Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2024 21:58

General

  • Target

    JaffaCakes118_228bb26d3a926eeefae53f870c6cd1682872fa6ed3e12b63fa841faf7ae10c4a.exe

  • Size

    4.2MB

  • MD5

    1f1536f72bff4430a7a7966df9d0532a

  • SHA1

    03cfdc987301f33aece8d6c988797a6c1d02cc49

  • SHA256

    228bb26d3a926eeefae53f870c6cd1682872fa6ed3e12b63fa841faf7ae10c4a

  • SHA512

    189a4ff4800a4f1cf6375d409ac74e7fdf7be1de61b23708a0dca20456819c598abf62505f33e676f719a81b384382fe5a9803eb8e59d03882a3b79471fdf39a

  • SSDEEP

    98304:neaVzX5ZpD6pxDoeAkdyQ++LR2EnstgaOSsjQG2wjLtDLb:JhTwLceKQ++lfnsaapGjt7

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba family
  • Glupteba payload 20 IoCs
  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Manipulates WinMonFS driver. 1 IoCs

    Roottkits write to WinMonFS to hide directories/files from being detected.

  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_228bb26d3a926eeefae53f870c6cd1682872fa6ed3e12b63fa841faf7ae10c4a.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_228bb26d3a926eeefae53f870c6cd1682872fa6ed3e12b63fa841faf7ae10c4a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4988
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_228bb26d3a926eeefae53f870c6cd1682872fa6ed3e12b63fa841faf7ae10c4a.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_228bb26d3a926eeefae53f870c6cd1682872fa6ed3e12b63fa841faf7ae10c4a.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1656
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          • Event Triggered Execution: Netsh Helper DLL
          PID:1836
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe /301-301
        3⤵
        • Executes dropped EXE
        • Manipulates WinMonFS driver.
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3688
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Scheduled Task/Job: Scheduled Task
          PID:724
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:3892
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:4852

