Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2022 08:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    383KB

  • MD5

    58e19e4ecbfc9e2f32e2a300635bd82d

  • SHA1

    58d58d5b242d1cb1df7fa761df6eaf127b71719f

  • SHA256

    f36a8b642ad4cbf276e83861df2328926ec3f899794036e30736e63a9d078185

  • SHA512

    a262de9767d891b586ffd9a95080c9fc87fab44b923b1adad6e6dc94a7eecd1c57c0feca2dc00150f5f4aac3049c8d0e9a46ed778e9747b518d72b96703372c0

  • SSDEEP

    6144:hLrW6JxFI46YeEIDgIs8wx9nVVFpIVSPapjQWVwv8TJH:JW6nEI8wx95OVSPCQW2MJ

Score
10/10
redlinetop1discoveryinfostealerminerpersistencespywarestealervmprotect

Malware Config

Extracted

Family

redline

Botnet

top1

C2

chardhesha.xyz:81

jalocliche.xyz:81
Attributes
  • auth_value

    fa2afa98a6579319e36e31ee0552bd57

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Detectes Phoenix Miner Payload 4 IoCs
    miner
  • Downloads MZ/PE file
  • Executes dropped EXE 9 IoCs
  • VMProtect packed file 8 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\Temp\16.exe
      "C:\Windows\Temp\16.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1780
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Roaming\explorer\explorer.exe
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2596
        • C:\Users\Admin\AppData\Roaming\explorer\explorer.exe
          C:\Users\Admin\AppData\Roaming\explorer\explorer.exe
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1948
          • C:\Users\Admin\AppData\Roaming\explorer\svchost.exe
            -pool us-etc.2miners.com:1010 -wal 0xB7b2553E9b6DC10186ddD09AB9fbE71C68da0851.ferms -epsw x -mode 1 -log 0 -mport 0 -etha 0 -ftime 55 -retrydelay 1 -coin etc
            5⤵
            • Executes dropped EXE
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious behavior: EnumeratesProcesses
            PID:4260
      • C:\Users\Admin\AppData\Local\Temp\DH132LLKB794MD7.exe
        "C:\Users\Admin\AppData\Local\Temp\DH132LLKB794MD7.exe"
        3⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2792
        • C:\Windows\Temp\top1.exe
          "C:\Windows\Temp\top1.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4288
      • C:\Users\Admin\AppData\Local\Temp\ID6BKF5E1F5BE9M.exe
        "C:\Users\Admin\AppData\Local\Temp\ID6BKF5E1F5BE9M.exe"
        3⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2232
        • C:\Windows\Temp\swiftfix.exe
          "C:\Windows\Temp\swiftfix.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of AdjustPrivilegeToken
          PID:4984
      • C:\Users\Admin\AppData\Local\Temp\M1IJ6FBDEIM23BF.exe
        "C:\Users\Admin\AppData\Local\Temp\M1IJ6FBDEIM23BF.exe"
        3⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1324
        • C:\Windows\SysWOW64\control.exe
          "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\RTTfOX3V.Cpl",
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4400
          • C:\Windows\SysWOW64\rundll32.exe
            "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\RTTfOX3V.Cpl",
            5⤵
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:4448
            • C:\Windows\system32\RunDll32.exe
              C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\RTTfOX3V.Cpl",
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:4784
              • C:\Windows\SysWOW64\rundll32.exe
                "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\RTTfOX3V.Cpl",
                7⤵
                • Loads dropped DLL
                PID:3248
      • C:\Users\Admin\AppData\Local\Temp\AFM46CGMFIJGLLK.exe
        https://iplogger.org/1DJDa7
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:656

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AFM46CGMFIJGLLK.exe
    Filesize

    8KB

    MD5

    8719ce641e7c777ac1b0eaec7b5fa7c7

    SHA1

    c04de52cb511480cc7d00d67f1d9e17b02d6406b

    SHA256

    6283ac6ecbf4c4038cf44896dd221c7c11152bac77273709330409032c3e72ea

    SHA512

    7be5bd6d2342dd02818f1979e7e74a6376658711ac82a59b2af1a67207cfd3c7416b657af01216473b15132e4aa5c6675f0eb8ee6343192c7dfc4a5249ccaa97

