6kB
        7.5kB
        15
        12
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
        90 B
        1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        228.249.119.40.in-addr.arpa
        dns
        73 B
        159 B
        1
        1

        DNS Request

        228.249.119.40.in-addr.arpa

      • 8.8.8.8:53
        81.144.22.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        81.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        20.160.190.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        20.160.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        trumops.com
        dns
        csrss.exe
        57 B
        116 B
        1
        1

        DNS Request

        trumops.com

      • 8.8.8.8:53
        retoti.com
        dns
        csrss.exe
        56 B
        115 B
        1
        1

        DNS Request

        retoti.com

      • 8.8.8.8:53
        logs.trumops.com
        dns
        csrss.exe
        62 B
        121 B
        1
        1

        DNS Request

        logs.trumops.com

      • 8.8.8.8:53
        logs.retoti.com
        dns
        csrss.exe
        61 B
        120 B
        1
        1

        DNS Request

        logs.retoti.com

      • 8.8.8.8:53
        5ea1c33f-2451-467e-aa89-1bd9d2f7df4c.uuid.trumops.com
        dns
        csrss.exe
        99 B
        158 B
        1
        1

        DNS Request

        5ea1c33f-2451-467e-aa89-1bd9d2f7df4c.uuid.trumops.com

      • 8.8.8.8:53
        server4.trumops.com
        dns
        csrss.exe
        65 B
        81 B
        1
        1

        DNS Request

        server4.trumops.com

        DNS Response

        44.221.84.105

      • 8.8.8.8:53
        105.84.221.44.in-addr.arpa
        dns
        72 B
        127 B
        1
        1

        DNS Request

        105.84.221.44.in-addr.arpa

      • 8.8.8.8:53
        212.20.149.52.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        212.20.149.52.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        21.49.80.91.in-addr.arpa
        dns
        70 B
        145 B
        1
        1

        DNS Request

        21.49.80.91.in-addr.arpa

      • 8.8.8.8:53
        154.239.44.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        154.239.44.20.in-addr.arpa

      • 8.8.8.8:53
        86.49.80.91.in-addr.arpa
        dns
        70 B
        145 B
        1
        1

        DNS Request

        86.49.80.91.in-addr.arpa

      • 8.8.8.8:53
        server4.retoti.com
        dns
        csrss.exe
        64 B
        80 B
        1
        1

        DNS Request

        server4.retoti.com

        DNS Response

        44.221.84.105

      • 8.8.8.8:53
        raw.githubusercontent.com
        dns
        csrss.exe
        71 B
        135 B
        1
        1

        DNS Request

        raw.githubusercontent.com

        DNS Response

        185.199.108.133
        185.199.109.133
        185.199.110.133
        185.199.111.133

      • 8.8.8.8:53
        19.229.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        19.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        alviss.coinjoined.com
        dns
        csrss.exe
        67 B
        83 B
        1
        1

        DNS Request

        alviss.coinjoined.com

        DNS Response

        128.140.49.4

      • 8.8.8.8:53
        e2.keff.org
        dns
        csrss.exe
        57 B
        73 B
        1
        1

        DNS Request

        e2.keff.org

        DNS Response

        45.154.252.100

      • 8.8.8.8:53
        133.108.199.185.in-addr.arpa
        dns
        74 B
        118 B
        1
        1

        DNS Request

        133.108.199.185.in-addr.arpa

      • 8.8.8.8:53
        4.49.140.128.in-addr.arpa
        dns
        71 B
        127 B
        1
        1

        DNS Request

        4.49.140.128.in-addr.arpa

      • 8.8.8.8:53
        2electrumx.hopto.me
        dns
        csrss.exe
        65 B
        81 B
        1
        1

        DNS Request

        2electrumx.hopto.me

        DNS Response

        8.8.8.8

      • 8.8.8.8:53
        2electrumx.hopto.me
        dns
        csrss.exe
        70 B
        137 B
        1
        1

        DNS Request

        38.6.93.142.in-addr.arpa

      • 8.8.8.8:53
        2electrumx.hopto.me
        dns
        csrss.exe
        68 B
        84 B
        1
        1

        DNS Request

        skbxmit.coinjoined.com

        DNS Response

        49.12.38.161

      • 8.8.8.8:53
        2electrumx.hopto.me
        dns
        csrss.exe
        71 B
        127 B
        1
        1

        DNS Request

        161.38.12.49.in-addr.arpa

      • 8.8.8.8:53
        2electrumx.hopto.me
        dns
        csrss.exe
        70 B
        125 B
        1
        1

        DNS Request

        104.65.78.5.in-addr.arpa

      • 8.8.8.8:53
        2electrumx.hopto.me
        dns
        csrss.exe
        76 B
        195 B
        1
        1

        DNS Request

        self.events.data.microsoft.com

        DNS Response

        51.104.15.253

      • 8.8.8.8:53
        2electrumx.hopto.me
        dns
        csrss.exe
        72 B
        146 B
        1
        1

        DNS Request

        253.15.104.51.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

        Filesize

        281KB

        MD5

        d98e33b66343e7c96158444127a117f6

        SHA1

        bb716c5509a2bf345c6c1152f6e3e1452d39d50d

        SHA256

        5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

        SHA512

        705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

      • C:\Windows\rss\csrss.exe

        Filesize

        4.3MB

        MD5

        96fd0f878771bed5078fa43d497be8d9

        SHA1

        f0becdf26b1df6e4443d4484f0404eb54eaf0f94

        SHA256

        7698f71461f6be19bcd08b58ab7e4c2f7e226bb1410fa3fa5902445846a7edba

        SHA512

        98aec4a75643d13afef1f0625a4a08a8aec642890efe51275d3e8f5fde2ca69b528470e4abcb145359864b53cc63cbe81c401a86bedea35aaa9111a4583acace

      • memory/3572-2-0x00000000035A0000-0x0000000003E42000-memory.dmp

        Filesize

        8.6MB

      • memory/3572-3-0x0000000000400000-0x0000000000CBD000-memory.dmp

        Filesize

        8.7MB

      • memory/3572-5-0x00000000035A0000-0x0000000003E42000-memory.dmp

        Filesize

        8.6MB

      • memory/3572-6-0x0000000000400000-0x0000000000CBD000-memory.dmp

        Filesize

        8.7MB

      • memory/3572-4-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3572-1-0x0000000003180000-0x000000000359A000-memory.dmp

        Filesize

        4.1MB

      • memory/3844-29-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-26-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-17-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-34-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-23-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-24-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-25-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-33-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-27-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-28-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-32-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-30-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3844-31-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/4448-8-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/4448-15-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/4448-9-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.