xred | 63cf9f5d8fcdb4bc57c17b35b34f0a1edf92d42e4c2ff621a966c7a3cf2b1270

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Size

4.0MB
MD5

fe812223b4ec65e09362ec90e98aeb66
SHA1

d63efd92ba34528df23c4666290ccc9b88bb4cc7
SHA256

63cf9f5d8fcdb4bc57c17b35b34f0a1edf92d42e4c2ff621a966c7a3cf2b1270
SHA512

13ce97105ccf6fbf8cfafdac0a9027fb60d1d68e9d09953849e7e2401f3df6ff5600b53ddcb4d88af29c0fd1cd24bb80ad6ea951fda8fa8b81c912d3e9aaa87e
SSDEEP

98304:+nsmtk2aqqanA7Q5RmbBNW9BMhnu5Puhyi1cZ+1KWDQ:ALPBAE/mwqNu5mUit1M

Score

10^/10

xred backdoor discovery persistence

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

Executes dropped EXE 3 IoCs

Processes:

._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe._cache_Synaptics.exe

pid	Process
2468	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
3024	Synaptics.exe
2892	._cache_Synaptics.exe

Loads dropped DLL 5 IoCs

Processes:

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe

pid	Process
2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
3024	Synaptics.exe
3024	Synaptics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe._cache_Synaptics.exeEXCEL.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid	Process
1904	EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe._cache_Synaptics.exe

description	pid	Process
Token: SeDebugPrivilege	2468	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	2468	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Token: SeIncreaseQuotaPrivilege	2468	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Token: SeDebugPrivilege	2892	._cache_Synaptics.exe
Token: SeAssignPrimaryTokenPrivilege	2892	._cache_Synaptics.exe
Token: SeIncreaseQuotaPrivilege	2892	._cache_Synaptics.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe._cache_Synaptics.exeEXCEL.EXE

pid	Process
2468	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
2892	._cache_Synaptics.exe
1904	EXCEL.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe

description	pid	Process	procid_target
PID 2360 wrote to memory of 2468	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	30
PID 2360 wrote to memory of 2468	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	30
PID 2360 wrote to memory of 2468	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	30
PID 2360 wrote to memory of 2468	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	30
PID 2360 wrote to memory of 3024	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 2360 wrote to memory of 3024	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 2360 wrote to memory of 3024	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 2360 wrote to memory of 3024	2360	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 3024 wrote to memory of 2892	3024	Synaptics.exe	32
PID 3024 wrote to memory of 2892	3024	Synaptics.exe	32
PID 3024 wrote to memory of 2892	3024	Synaptics.exe	32
PID 3024 wrote to memory of 2892	3024	Synaptics.exe	32

C:\Users\Admin\AppData\Local\Temp\2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2468
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2892

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
4.0MB

MD5
fe812223b4ec65e09362ec90e98aeb66

SHA1
d63efd92ba34528df23c4666290ccc9b88bb4cc7

SHA256
63cf9f5d8fcdb4bc57c17b35b34f0a1edf92d42e4c2ff621a966c7a3cf2b1270

SHA512
13ce97105ccf6fbf8cfafdac0a9027fb60d1d68e9d09953849e7e2401f3df6ff5600b53ddcb4d88af29c0fd1cd24bb80ad6ea951fda8fa8b81c912d3e9aaa87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\KfmemUov.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\KfmemUov.xlsm

Filesize
23KB

MD5
2200ba84df9c64dd8f32bf14d83f10c9

SHA1
a4118339d72406fbd033848d22a799cd29245a3f

SHA256
d3ae49a942c7c9111175a2fc29ee6b562dd2abfa39dc2db0016cf6d7a6a80c7f

SHA512
2e3e61d2f371f5d23b37763c06d88319636c9b377923a10e1864fe268cdd0a7f35a95157868ea57e20b300b27001fff7be64f621a553cb0fe04ea63977dcf838