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\AFM46CGMFIJGLLK.exe
    Filesize

    8KB

    MD5

    8719ce641e7c777ac1b0eaec7b5fa7c7

    SHA1

    c04de52cb511480cc7d00d67f1d9e17b02d6406b

    SHA256

    6283ac6ecbf4c4038cf44896dd221c7c11152bac77273709330409032c3e72ea

    SHA512

    7be5bd6d2342dd02818f1979e7e74a6376658711ac82a59b2af1a67207cfd3c7416b657af01216473b15132e4aa5c6675f0eb8ee6343192c7dfc4a5249ccaa97

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\DH132LLKB794MD7.exe
    Filesize

    385KB

    MD5

    90767e692f4ceba7298c5636811bf1cc

    SHA1

    4b03b979fb759a6e1d5a6e6bf3052f03acda9c1e

    SHA256

    0af6a93e24056542121e224b3bc4ff3ebe3e021b7c28bcdf0815b5944fcf4898

    SHA512

    5f11946f6ee85d44d120f1e6b16344a2217fe28c18e8b7a4d141b17a1585c03c22f15c9fa70b1810707c62c522b97d18a40f3a9c6d58e1e0d543b809f6a70f70

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\DH132LLKB794MD7.exe
    Filesize

    385KB

    MD5

    90767e692f4ceba7298c5636811bf1cc

    SHA1

    4b03b979fb759a6e1d5a6e6bf3052f03acda9c1e

    SHA256

    0af6a93e24056542121e224b3bc4ff3ebe3e021b7c28bcdf0815b5944fcf4898

    SHA512

    5f11946f6ee85d44d120f1e6b16344a2217fe28c18e8b7a4d141b17a1585c03c22f15c9fa70b1810707c62c522b97d18a40f3a9c6d58e1e0d543b809f6a70f70

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\ID6BKF5E1F5BE9M.exe
    Filesize

    333KB

    MD5

    59718e10ab8973add6082a88429acf2f

    SHA1

    996e942c8be550db9600d5d544f1c09ef41c3047

    SHA256

    016006b4e10e6833e36780f68777b7265f105b21a09cbab4f0be8fc45c2e12c0

    SHA512

    83b81ebf0864d6d2ba8902c576416f3b02ede7ed9962af9a0ed8b9e54f4002001d37422262ab8379a13acc69d8ec80b6dae5d48c89e856c52394ac3fc0d6bb50

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\ID6BKF5E1F5BE9M.exe
    Filesize

    333KB

    MD5

    59718e10ab8973add6082a88429acf2f

    SHA1

    996e942c8be550db9600d5d544f1c09ef41c3047

    SHA256

    016006b4e10e6833e36780f68777b7265f105b21a09cbab4f0be8fc45c2e12c0

    SHA512

    83b81ebf0864d6d2ba8902c576416f3b02ede7ed9962af9a0ed8b9e54f4002001d37422262ab8379a13acc69d8ec80b6dae5d48c89e856c52394ac3fc0d6bb50

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\M1IJ6FBDEIM23BF.exe
    Filesize

    1.7MB

    MD5

    d09d3b7e11d05bd30fe6da5f21f353a4

    SHA1

    fec5a633af78e7961485fe0e97b0d6878d545174

    SHA256

    9608d79a8f04e95bf1c16e459458e2afe25c3bfc0c0fa3917fe23ddc2bbd7f45

    SHA512

    85965f59a1b27a27be22bd44d0995d354a4f0a41bcc3e729c505e0754fa089d32dfae7b8217a0d6976e4841c175db71654b24b07c48423ae5f943114f62e4f91

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\M1IJ6FBDEIM23BF.exe
    Filesize

    1.7MB

    MD5

    d09d3b7e11d05bd30fe6da5f21f353a4

    SHA1

    fec5a633af78e7961485fe0e97b0d6878d545174

    SHA256

    9608d79a8f04e95bf1c16e459458e2afe25c3bfc0c0fa3917fe23ddc2bbd7f45

    SHA512

    85965f59a1b27a27be22bd44d0995d354a4f0a41bcc3e729c505e0754fa089d32dfae7b8217a0d6976e4841c175db71654b24b07c48423ae5f943114f62e4f91