    Network

    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      81.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.144.22.2.in-addr.arpa
      IN PTR
      Response
      81.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-81deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      trumops.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      trumops.com
      IN TXT
      Response
      trumops.com
      IN TXT
      .v=spf1 include:_incspfcheck.mailspike.net ?all
    • flag-us
      DNS
      retoti.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      retoti.com
      IN TXT
      Response
      retoti.com
      IN TXT
      .v=spf1 include:_incspfcheck.mailspike.net ?all
    • flag-us
      DNS
      logs.trumops.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      logs.trumops.com
      IN TXT
      Response
    • flag-us
      DNS
      logs.retoti.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      logs.retoti.com
      IN TXT
      Response
    • flag-us
      DNS
      92c67545-dead-4adf-8d5a-7c9426e35bf8.uuid.trumops.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      92c67545-dead-4adf-8d5a-7c9426e35bf8.uuid.trumops.com
      IN TXT
      Response
    • flag-us
      DNS
      server7.trumops.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      server7.trumops.com
      IN A
      Response
      server7.trumops.com
      IN A
      44.221.84.105
    • flag-us
      DNS
      105.84.221.44.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      105.84.221.44.in-addr.arpa
      IN PTR
      Response
      105.84.221.44.in-addr.arpa
      IN PTR
      ec2-44-221-84-105 compute-1 amazonawscom
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.163.202.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.163.202.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
      Response
      73.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      server7.retoti.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      server7.retoti.com
      IN A
      Response
      server7.retoti.com
      IN A
      44.221.84.105
    • flag-us
      DNS
      raw.githubusercontent.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
      Response
      raw.githubusercontent.com
      IN A
      185.199.108.133
      raw.githubusercontent.com
      IN A
      185.199.110.133
      raw.githubusercontent.com
      IN A
      185.199.109.133
      raw.githubusercontent.com
      IN A
      185.199.111.133
    • flag-us
      DNS
      e.keff.org
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      e.keff.org
      IN A
      Response
      e.keff.org
      IN A
      45.154.252.100
    • flag-us
      DNS
      133.108.199.185.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.108.199.185.in-addr.arpa
      IN PTR
      Response
      133.108.199.185.in-addr.arpa
      IN PTR
      cdn-185-199-108-133githubcom
    • flag-us
      DNS
      electrum.qtornado.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      electrum.qtornado.com
      IN A
      Response
      electrum.qtornado.com
      IN CNAME
      electrumqtornado.hodlister.co
      electrumqtornado.hodlister.co
      IN A
      45.154.252.107
    • flag-us
      DNS
      gall.pro
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      gall.pro
      IN A
      Response
      gall.pro
      IN A
      104.21.79.2
      gall.pro
      IN A
      172.67.139.56
    • flag-us
      DNS
      lavahost.org
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      lavahost.org
      IN A
      Response
      lavahost.org
      IN A
      5.10.171.150
    • flag-us
      DNS
      btc.ocf.sh
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      btc.ocf.sh
      IN A
      Response
      btc.ocf.sh
      IN A
      116.255.28.88
    • flag-us
      DNS
      ex03.axalgo.com
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      ex03.axalgo.com
      IN A
      Response
    • flag-us
      DNS
      vmd84592.contaboserver.net
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      vmd84592.contaboserver.net
      IN A
      Response
    • flag-us
      DNS
      smmalis37.ddns.net
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      smmalis37.ddns.net
      IN A
      Response
      smmalis37.ddns.net
      IN A
      141.154.64.209
    • flag-us
      DNS
      electrum5.hodlister.co
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      electrum5.hodlister.co
      IN A
      Response
      electrum5.hodlister.co
      IN A
      45.154.252.109
    • flag-us
      DNS
      88.28.255.116.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.28.255.116.in-addr.arpa
      IN PTR
      Response
      88.28.255.116.in-addr.arpa
      IN PTR
      cust12597svc273256allegrocomau
    • flag-us
      DNS
      electrumx.alexridevski.net
      csrss.exe
      Remote address:
      8.8.8.8:53
      Request
      electrumx.alexridevski.net
      IN A
      Response
      electrumx.alexridevski.net
      IN A
      65.27.128.158
    • flag-us
      DNS
      209.64.154.141.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.64.154.141.in-addr.arpa
      IN PTR
      Response
      209.64.154.141.in-addr.arpa
      IN PTR
      pool-141-154-64-209boseastverizonnet
    • flag-us
      DNS
      225.162.46.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      225.162.46.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      109.252.154.45.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      109.252.154.45.in-addr.arpa
      IN PTR
      Response
      109.252.154.45.in-addr.arpa
      IN PTR
      electrumx-9electrumorg
    • 44.221.84.105:443
      server7.trumops.com
      tls
      csrss.exe
      14.6kB
      9.5kB
      31
      23
    • 44.221.84.105:443
      server7.trumops.com
      tls
      csrss.exe
      1.8kB
      5.5kB
      12
      13
    • 44.221.84.105:443
      server7.retoti.com
      tls
      csrss.exe
      1.6kB
      5.3kB
      8
      8
    • 185.199.108.133:443
      raw.githubusercontent.com
      tls
      csrss.exe
      1.1kB
      6.8kB
      11
      13
    • 45.154.252.100:50001
      e.keff.org
      csrss.exe
      260 B
      200 B
      5
      5
    • 45.154.252.107:50001
      electrum.qtornado.com
      csrss.exe
      260 B
      200 B
      5
      5
    • 104.21.79.2:50002
      gall.pro
      csrss.exe
      104 B
      2
    • 172.67.139.56:50002
      gall.pro
      csrss.exe
      52 B
      1
    • 5.10.171.150:50002
      lavahost.org
      csrss.exe
      104 B
      2
    • 116.255.28.88:50002
      btc.ocf.sh
      tls
      csrss.exe
      953 B
      2.5kB
      11
      8
    • 141.154.64.209:50002
      smmalis37.ddns.net
      tls
      csrss.exe
      955 B
      10.2kB
      11
      12
    • 45.154.252.109:50002
      electrum5.hodlister.co
      tls
      csrss.exe
      1.9kB
      9.7kB
      20
      15
    • 65.27.128.158:50001
      electrumx.alexridevski.net
      csrss.exe
      52 B
      1
    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      81.144.22.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      81.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      trumops.com
      dns
      csrss.exe
      57 B
      116 B
      1
      1

      DNS Request

      trumops.com

    • 8.8.8.8:53
      retoti.com
      dns
      csrss.exe
      56 B
      115 B
      1
      1

      DNS Request

      retoti.com

    • 8.8.8.8:53
      logs.trumops.com
      dns
      csrss.exe
      62 B
      121 B
      1
      1

      DNS Request

      logs.trumops.com

    • 8.8.8.8:53
      logs.retoti.com
      dns
      csrss.exe
      61 B
      120 B
      1
      1

      DNS Request

      logs.retoti.com

    • 8.8.8.8:53
      92c67545-dead-4adf-8d5a-7c9426e35bf8.uuid.trumops.com
      dns
      csrss.exe
      99 B
      158 B
      1
      1

      DNS Request

      92c67545-dead-4adf-8d5a-7c9426e35bf8.uuid.trumops.com

    • 8.8.8.8:53
      server7.trumops.com
      dns
      csrss.exe
      65 B
      81 B
      1
      1

      DNS Request

      server7.trumops.com

      DNS Response

      44.221.84.105

    • 8.8.8.8:53
      105.84.221.44.in-addr.arpa
      dns
      72 B
      127 B
      1
      1

      DNS Request

      105.84.221.44.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      200.163.202.172.in-addr.arpa
      dns
      74 B
      160 B
      1
      1

      DNS Request

      200.163.202.172.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      73.144.22.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      73.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      server7.retoti.com
      dns
      csrss.exe
      64 B
      80 B
      1
      1

