Overview

overview

10

Static

static

gfersd.exe

windows7_x64

10

gfersd.exe

windows10_x64

10

Analysis

  • max time kernel
    35s
  • max time network
    67s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    02-11-2020 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gfersd.exe

  • Size

    343KB

  • MD5

    72131adb0e2315281aae445db11e09a2

  • SHA1

    712ca2ebaa7d9bc9bbe18f7843954cfb0d22b08e

  • SHA256

    9ea7a66f0c3dc13ddfc6f05d95049dd7f641053a380578a12013db9f72367f65

  • SHA512

    bbc68fa0c586aaa7227da59848407672e7629e8f1289384add8638c21bab69d41495bcfc7881446b527e5aa4db14e1babc4f71dfee32b69705e6d3b64bf46a22

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Program crash 39 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gfersd.exe
    "C:\Users\Admin\AppData\Local\Temp\gfersd.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 536
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 684
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3976
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1232
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2128
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1256
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1316
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1240
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1408
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4052
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1468
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1444
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:972
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1212
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1784
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1872
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1948
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1988
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1912
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4064
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2100
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1424
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2180
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2116
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3896
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2240
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:652
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 1952
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3596
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2172
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:852
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2340
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2940
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2264
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2536
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2468
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2164
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1176
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2480
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2260
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2312
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3000
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2540
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1004
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2432
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1976
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2200
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2504
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2208
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2436
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2184
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2440
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2248
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2624
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3712
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2544
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2776
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2208
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2312
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 2816
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:644
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C ping 127.0.0.1 -n 3 > nul & del ""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1008
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 3
        3⤵
        • Runs ping.exe
        PID:3336
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 3008
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:200

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/200-457-0x0000000004D10000-0x0000000004D11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/200-461-0x0000000005540000-0x0000000005541000-memory.dmp
    Filesize

    4KB

    Download
  • memory/416-162-0x00000000054D0000-0x00000000054D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/416-159-0x0000000004BA0000-0x0000000004BA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-454-0x0000000004A50000-0x0000000004A51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/644-451-0x0000000004320000-0x0000000004321000-memory.dmp
    Filesize

    4KB

    Download
  • memory/652-172-0x00000000055E0000-0x00000000055E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/652-169-0x0000000004CB0000-0x0000000004CB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/852-177-0x0000000004820000-0x0000000004821000-memory.dmp
    Filesize

    4KB

    Download
  • memory/852-180-0x0000000005150000-0x0000000005151000-memory.dmp
    Filesize

    4KB

    Download
  • memory/900-31-0x0000000004F30000-0x0000000004F31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/900-34-0x0000000005760000-0x0000000005761000-memory.dmp
    Filesize

    4KB

    Download
  • memory/908-10-0x00000000054E0000-0x00000000054E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/908-8-0x0000000004EB0000-0x0000000004EB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/908-7-0x0000000004EB0000-0x0000000004EB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-24-0x00000000045A0000-0x00000000045A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-11-0x0000000004280000-0x0000000004281000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-23-0x00000000075D0000-0x00000000075D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-1-0x0000000004210000-0x0000000004211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-25-0x0000000007630000-0x0000000007631000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-26-0x00000000078B0000-0x00000000078B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-2-0x00000000045E0000-0x00000000045E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-4-0x0000000073850000-0x0000000073F3E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/948-21-0x00000000044F0000-0x0000000004512000-memory.dmp
    Filesize

    136KB

    Download
  • memory/948-20-0x0000000006AC0000-0x0000000006AC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-19-0x0000000004280000-0x00000000042A4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/948-22-0x0000000006FC0000-0x0000000006FC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-455-0x000000000A260000-0x000000000A261000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-18-0x0000000004280000-0x0000000004281000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-431-0x000000000A260000-0x000000000A270000-memory.dmp
    Filesize

    64KB

    Download
  • memory/948-429-0x000000000A260000-0x000000000A270000-memory.dmp
    Filesize

    64KB

    Download
  • memory/948-167-0x000000000A260000-0x000000000A2F9000-memory.dmp
    Filesize

    612KB

    Download
  • memory/948-0-0x00000000023B4000-0x00000000023B5000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-12-0x0000000004280000-0x0000000004281000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-13-0x0000000004280000-0x0000000004281000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-125-0x00000000085B0000-0x00000000085B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-154-0x0000000009460000-0x0000000009461000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-427-0x000000000A260000-0x000000000A270000-memory.dmp
    Filesize