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RTTfOX3V.Cpl
    Filesize

    1.7MB

    MD5

    45df0b20e6ca9fa82262395394d0054d

    SHA1

    70e6734c70da14d9356d5abbff27542926da34da

    SHA256

    0c0767b5ee6edf1bcfc66ddd68af8bff18e40d87417a1537671e948c3756bfae

    SHA512

    fe2a52e95b4710e47bce08ee485a9dea95fecc1517c9c27146f0238c64b3c5a3fa48210d78f83a62bb8b9802837fd28f5a9d7bbe2d66d439ed2eeeef196f6507

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RTTfoX3V.cpl
    Filesize

    1.7MB

    MD5

    45df0b20e6ca9fa82262395394d0054d

    SHA1

    70e6734c70da14d9356d5abbff27542926da34da

    SHA256

    0c0767b5ee6edf1bcfc66ddd68af8bff18e40d87417a1537671e948c3756bfae

    SHA512

    fe2a52e95b4710e47bce08ee485a9dea95fecc1517c9c27146f0238c64b3c5a3fa48210d78f83a62bb8b9802837fd28f5a9d7bbe2d66d439ed2eeeef196f6507

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\RTTfoX3V.cpl
    Filesize

    1.7MB

    MD5

    45df0b20e6ca9fa82262395394d0054d

    SHA1

    70e6734c70da14d9356d5abbff27542926da34da

    SHA256

    0c0767b5ee6edf1bcfc66ddd68af8bff18e40d87417a1537671e948c3756bfae

    SHA512

    fe2a52e95b4710e47bce08ee485a9dea95fecc1517c9c27146f0238c64b3c5a3fa48210d78f83a62bb8b9802837fd28f5a9d7bbe2d66d439ed2eeeef196f6507

    Download Submit
  • C:\Users\Admin\AppData\Roaming\explorer\explorer.exe
    Filesize

    5.2MB

    MD5

    dee1568dc4d523e4aff5c7563b26887c

    SHA1

    565a8f3d02746fb203c5a7e2777211bf33cf656b

    SHA256

    f7cbf79fce9ca7d06745604a44c6b2541af476cdd8f5853bf1dbf23213eb3d2b

    SHA512

    0e593e23f5cfbf3bf0cc07373bb013911e9c2068cfad8e666c69173afbe29d06a0635dc32dfa6baca153db2e1de25772cccbc5f63d49d19bc4d18b93f7c97ab2

    Download Submit
  • C:\Users\Admin\AppData\Roaming\explorer\explorer.exe
    Filesize

    5.2MB

    MD5

    dee1568dc4d523e4aff5c7563b26887c

    SHA1

    565a8f3d02746fb203c5a7e2777211bf33cf656b

    SHA256

    f7cbf79fce9ca7d06745604a44c6b2541af476cdd8f5853bf1dbf23213eb3d2b

    SHA512

    0e593e23f5cfbf3bf0cc07373bb013911e9c2068cfad8e666c69173afbe29d06a0635dc32dfa6baca153db2e1de25772cccbc5f63d49d19bc4d18b93f7c97ab2

    Download Submit
  • C:\Users\Admin\AppData\Roaming\explorer\svchost.exe
    Filesize

    9.7MB

    MD5

    afe1d7271ec50bf3332edf6ba5f8ba01

    SHA1

    b07633f2274ffc7d8f02fdca4da94aec88534b0c

    SHA256

    d645e1c6408572a8e4e7e20e099a8301a6b811131a00bc8b28ca97a4ec951222

    SHA512

    9e1248618a54956f0b9d455e33eb63fbeeb5c3b16ee168d5f5c002eac9863568f844ed0b47ec1eb9bb452e6e63e7784eebb76693e90e5789c94f0193a9e0737a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\explorer\svchost.exe
    Filesize

