Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2024 19:51

General

  • Target

    JaffaCakes118_cf73757e09f097765efe858b3e2caf35afdefcd75f2abf712bb631a57c445936.exe

  • Size

    4.3MB

  • MD5

    6f00d125acf26839af12b80c43652991

  • SHA1

    72600c5b1345419cd4be3f7bf352fcd848d775d2

  • SHA256

    cf73757e09f097765efe858b3e2caf35afdefcd75f2abf712bb631a57c445936

  • SHA512

    2308f6a80a807424017b86e665fa8c43ccf0852a1ed1fb4a5ced04b024fa39c27c63cea0a67dfdace1730433e182e8b98a166fe76ae3d3438a7f341fbaf684ee

  • SSDEEP

    98304:D3xSkZ/7Oc7vzvTI3Uel/dxYHiv9V7kSwrQrF3+o1CyZ:zb/q2vzvs3Uod6I9azrQrZJ

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba family
  • Glupteba payload 20 IoCs
  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Manipulates WinMonFS driver. 1 IoCs

    Roottkits write to WinMonFS to hide directories/files from being detected.

  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies data under HKEY_USERS 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cf73757e09f097765efe858b3e2caf35afdefcd75f2abf712bb631a57c445936.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cf73757e09f097765efe858b3e2caf35afdefcd75f2abf712bb631a57c445936.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3600
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cf73757e09f097765efe858b3e2caf35afdefcd75f2abf712bb631a57c445936.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cf73757e09f097765efe858b3e2caf35afdefcd75f2abf712bb631a57c445936.exe"
      2⤵
      • Adds Run key to start application
      • Checks for VirtualBox DLLs, possible anti-VM trick
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1776
      • C:\Windows\system32\cmd.exe
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3060
        • C:\Windows\system32\netsh.exe
          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
          4⤵
          • Modifies Windows Firewall
          • Event Triggered Execution: Netsh Helper DLL
          PID:3732
      • C:\Windows\rss\csrss.exe
        C:\Windows\rss\csrss.exe /301-301
        3⤵
        • Executes dropped EXE
        • Manipulates WinMonFS driver.
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2060
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
          4⤵
          • Scheduled Task/Job: Scheduled Task
          PID:4508
        • C:\Windows\SYSTEM32\schtasks.exe
          schtasks /delete /tn ScheduledUpdate /f
          4⤵
            PID:4192
          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            PID:1416
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 860
          3⤵
          • Program crash
          PID:1496
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1776 -ip 1776
      1⤵
        PID:2140