Download Submit
C:\Users\Admin\AppData\Local\Temp\KfmemUov.xlsm

Filesize
27KB

MD5
a31f7213fbf8636efe81a2fbf15ffaee

SHA1
deb9c21d51f62515fcab0f170092ea8357521b62

SHA256
110d06b567e1b8845e6f5b12a391841e4a264f118aea466b435404e3198ae015

SHA512
1659a3c1d395c2604da2449fbd258f3c7aca6c6816070117a1581b41050f17bc1e484e95905742edce4ab4cf7f91dca3e250b65d9a1c0d3a4f988d8c126a1ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\KfmemUov.xlsm

Filesize
28KB

MD5
1cabf2c20e8b761015e1683063a2f851

SHA1
123f480a942297aef32cec0329ddc526c97942d1

SHA256
2ca47121db1e8df927b98c3410557848d9fae702bd1fe9a8fb496624d45f15c3

SHA512
dd506bcfebf150064d2df42113e489d58031d1ce76394d8c7f2bb6e81bbb63ed8b37973369b612c53021da2cb7ba797991d5df676ac28079b1baed229550018a

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA5F0.tmp

Filesize
1KB

MD5
4037c9318188e436b6af7849ab31a68d

SHA1
b8b35ef3c83445a18a662c465cda819e7ccc60ab

SHA256
90797b59cf4ba7f60f63ca0c101766bcebe0af08ddf4c4708a49b24a8c0fb89e

SHA512
e2bd992daa146f9bf39a2f8136181254782e58b9fd28291b122600c1535941bf76c1ffb438e4c3cccab32d58a8ce5e98f457da8206c716c4bde1f56e3d384aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA610.tmp

Filesize
1KB

MD5
bb52da2afef96834a101a86f99c9eea2

SHA1
bc0a5987024339989202c13c2dd334d654ab3387

SHA256
9df6e8f19d890b7ad50b4625aba5af7da4bff84c58e3a3de51b450e637b84147

SHA512
75558e179da51cf392ea00aa64cd7039567f9848b87cf8d4c6a229141ff42412f1c7872ec6d0656481d620da4e218e463847c1e6a231ab52c90dc7623398938c

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA65F.tmp

Filesize
1KB

MD5
2a86ef34f315258839e59e5a0a079b6a

SHA1
97ea29a432a89df2d6fff9bf27d30ca04f9fd271

SHA256
3c0430dc9095a538f84135106131cbe2ac1618c4851c9d05eddd2c1115789928

SHA512
cad25b8be59cf8c7245b65e7dfae784ad1d5a16ebab3b77fceac346647915ffff25408b8e62c54a0aab578c9e232aaad9f7aadb1ecbe415874f0df77721e6f4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA6AE.tmp

Filesize
1KB

MD5
6a25e341d40f91b87b11f447d2e4237a

SHA1
88194bcef787bbf2acca55405d8cfcb21ac2dcb7

SHA256
a529d3162289366a251bbebe05adb25f6db925896e54aebf956763133a3d460d

SHA512
a0a0be4b82918822b69e33c3dbb39c4f908d605aeb3a8857cb1fbee014adca4d0414b04e101f7c06209639b22443c50549d728778b00ee38ecccfc2485b907ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA91F.tmp

Filesize
1KB

MD5
8d5a3c47f0d0cccd9b8ef6872bf845a8

SHA1
2e24f1f90870405cd7dc743b2560d8f334319701

SHA256
a41f406995addeb19a5b456b34504df9e9ae35ba2a05d029a20741131cb01c44

SHA512
6d2c133a923e2b945b5d9de2c729d1ca36b3498270d343c8475d0566d760ce5ad15c79d5674b7b48cfecfa1ebb2f73de9205cda379df2c0b3ff47c3df7a563b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA95E.tmp

