healer | 10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a

Analysis

max time kernel
158s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe
Size

548KB
MD5

c08d894c88e77428d160bc7609cae245
SHA1

4e4018a1cd85ac51521727f531cdb96f6611570d
SHA256

10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a
SHA512

0552274fc22163bd946a8acb3c47de74c286a945920ffaa8c5cb9464d6793ab2bc6da4f9b07fbd46b670d34d2137394487b888c823b93b1689cc9b3aa3064e89
SSDEEP

12288:lMrKy90IarhdLJuKabJLmU9QKGLbnCRsJnn3KxfD:/y9az11KgLbC0n3ID

Score

10^/10

healer redline rosn dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

rosn

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Signatures

Detects Healer an antivirus disabler dropper 18 IoCs

Processes:

resource	yara_rule
behavioral1/memory/5060-11-0x00000000025E0000-0x00000000025FA000-memory.dmp	healer
behavioral1/memory/5060-17-0x0000000004DE0000-0x0000000004DF8000-memory.dmp	healer
behavioral1/memory/5060-19-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-20-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-22-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-24-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-26-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-28-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-30-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-32-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-34-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-36-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-38-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-40-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-42-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-44-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-46-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	healer
behavioral1/memory/5060-51-0x0000000004EC0000-0x0000000004ED0000-memory.dmp	healer

Healer
Healer an antivirus disabler dropper.
dropper healer

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

Processes:

pro7134.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection	pro7134.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pro7134.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pro7134.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pro7134.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pro7134.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pro7134.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 19 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3496-62-0x0000000002720000-0x0000000002766000-memory.dmp	family_redline
behavioral1/memory/3496-65-0x0000000004D50000-0x0000000004D94000-memory.dmp	family_redline
behavioral1/memory/3496-68-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-70-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-72-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-74-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-76-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-78-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-80-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-82-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-84-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-86-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-88-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-90-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-92-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-94-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-96-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-98-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline
behavioral1/memory/3496-100-0x0000000004D50000-0x0000000004D8F000-memory.dmp	family_redline

Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 18 IoCs

Processes:

resource	yara_rule
behavioral1/memory/5060-11-0x00000000025E0000-0x00000000025FA000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-17-0x0000000004DE0000-0x0000000004DF8000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-19-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-20-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-22-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-24-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-26-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-28-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-30-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-32-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-34-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-36-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-38-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-40-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-42-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-44-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-46-0x0000000004DE0000-0x0000000004DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
behavioral1/memory/5060-51-0x0000000004EC0000-0x0000000004ED0000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender

Executes dropped EXE 2 IoCs

Processes:

pro7134.exequ1886.exe

pid process

5060 pro7134.exe
3496 qu1886.exe

pid	process
5060	pro7134.exe
3496	qu1886.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

pro7134.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pro7134.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pro7134.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1344 5060 WerFault.exe pro7134.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

pro7134.exe

pid process

5060 pro7134.exe
5060 pro7134.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

pro7134.exequ1886.exe

description pid process

Token: SeDebugPrivilege 5060 pro7134.exe
Token: SeDebugPrivilege 3496 qu1886.exe

pid	pid_target	process	target process
1344	5060	WerFault.exe	pro7134.exe

pid	process
5060	pro7134.exe
5060	pro7134.exe

description	pid	process
Token: SeDebugPrivilege	5060	pro7134.exe
Token: SeDebugPrivilege	3496	qu1886.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe

description	pid	process	target process
PID 1844 wrote to memory of 5060	1844	10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe	pro7134.exe
PID 1844 wrote to memory of 5060	1844	10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe	pro7134.exe
PID 1844 wrote to memory of 5060	1844	10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe	pro7134.exe
PID 1844 wrote to memory of 3496	1844	10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe	qu1886.exe
PID 1844 wrote to memory of 3496	1844	10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe	qu1886.exe
PID 1844 wrote to memory of 3496	1844	10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe	qu1886.exe

C:\Users\Admin\AppData\Local\Temp\10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe
"C:\Users\Admin\AppData\Local\Temp\10726662c90668d5ff3c16c71205e92180d1d3816cc2bcc2333d53b31f76ee0a.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1844

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\pro7134.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\pro7134.exe
2⤵
- Modifies Windows Defender Real-time Protection settings
- Executes dropped EXE
- Windows security modification
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 1080
3⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu1886.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu1886.exe
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5060 -ip 5060
1⤵
PID:2572