      Network

      • flag-us
        DNS
        104.219.191.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.219.191.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.144.22.2.in-addr.arpa
        IN PTR
        Response
        73.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-73deploystaticakamaitechnologiescom
      • flag-us
        DNS
        138.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        trumops.com
        IN TXT
        Response
        trumops.com
        IN TXT
        .v=spf1 include:_incspfcheck.mailspike.net ?all
      • flag-us
        DNS
        trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        trumops.com
        IN TXT
      • flag-us
        DNS
        retoti.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        retoti.com
        IN TXT
        Response
        retoti.com
        IN TXT
        .v=spf1 include:_incspfcheck.mailspike.net ?all
      • flag-us
        DNS
        logs.trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        logs.trumops.com
        IN TXT
        Response
      • flag-us
        DNS
        logs.retoti.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        logs.retoti.com
        IN TXT
        Response
      • flag-us
        DNS
        280448f9-d036-4e3c-869e-0d854e06c9fb.uuid.trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        280448f9-d036-4e3c-869e-0d854e06c9fb.uuid.trumops.com
        IN TXT
        Response
      • flag-us
        DNS
        server4.trumops.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        server4.trumops.com
        IN A
        Response
        server4.trumops.com
        IN A
        44.221.84.105
      • flag-us
        DNS
        105.84.221.44.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        105.84.221.44.in-addr.arpa
        IN PTR
        Response
        105.84.221.44.in-addr.arpa
        IN PTR
        ec2-44-221-84-105 compute-1 amazonawscom
      • flag-us
        DNS
        105.84.221.44.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        105.84.221.44.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        197.87.175.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        197.87.175.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.42.69.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.42.69.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.144.22.2.in-addr.arpa
        IN PTR
        Response
        81.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-81deploystaticakamaitechnologiescom
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        server4.retoti.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        server4.retoti.com
        IN A
        Response
        server4.retoti.com
        IN A
        44.221.84.105
      • flag-us
        DNS
        raw.githubusercontent.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        raw.githubusercontent.com
        IN A
        Response
        raw.githubusercontent.com
        IN A
        185.199.108.133
        raw.githubusercontent.com
        IN A
        185.199.111.133
        raw.githubusercontent.com
        IN A
        185.199.109.133
        raw.githubusercontent.com
        IN A
        185.199.110.133
      • flag-us
        DNS
        133.108.199.185.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.108.199.185.in-addr.arpa
        IN PTR
        Response
        133.108.199.185.in-addr.arpa
        IN PTR
        cdn-185-199-108-133githubcom
      • flag-us
        DNS
        133.108.199.185.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.108.199.185.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        node.degga.net
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        node.degga.net
        IN A
        Response
        node.degga.net
        IN A
        162.192.36.227
      • flag-us
        DNS
        node.degga.net
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        node.degga.net
        IN A
      • flag-us
        DNS
        electrum.blockstream.info
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        electrum.blockstream.info
        IN A
        Response
        electrum.blockstream.info
        IN A
        34.36.93.230
      • flag-us
        DNS
        exs.dyshek.org
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        exs.dyshek.org
        IN A
        Response
        exs.dyshek.org
        IN A
        135.181.31.178
      • flag-us
        DNS
        vmd84592.contaboserver.net
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        vmd84592.contaboserver.net
        IN A
        Response
      • flag-us
        DNS
        fulcrum.thechaceys.com
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        fulcrum.thechaceys.com
        IN A
        Response
      • flag-us
        DNS
        230.93.36.34.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        230.93.36.34.in-addr.arpa
        IN PTR
        Response
        230.93.36.34.in-addr.arpa
        IN PTR
        230933634bcgoogleusercontentcom
      • flag-us
        DNS
        178.31.181.135.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        178.31.181.135.in-addr.arpa
        IN PTR
        Response
        178.31.181.135.in-addr.arpa
        IN PTR
        static17831181135clients your-serverde
      • flag-us
        DNS
        lavahost.org
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        lavahost.org
        IN A
        Response
        lavahost.org
        IN A
        5.10.171.150
      • flag-us
        DNS
        82.73.121.34.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        82.73.121.34.in-addr.arpa
        IN PTR
        Response
        82.73.121.34.in-addr.arpa
        IN PTR
        827312134bcgoogleusercontentcom
      • flag-us
        DNS
        btc.aftrek.org
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        btc.aftrek.org
        IN A
        Response
        btc.aftrek.org
        IN A
        49.12.35.19
      • flag-us
        DNS
        btc.aftrek.org
        csrss.exe
        Remote address:
        8.8.8.8:53
        Request
        btc.aftrek.org
        IN A
      • flag-us
        DNS
        19.35.12.49.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.35.12.49.in-addr.arpa
        IN PTR
        Response
        19.35.12.49.in-addr.arpa
        IN PTR
        static19351249clients your-serverde
      • 44.221.84.105:443
        server4.trumops.com
        tls
        csrss.exe
        21.3kB
        11.8kB
        41
        25
      • 44.221.84.105:443
        server4.trumops.com
        tls
        csrss.exe
        1.4kB
        7.9kB
        18
        14
      • 44.221.84.105:443
        server4.retoti.com
        tls
        csrss.exe
        2.4kB
        5.4kB
        11
        9
      • 185.199.108.133:443
        raw.githubusercontent.com
        tls
        csrss.exe
        2.8kB
        8.3kB
        18
        14
      • 162.192.36.227:50002
        node.degga.net
        csrss.exe
        104 B
        2
      • 157.245.172.236:50001
        csrss.exe
        156 B
        80 B
        3
        2
      • 34.36.93.230:50001
        electrum.blockstream.info
        csrss.exe
        510 B
        3.5kB
        8
        8
      • 135.181.31.178:50001
        exs.dyshek.org
        csrss.exe
        485 B
        10.7kB
        9
        11
      • 34.121.73.82:50001
        csrss.exe
        1.2kB
        5.6kB
        13
        11
      • 5.10.171.150:50002
        lavahost.org
        csrss.exe
        104 B
        2
      • 49.12.35.19:50001
        btc.aftrek.org
        csrss.exe
        1.1kB
        6.2kB
        12
        10
      • 8.8.8.8:53
        104.219.191.52.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        104.219.191.52.in-addr.arpa

      • 8.8.8.8:53
        73.144.22.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        73.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        138.32.126.40.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        138.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        trumops.com
        dns
        csrss.exe
        114 B
        116 B
        2
        1

        DNS Request

        trumops.com

        DNS Request

        trumops.com

      • 8.8.8.8:53
        retoti.com
        dns
        csrss.exe
        56 B
        115 B
        1
        1

        DNS Request

        retoti.com

      • 8.8.8.8:53
        logs.trumops.com
        dns
        csrss.exe
        62 B
        121 B
        1
        1

        DNS Request

        logs.trumops.com

      • 8.8.8.8:53
        logs.retoti.com
        dns
        csrss.exe
        61 B
        120 B
        1
        1

        DNS Request

        logs.retoti.com

      • 8.8.8.8:53
        280448f9-d036-4e3c-869e-0d854e06c9fb.uuid.trumops.com
        dns
        csrss.exe
        99 B
        158 B
        1
        1

        DNS Request

        280448f9-d036-4e3c-869e-0d854e06c9fb.uuid.trumops.com

      • 8.8.8.8:53
        server4.trumops.com
        dns
        csrss.exe
        65 B
        81 B
        1
        1

        DNS Request

        server4.trumops.com

        DNS Response

        44.221.84.105

      • 8.8.8.8:53
        105.84.221.44.in-addr.arpa
        dns
        144 B
        127 B
        2
        1