Filesize
1KB

MD5
fc41f921283d788505e600c39138a735

SHA1
9d64742e27ccd68f76c6af3ecb28519b3c009481

SHA256
80b5408dadc8155573719ac6a031eb741478c9f4f7d63e9d508455bd0b5717fc

SHA512
c008bba0ff1d607c5371667490e1f928b257550f9d4cec29ccca03518eb20b591d2267a609cf746174a7bc5522e49f5ec8711b8274091fbaaba244241282c03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA97F.tmp

Filesize
1KB

MD5
7e750f44816d30edebfbc9e17eb820d9

SHA1
d471fb00b758bdbaeac36657367332b97c3d0d31

SHA256
56dddf1d34a7bd5243c0983a1d4b5c76abc29a98a9f932d9c6c55f352cfe8d03

SHA512
62678c595083e9415a767c1f4ccbbf1a1aa4ab92354bbda7d73ed4cd3b2d0239ba4afa4d47ef1f2778051a63178c0b480c51aedbfc78813accdbfb5551c0f4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbA99F.tmp

Filesize
1KB

MD5
33ce91de20ac8ec5f04e2fb241b6f4fc

SHA1
d0b7682c2b82595da7ab2a4f36e3019468b6c41f

SHA256
d9c23116ba8788e27b61b3e45a6101b762464a4c1ecba8a36a6ae2c91dc91dd1

SHA512
dda5d17b1c4a24f2b34fc8a2d917893227ac447d1297f72d5efb7ad82707b821cfafc989157d9489f3b0db9b311156330a6f005923b3827647c676380827cad9

Download Submit
\Users\Admin\AppData\Local\Temp\._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

Filesize
3.3MB

MD5
f0e5feb33456e9d07be9cd6c475076ba

SHA1
69e24ec64e8825b9f639a417aaadf6386087b61a

SHA256
2f009ce8426068f39eaa5c8df77d340f40090d422a6ab5fdfd0f5416c2f62a41

SHA512
16b7b933dcb1d6c7f033601808ff0367810dd86f6f3aad03d0739f42845e5755643aed3837866420adbb17db0ed20b1c9006ea4847cead9f3ad08d75705d6eba

Download Submit
memory/2360-6-0x0000000005900000-0x00000000059EF000-memory.dmp

Filesize
956KB

Download
memory/2360-72-0x0000000000400000-0x0000000000806000-memory.dmp

Filesize
4.0MB

Download
memory/2360-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2468-156-0x0000000002800000-0x0000000002912000-memory.dmp

Filesize
1.1MB

Download
memory/2468-106-0x0000000003290000-0x0000000003317000-memory.dmp

Filesize
540KB

Download
memory/2468-78-0x0000000002690000-0x00000000026F2000-memory.dmp

Filesize
392KB

Download
memory/2468-82-0x0000000002690000-0x00000000026F2000-memory.dmp

Filesize
392KB

Download
memory/2468-74-0x0000000002690000-0x00000000026F2000-memory.dmp

Filesize
392KB

Download
memory/2468-70-0x0000000002920000-0x00000000029A3000-memory.dmp

Filesize
524KB

Download
memory/2468-88-0x0000000002760000-0x00000000027B8000-memory.dmp

Filesize
352KB

Download
memory/2468-85-0x0000000002760000-0x00000000027B8000-memory.dmp

Filesize
352KB

Download
memory/2468-69-0x0000000002690000-0x00000000026C2000-memory.dmp

Filesize
200KB

Download
memory/2468-67-0x0000000002690000-0x00000000026ED000-memory.dmp

Filesize
372KB

Download
memory/2468-39-0x0000000002800000-0x0000000002912000-memory.dmp

Filesize
1.1MB

Download
memory/2468-60-0x0000000002630000-0x0000000002689000-memory.dmp

Filesize
356KB

Download
memory/2468-64-0x0000000002630000-0x0000000002689000-memory.dmp

Filesize
356KB

Download
memory/2468-136-0x00000000003B0000-0x00000000003F6000-memory.dmp

Filesize
280KB

Download
memory/2468-135-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/2468-19-0x0000000077D80000-0x0000000077D81000-memory.dmp