      DNS Request

      server7.retoti.com

      DNS Response

      44.221.84.105

    • 8.8.8.8:53
      raw.githubusercontent.com
      dns
      csrss.exe
      71 B
      135 B
      1
      1

      DNS Request

      raw.githubusercontent.com

      DNS Response

      185.199.108.133
      185.199.110.133
      185.199.109.133
      185.199.111.133

    • 8.8.8.8:53
      e.keff.org
      dns
      csrss.exe
      56 B
      72 B
      1
      1

      DNS Request

      e.keff.org

      DNS Response

      45.154.252.100

    • 8.8.8.8:53
      133.108.199.185.in-addr.arpa
      dns
      74 B
      118 B
      1
      1

      DNS Request

      133.108.199.185.in-addr.arpa

    • 8.8.8.8:53
      electrum.qtornado.com
      dns
      csrss.exe
      67 B
      126 B
      1
      1

      DNS Request

      electrum.qtornado.com

      DNS Response

      45.154.252.107

    • 8.8.8.8:53
      gall.pro
      dns
      csrss.exe
      54 B
      86 B
      1
      1

      DNS Request

      gall.pro

      DNS Response

      104.21.79.2
      172.67.139.56

    • 8.8.8.8:53
      lavahost.org
      dns
      csrss.exe
      58 B
      74 B
      1
      1

      DNS Request

      lavahost.org

      DNS Response

      5.10.171.150

    • 8.8.8.8:53
      btc.ocf.sh
      dns
      csrss.exe
      56 B
      72 B
      1
      1

      DNS Request

      btc.ocf.sh

      DNS Response

      116.255.28.88

    • 8.8.8.8:53
      ex03.axalgo.com
      dns
      csrss.exe
      61 B
      128 B
      1
      1

      DNS Request

      ex03.axalgo.com

    • 8.8.8.8:53
      vmd84592.contaboserver.net
      dns
      csrss.exe
      72 B
      141 B
      1
      1

      DNS Request

      vmd84592.contaboserver.net

    • 8.8.8.8:53
      smmalis37.ddns.net
      dns
      csrss.exe
      64 B
      80 B
      1
      1

      DNS Request

      smmalis37.ddns.net

      DNS Response

      141.154.64.209

    • 8.8.8.8:53
      electrum5.hodlister.co
      dns
      csrss.exe
      68 B
      84 B
      1
      1

      DNS Request

      electrum5.hodlister.co

      DNS Response

      45.154.252.109

    • 8.8.8.8:53
      88.28.255.116.in-addr.arpa
      dns
      72 B
      122 B
      1
      1

      DNS Request

      88.28.255.116.in-addr.arpa

    • 8.8.8.8:53
      electrumx.alexridevski.net
      dns
      csrss.exe
      72 B
      88 B
      1
      1

      DNS Request

      electrumx.alexridevski.net

      DNS Response

      65.27.128.158

    • 8.8.8.8:53
      209.64.154.141.in-addr.arpa
      dns
      73 B
      127 B
      1
      1

      DNS Request

      209.64.154.141.in-addr.arpa

    • 8.8.8.8:53
      225.162.46.104.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      225.162.46.104.in-addr.arpa

    • 8.8.8.8:53
      109.252.154.45.in-addr.arpa
      dns
      73 B
      111 B
      1
      1

      DNS Request

      109.252.154.45.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

      Filesize

      281KB

      MD5

      d98e33b66343e7c96158444127a117f6

      SHA1

      bb716c5509a2bf345c6c1152f6e3e1452d39d50d

      SHA256

      5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

      SHA512

      705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

    • C:\Windows\rss\csrss.exe

      Filesize

      4.2MB

      MD5

      1f1536f72bff4430a7a7966df9d0532a

      SHA1

      03cfdc987301f33aece8d6c988797a6c1d02cc49

      SHA256

      228bb26d3a926eeefae53f870c6cd1682872fa6ed3e12b63fa841faf7ae10c4a

      SHA512

      189a4ff4800a4f1cf6375d409ac74e7fdf7be1de61b23708a0dca20456819c598abf62505f33e676f719a81b384382fe5a9803eb8e59d03882a3b79471fdf39a

    • memory/1232-6-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/1232-13-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/1232-7-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-20-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-22-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-32-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-31-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-30-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-14-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-29-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-28-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-21-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-27-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-23-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-24-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-25-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/3688-26-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/4988-5-0x0000000003140000-0x00000000039E2000-memory.dmp

      Filesize

      8.6MB

    • memory/4988-0-0x0000000002D30000-0x000000000313F000-memory.dmp

      Filesize

      4.1MB

    • memory/4988-1-0x0000000003140000-0x00000000039E2000-memory.dmp

      Filesize

      8.6MB

    • memory/4988-2-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    • memory/4988-4-0x0000000002D30000-0x000000000313F000-memory.dmp

      Filesize

      4.1MB

    • memory/4988-3-0x0000000000400000-0x0000000000CBD000-memory.dmp

      Filesize

      8.7MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.