    9.7MB

    MD5

    afe1d7271ec50bf3332edf6ba5f8ba01

    SHA1

    b07633f2274ffc7d8f02fdca4da94aec88534b0c

    SHA256

    d645e1c6408572a8e4e7e20e099a8301a6b811131a00bc8b28ca97a4ec951222

    SHA512

    9e1248618a54956f0b9d455e33eb63fbeeb5c3b16ee168d5f5c002eac9863568f844ed0b47ec1eb9bb452e6e63e7784eebb76693e90e5789c94f0193a9e0737a

    Download Submit
  • C:\Windows\Temp\16.exe
    Filesize

    115KB

    MD5

    5abe44351d425458a0b1aa5c6a2d007c

    SHA1

    1cf91938b5d6a1d49531d07fc4d0612b4ce18365

    SHA256

    7275527161e158dfeaf9dd744bba65bb9de548616d7f34457c6aa1b4969bacc9

    SHA512

    557b0e9a6cca7a33284a463075b2c5e8198e8e489307fceebd3c43d461b0f3447856325b8aa82c1b62d93328cf435baae9fcee124a9d537fca02be9edad2b291

    Download Submit
  • C:\Windows\Temp\16.exe
    Filesize

    115KB

    MD5

    5abe44351d425458a0b1aa5c6a2d007c

    SHA1

    1cf91938b5d6a1d49531d07fc4d0612b4ce18365

    SHA256

    7275527161e158dfeaf9dd744bba65bb9de548616d7f34457c6aa1b4969bacc9

    SHA512

    557b0e9a6cca7a33284a463075b2c5e8198e8e489307fceebd3c43d461b0f3447856325b8aa82c1b62d93328cf435baae9fcee124a9d537fca02be9edad2b291

    Download Submit
  • C:\Windows\Temp\swiftfix.exe
    Filesize

    17KB

    MD5

    c5d67a98b53d07c90b6bf8a54d87cca3

    SHA1

    4cf957464a178b219184308d9110bab3efc3fd78

    SHA256

    23b36cbe0d774877af73bce1eb468db5026f8b4b5b83650baa6fb13beba3e9ac

    SHA512

    7dc2223c4a196d70744617411b0202ab64bcb1dd53aea90d7a71cb3d353b0fa708fdf8acb289c93cc742f77cfdba5aaee069adfcce91368457b8443899c075c8

    Download Submit
  • C:\Windows\Temp\swiftfix.exe
    Filesize

    17KB

    MD5

    c5d67a98b53d07c90b6bf8a54d87cca3

    SHA1

    4cf957464a178b219184308d9110bab3efc3fd78

    SHA256

    23b36cbe0d774877af73bce1eb468db5026f8b4b5b83650baa6fb13beba3e9ac

    SHA512

    7dc2223c4a196d70744617411b0202ab64bcb1dd53aea90d7a71cb3d353b0fa708fdf8acb289c93cc742f77cfdba5aaee069adfcce91368457b8443899c075c8

    Download Submit
  • C:\Windows\Temp\top1.exe
    Filesize

    137KB

    MD5

    a135b9085fa8ef921eec14057b03125f

    SHA1

    4bf5ad5601da96ad4304f3d02b169868c972415d

    SHA256

    24aebc01eb25512c266cc73a1bf90a40b92e5924ddb94ba6db3be9aa89539ea3

    SHA512

    c7d4f74bedb81125a5ba42dad7be1dfa8220f1f5da96d61cc3e6b87fa9dd18217b9c6683ab6f16e0197084eead7db50df401d06a7ef4434038512d7d391effab

    Download Submit
  • C:\Windows\Temp\top1.exe
    Filesize

    137KB

    MD5

    a135b9085fa8ef921eec14057b03125f

    SHA1

    4bf5ad5601da96ad4304f3d02b169868c972415d

    SHA256

    24aebc01eb25512c266cc73a1bf90a40b92e5924ddb94ba6db3be9aa89539ea3

    SHA512

    c7d4f74bedb81125a5ba42dad7be1dfa8220f1f5da96d61cc3e6b87fa9dd18217b9c6683ab6f16e0197084eead7db50df401d06a7ef4434038512d7d391effab