        DNS Request

        105.84.221.44.in-addr.arpa

        DNS Request

        105.84.221.44.in-addr.arpa

      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        197.87.175.4.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        197.87.175.4.in-addr.arpa

      • 8.8.8.8:53
        241.42.69.40.in-addr.arpa
        dns
        71 B
        145 B
        1
        1

        DNS Request

        241.42.69.40.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        81.144.22.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        81.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        server4.retoti.com
        dns
        csrss.exe
        64 B
        80 B
        1
        1

        DNS Request

        server4.retoti.com

        DNS Response

        44.221.84.105

      • 8.8.8.8:53
        raw.githubusercontent.com
        dns
        csrss.exe
        71 B
        135 B
        1
        1

        DNS Request

        raw.githubusercontent.com

        DNS Response

        185.199.108.133
        185.199.111.133
        185.199.109.133
        185.199.110.133

      • 8.8.8.8:53
        133.108.199.185.in-addr.arpa
        dns
        148 B
        118 B
        2
        1

        DNS Request

        133.108.199.185.in-addr.arpa

        DNS Request

        133.108.199.185.in-addr.arpa

      • 8.8.8.8:53
        node.degga.net
        dns
        csrss.exe
        120 B
        76 B
        2
        1

        DNS Request

        node.degga.net

        DNS Request

        node.degga.net

        DNS Response

        162.192.36.227

      • 8.8.8.8:53
        electrum.blockstream.info
        dns
        csrss.exe
        71 B
        87 B
        1
        1

        DNS Request

        electrum.blockstream.info

        DNS Response

        34.36.93.230

      • 8.8.8.8:53
        exs.dyshek.org
        dns
        csrss.exe
        60 B
        76 B
        1
        1

        DNS Request

        exs.dyshek.org

        DNS Response

        135.181.31.178

      • 8.8.8.8:53
        vmd84592.contaboserver.net
        dns
        csrss.exe
        72 B
        141 B
        1
        1

        DNS Request

        vmd84592.contaboserver.net

      • 8.8.8.8:53
        fulcrum.thechaceys.com
        dns
        csrss.exe
        68 B
        126 B
        1
        1

        DNS Request

        fulcrum.thechaceys.com

      • 8.8.8.8:53
        230.93.36.34.in-addr.arpa
        dns
        71 B
        122 B
        1
        1

        DNS Request

        230.93.36.34.in-addr.arpa

      • 8.8.8.8:53
        178.31.181.135.in-addr.arpa
        dns
        73 B
        131 B
        1
        1

        DNS Request

        178.31.181.135.in-addr.arpa

      • 8.8.8.8:53
        lavahost.org
        dns
        csrss.exe
        58 B
        74 B
        1
        1

        DNS Request

        lavahost.org

        DNS Response

        5.10.171.150

      • 8.8.8.8:53
        82.73.121.34.in-addr.arpa
        dns
        71 B
        122 B
        1
        1

        DNS Request

        82.73.121.34.in-addr.arpa

      • 8.8.8.8:53
        btc.aftrek.org
        dns
        csrss.exe
        120 B
        76 B
        2
        1

        DNS Request

        btc.aftrek.org

        DNS Request

        btc.aftrek.org

        DNS Response

        49.12.35.19

      • 8.8.8.8:53
        19.35.12.49.in-addr.arpa
        dns
        70 B
        125 B
        1
        1

        DNS Request

        19.35.12.49.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

        Filesize

        281KB

        MD5

        d98e33b66343e7c96158444127a117f6

        SHA1

        bb716c5509a2bf345c6c1152f6e3e1452d39d50d

        SHA256

        5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

        SHA512

        705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

      • C:\Windows\rss\csrss.exe

        Filesize

        4.3MB

        MD5

        6f00d125acf26839af12b80c43652991

        SHA1

        72600c5b1345419cd4be3f7bf352fcd848d775d2

        SHA256

        cf73757e09f097765efe858b3e2caf35afdefcd75f2abf712bb631a57c445936

        SHA512

        2308f6a80a807424017b86e665fa8c43ccf0852a1ed1fb4a5ced04b024fa39c27c63cea0a67dfdace1730433e182e8b98a166fe76ae3d3438a7f341fbaf684ee

      • memory/1776-8-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/1776-14-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/1776-9-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-22-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-24-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-33-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-32-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-31-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-16-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-30-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-29-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-23-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-28-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-25-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-26-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/2060-27-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3600-4-0x0000000000400000-0x0000000002F4C000-memory.dmp

        Filesize

        43.3MB

      • memory/3600-1-0x00000000034B0000-0x00000000038C7000-memory.dmp

        Filesize

        4.1MB

      • memory/3600-2-0x00000000038D0000-0x0000000004172000-memory.dmp

        Filesize

        8.6MB

      • memory/3600-3-0x0000000000400000-0x0000000000CBD000-memory.dmp

        Filesize

        8.7MB

      • memory/3600-6-0x0000000000400000-0x0000000000CBD000-memory.dmp

        Filesize

        8.7MB

      • memory/3600-5-0x00000000038D0000-0x0000000004172000-memory.dmp

        Filesize

        8.6MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.