Filesize
4KB

Download
memory/2468-57-0x0000000002630000-0x0000000002689000-memory.dmp

Filesize
356KB

Download
memory/2468-20-0x0000000002310000-0x00000000023E8000-memory.dmp

Filesize
864KB

Download
memory/2468-47-0x0000000002800000-0x0000000002912000-memory.dmp

Filesize
1.1MB

Download
memory/2468-35-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/2468-36-0x00000000003B0000-0x00000000003F6000-memory.dmp

Filesize
280KB

Download
memory/2468-24-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/2468-29-0x00000000003B0000-0x00000000003F6000-memory.dmp

Filesize
280KB

Download
memory/2468-181-0x0000000002690000-0x00000000026F2000-memory.dmp

Filesize
392KB

Download
memory/2468-205-0x0000000003290000-0x0000000003317000-memory.dmp

Filesize
540KB

Download
memory/2468-110-0x0000000003290000-0x0000000003317000-memory.dmp

Filesize
540KB

Download
memory/2468-109-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2468-68-0x0000000002690000-0x00000000026E2000-memory.dmp

Filesize
328KB

Download
memory/2468-185-0x0000000002760000-0x00000000027B8000-memory.dmp

Filesize
352KB

Download
memory/2468-92-0x0000000002760000-0x00000000027B8000-memory.dmp

Filesize
352KB

Download
memory/2468-94-0x0000000002940000-0x0000000002976000-memory.dmp

Filesize
216KB

Download
memory/2468-201-0x0000000002940000-0x0000000002976000-memory.dmp

Filesize
216KB

Download
memory/2468-103-0x0000000003290000-0x0000000003317000-memory.dmp

Filesize
540KB

Download
memory/2468-101-0x0000000002940000-0x0000000002976000-memory.dmp

Filesize
216KB

Download
memory/2468-97-0x0000000002940000-0x0000000002976000-memory.dmp

Filesize
216KB

Download
memory/2892-240-0x0000000002C30000-0x0000000002C66000-memory.dmp

Filesize
216KB

Download
memory/2892-212-0x0000000003350000-0x00000000033D7000-memory.dmp

Filesize
540KB

Download
memory/2892-218-0x0000000002EE0000-0x0000000002F39000-memory.dmp

Filesize
356KB

Download
memory/2892-219-0x0000000003260000-0x00000000032C2000-memory.dmp

Filesize
392KB

Download
memory/2892-217-0x0000000002B10000-0x0000000002C22000-memory.dmp

Filesize
1.1MB

Download
memory/2892-214-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2892-215-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/2892-216-0x0000000000280000-0x00000000002C6000-memory.dmp

Filesize
280KB

Download
memory/2892-145-0x0000000000280000-0x00000000002C6000-memory.dmp

Filesize
280KB

Download
memory/2892-192-0x0000000003040000-0x0000000003098000-memory.dmp

Filesize
352KB

Download
memory/2892-182-0x0000000003260000-0x00000000032C2000-memory.dmp

Filesize
392KB

Download
memory/2892-229-0x0000000003040000-0x0000000003098000-memory.dmp

Filesize
352KB

Download
memory/2892-202-0x0000000002C30000-0x0000000002C66000-memory.dmp

Filesize
216KB

Download
memory/2892-241-0x0000000003350000-0x00000000033D7000-memory.dmp

Filesize
540KB

Download
memory/2892-166-0x0000000002EE0000-0x0000000002F39000-memory.dmp

Filesize
356KB

Download
memory/2892-157-0x0000000002B10000-0x0000000002C22000-memory.dmp

Filesize
1.1MB

Download
memory/3024-116-0x0000000004450000-0x000000000453F000-memory.dmp

Filesize
956KB

Download
memory/3024-213-0x0000000004450000-0x000000000453F000-memory.dmp

Filesize
956KB

Download