    64KB

    Download
  • memory/948-130-0x0000000008780000-0x0000000008781000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-137-0x00000000090F0000-0x00000000090F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-135-0x0000000008FC0000-0x0000000008FC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/948-136-0x0000000009060000-0x0000000009061000-memory.dmp
    Filesize

    4KB

    Download
  • memory/972-124-0x00000000055C0000-0x00000000055C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/972-121-0x0000000004D90000-0x0000000004D91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1004-298-0x0000000004470000-0x0000000004471000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1008-456-0x0000000000000000-mapping.dmp
    Download
  • memory/1176-286-0x00000000043B0000-0x00000000043B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1176-289-0x0000000004CE0000-0x0000000004CE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1192-422-0x00000000058D0000-0x00000000058D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1424-158-0x0000000005920000-0x0000000005921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1424-155-0x0000000004FF0000-0x0000000004FF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1452-126-0x00000000047C0000-0x00000000047C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1452-129-0x0000000004E00000-0x0000000004E01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1796-131-0x00000000050B0000-0x00000000050B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1800-423-0x0000000004590000-0x0000000004591000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1800-426-0x0000000004DC0000-0x0000000004DC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1976-305-0x0000000005350000-0x0000000005351000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1976-302-0x0000000004B20000-0x0000000004B21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2016-141-0x0000000005080000-0x0000000005081000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2016-138-0x0000000004750000-0x0000000004751000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-120-0x0000000004D80000-0x0000000004D81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2080-117-0x0000000004450000-0x0000000004451000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2128-27-0x0000000004AA0000-0x0000000004AA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2128-30-0x0000000005450000-0x0000000005451000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2184-410-0x00000000058D0000-0x00000000058D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2184-407-0x00000000050A0000-0x00000000050A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2192-145-0x0000000005220000-0x0000000005221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2192-142-0x00000000049F0000-0x00000000049F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2208-406-0x00000000057D0000-0x00000000057D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2208-403-0x0000000004EA0000-0x0000000004EA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2248-411-0x00000000042D0000-0x00000000042D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2260-290-0x0000000004A60000-0x0000000004A61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2260-293-0x00000000050A0000-0x00000000050A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-449-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-447-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-439-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-438-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-445-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-437-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-436-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-443-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-442-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-433-0x0000000004630000-0x0000000004631000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-450-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-440-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-446-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-444-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-448-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2312-441-0x0000000004E60000-0x0000000004E61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2536-185-0x0000000004F00000-0x0000000004F01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2536-188-0x0000000005730000-0x0000000005731000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2940-181-0x0000000004390000-0x0000000004391000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2940-184-0x0000000004CC0000-0x0000000004CC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3000-297-0x0000000005000000-0x0000000005001000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3000-294-0x00000000047D0000-0x00000000047D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3336-460-0x0000000000000000-mapping.dmp
    Download
  • memory/3352-149-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3352-146-0x0000000004390000-0x0000000004391000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3596-173-0x0000000004860000-0x0000000004861000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3596-176-0x0000000005090000-0x0000000005091000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3712-415-0x0000000004AB0000-0x0000000004AB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3712-418-0x0000000005460000-0x0000000005461000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3796-310-0x0000000004F80000-0x0000000004F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3796-306-0x0000000004750000-0x0000000004751000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3800-39-0x0000000004B00000-0x0000000004B01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3800-35-0x00000000042D0000-0x00000000042D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3896-166-0x0000000004D30000-0x0000000004D31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3896-163-0x0000000004500000-0x0000000004501000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3976-17-0x0000000005750000-0x0000000005751000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3976-14-0x0000000005120000-0x0000000005121000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3988-193-0x00000000058F0000-0x00000000058F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3988-189-0x00000000051B0000-0x00000000051B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4052-113-0x00000000046F0000-0x00000000046F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4052-116-0x0000000005020000-0x0000000005021000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4064-150-0x0000000004BA0000-0x0000000004BA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4064-153-0x0000000005550000-0x0000000005551000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4068-109-0x0000000004620000-0x0000000004621000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4068-112-0x0000000004E50000-0x0000000004E51000-memory.dmp
    Filesize

    4KB

    Download