    Download Submit
  • memory/656-195-0x0000000000000000-mapping.dmp
    Download
  • memory/656-203-0x00007FFA07300000-0x00007FFA07DC1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/656-198-0x000002485C0D0000-0x000002485C0D6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/656-201-0x000002507A800000-0x000002507AFA6000-memory.dmp
    Filesize

    7.6MB

    Download
  • memory/656-199-0x00007FFA07300000-0x00007FFA07DC1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1324-174-0x0000000000000000-mapping.dmp
    Download
  • memory/1728-132-0x0000000000060000-0x00000000000C6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1780-133-0x0000000000000000-mapping.dmp
    Download
  • memory/1948-143-0x00007FF60E290000-0x00007FF60EB25000-memory.dmp
    Filesize

    8.6MB

    Download
  • memory/1948-137-0x0000000000000000-mapping.dmp
    Download
  • memory/1948-140-0x00007FF60E290000-0x00007FF60EB25000-memory.dmp
    Filesize

    8.6MB

    Download
  • memory/2232-165-0x0000000000AF0000-0x0000000000B4A000-memory.dmp
    Filesize

    360KB

    Download
  • memory/2232-162-0x0000000000000000-mapping.dmp
    Download
  • memory/2596-136-0x0000000000000000-mapping.dmp
    Download
  • memory/2792-153-0x0000000000C40000-0x0000000000CA6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2792-150-0x0000000000000000-mapping.dmp
    Download
  • memory/3248-194-0x0000000003720000-0x0000000003832000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/3248-191-0x0000000000000000-mapping.dmp
    Download
  • memory/3248-193-0x00000000034D0000-0x0000000003608000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/3248-207-0x0000000003720000-0x0000000003832000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/3248-204-0x0000000003910000-0x00000000039C7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/3248-202-0x0000000003840000-0x000000000390B000-memory.dmp
    Filesize

    812KB

    Download
  • memory/4260-149-0x00007FF6E6500000-0x00007FF6E7A57000-memory.dmp
    Filesize

    21.3MB

    Download
  • memory/4260-145-0x00007FF6E6500000-0x00007FF6E7A57000-memory.dmp
    Filesize

    21.3MB

    Download
  • memory/4260-141-0x0000000000000000-mapping.dmp
    Download
  • memory/4288-170-0x0000000006480000-0x0000000006512000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4288-161-0x0000000005020000-0x000000000505C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/4288-154-0x0000000000000000-mapping.dmp
    Download
  • memory/4288-157-0x0000000000610000-0x0000000000638000-memory.dmp
    Filesize

    160KB

    Download
  • memory/4288-158-0x0000000005580000-0x0000000005B98000-memory.dmp
    Filesize

    6.1MB

    Download
  • memory/4288-159-0x0000000005090000-0x000000000519A000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4288-160-0x0000000004FC0000-0x0000000004FD2000-memory.dmp
    Filesize

    72KB

    Download
  • memory/4288-182-0x0000000007780000-0x0000000007CAC000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/4288-181-0x0000000007080000-0x0000000007242000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/4288-171-0x0000000006AD0000-0x0000000007074000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4288-173-0x0000000006590000-0x00000000065F6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4400-177-0x0000000000000000-mapping.dmp
    Download
  • memory/4448-178-0x0000000000000000-mapping.dmp
    Download
  • memory/4448-187-0x0000000003900000-0x00000000039B7000-memory.dmp
    Filesize

    732KB

    Download
  • memory/4448-186-0x0000000003830000-0x00000000038FB000-memory.dmp
    Filesize

    812KB

    Download
  • memory/4448-184-0x0000000003710000-0x0000000003822000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4448-183-0x00000000034C0000-0x00000000035F8000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/4448-208-0x0000000003710000-0x0000000003822000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4784-190-0x0000000000000000-mapping.dmp
    Download
  • memory/4984-172-0x00007FFA07300000-0x00007FFA07DC1000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/4984-169-0x00000000002E0000-0x00000000002EA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4984-166-0x0000000000000000-mapping.dmp
    Download
  • memory/4984-185-0x00007FFA07300000-0x00007FFA07DC1000-memory.dmp
    Filesize

    10.8MB

    Download