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\pro7134.exe
Filesize
291KB

MD5
9a8322ec69fd7093a5c385de30fde791

SHA1
e82b4cfbaf2ed207f1902df711f12d17bf361000

SHA256
405b6271cc7fd71d93c38c9195e39ddf406a2dbceb62866bf8f3a26eea952a54

SHA512
1a735bf24e32ea820b31212024ff68e1c257ece32dd8cab1bf843772d8e7d755696cd45e60865c41bd431dfae741a0b9ce557762f884b06cc82d90c0c9c25e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu1886.exe
Filesize
350KB

MD5
3a9013935dc8dbf2dc2058933e8e3702

SHA1
a06750885c4d09e6505b0ba96ce0b034ae899289

SHA256
ce11a188e394dc80b0395a2c9144102a7033f8ee820f81b162503ad32d69c406

SHA512
1c55f5dbed0e33b4ac5bf619590c615b3a7f97be4b902ffaffe7b760eb3f642aae9a5d823fa8877dff51741b6d0cbef6ea63a53ce9a80a74f0ddd03a22d15f6b

Download Submit
memory/3496-84-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-96-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-987-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3496-986-0x0000000073BF0000-0x00000000743A0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-985-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3496-63-0x00000000007F0000-0x000000000083B000-memory.dmp

Filesize
300KB

Download
memory/3496-62-0x0000000002720000-0x0000000002766000-memory.dmp

Filesize
280KB

Download
memory/3496-982-0x0000000000A40000-0x0000000000B40000-memory.dmp

Filesize
1024KB

Download
memory/3496-980-0x0000000005DE0000-0x0000000005E2C000-memory.dmp

Filesize
304KB

Download
memory/3496-64-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/3496-979-0x0000000005C90000-0x0000000005CCC000-memory.dmp

Filesize
240KB

Download
memory/3496-978-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3496-977-0x0000000005C70000-0x0000000005C82000-memory.dmp

Filesize
72KB

Download
memory/3496-976-0x0000000005B30000-0x0000000005C3A000-memory.dmp

Filesize
1.0MB

Download
memory/3496-975-0x0000000005500000-0x0000000005B18000-memory.dmp

Filesize
6.1MB

Download
memory/3496-100-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-98-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-66-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3496-94-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-92-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-90-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-88-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-86-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-82-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-80-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-78-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-76-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-74-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-72-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-69-0x0000000073BF0000-0x00000000743A0000-memory.dmp

Filesize
7.7MB

Download
memory/3496-70-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-67-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3496-68-0x0000000004D50000-0x0000000004D8F000-memory.dmp

Filesize
252KB

Download
memory/3496-61-0x0000000000A40000-0x0000000000B40000-memory.dmp

Filesize
1024KB

Download
memory/3496-984-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/3496-65-0x0000000004D50000-0x0000000004D94000-memory.dmp

Filesize
272KB

Download
memory/5060-34-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-18-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5060-14-0x0000000004ED0000-0x0000000005474000-memory.dmp

Filesize
5.6MB

Download
memory/5060-9-0x00000000007E0000-0x000000000080D000-memory.dmp

Filesize
180KB

Download
memory/5060-56-0x0000000073BF0000-0x00000000743A0000-memory.dmp

Filesize
7.7MB

Download
memory/5060-54-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/5060-53-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5060-52-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/5060-51-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/5060-50-0x0000000073BF0000-0x00000000743A0000-memory.dmp

Filesize
7.7MB

Download
memory/5060-48-0x0000000000A70000-0x0000000000B70000-memory.dmp

Filesize
1024KB

Download
memory/5060-46-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-44-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-8-0x0000000000A70000-0x0000000000B70000-memory.dmp

Filesize
1024KB

Download
memory/5060-42-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-40-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-38-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-36-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-10-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5060-32-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-30-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-28-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-26-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-24-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-22-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-20-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-19-0x0000000004DE0000-0x0000000004DF2000-memory.dmp

Filesize
72KB

Download
memory/5060-17-0x0000000004DE0000-0x0000000004DF8000-memory.dmp

Filesize
96KB

Download
memory/5060-13-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/5060-16-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/5060-15-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/5060-12-0x0000000073BF0000-0x00000000743A0000-memory.dmp

Filesize
7.7MB

Download
memory/5060-11-0x00000000025E0000-0x00000000025FA000-memory.dmp

Filesize
104KB

Download