xred | 63cf9f5d8fcdb4bc57c17b35b34f0a1edf92d42e4c2ff621a966c7a3cf2b1270

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Size

4.0MB
MD5

fe812223b4ec65e09362ec90e98aeb66
SHA1

d63efd92ba34528df23c4666290ccc9b88bb4cc7
SHA256

63cf9f5d8fcdb4bc57c17b35b34f0a1edf92d42e4c2ff621a966c7a3cf2b1270
SHA512

13ce97105ccf6fbf8cfafdac0a9027fb60d1d68e9d09953849e7e2401f3df6ff5600b53ddcb4d88af29c0fd1cd24bb80ad6ea951fda8fa8b81c912d3e9aaa87e
SSDEEP

98304:+nsmtk2aqqanA7Q5RmbBNW9BMhnu5Puhyi1cZ+1KWDQ:ALPBAE/mwqNu5mUit1M

Score

10^/10

xred backdoor discovery persistence

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

Executes dropped EXE 3 IoCs

Processes:

._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe._cache_Synaptics.exe

pid	Process
2284	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
2744	Synaptics.exe
592	._cache_Synaptics.exe

Loads dropped DLL 5 IoCs

Processes:

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe

pid	Process
2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
2744	Synaptics.exe
2744	Synaptics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe._cache_Synaptics.exeEXCEL.EXE2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid	Process
1736	EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe._cache_Synaptics.exe

description	pid	Process
Token: SeDebugPrivilege	2284	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	2284	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Token: SeIncreaseQuotaPrivilege	2284	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
Token: SeDebugPrivilege	592	._cache_Synaptics.exe
Token: SeAssignPrimaryTokenPrivilege	592	._cache_Synaptics.exe
Token: SeIncreaseQuotaPrivilege	592	._cache_Synaptics.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe._cache_Synaptics.exeEXCEL.EXE

pid	Process
2284	._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
592	._cache_Synaptics.exe
1736	EXCEL.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exeSynaptics.exe

description	pid	Process	procid_target
PID 2012 wrote to memory of 2284	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 2012 wrote to memory of 2284	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 2012 wrote to memory of 2284	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 2012 wrote to memory of 2284	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	31
PID 2012 wrote to memory of 2744	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	32
PID 2012 wrote to memory of 2744	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	32
PID 2012 wrote to memory of 2744	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	32
PID 2012 wrote to memory of 2744	2012	2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe	32
PID 2744 wrote to memory of 592	2744	Synaptics.exe	33
PID 2744 wrote to memory of 592	2744	Synaptics.exe	33
PID 2744 wrote to memory of 592	2744	Synaptics.exe	33
PID 2744 wrote to memory of 592	2744	Synaptics.exe	33

C:\Users\Admin\AppData\Local\Temp\2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2284
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:592

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
4.0MB

MD5
fe812223b4ec65e09362ec90e98aeb66

SHA1
d63efd92ba34528df23c4666290ccc9b88bb4cc7

SHA256
63cf9f5d8fcdb4bc57c17b35b34f0a1edf92d42e4c2ff621a966c7a3cf2b1270

SHA512
13ce97105ccf6fbf8cfafdac0a9027fb60d1d68e9d09953849e7e2401f3df6ff5600b53ddcb4d88af29c0fd1cd24bb80ad6ea951fda8fa8b81c912d3e9aaa87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\PPvb1YFX.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\PPvb1YFX.xlsm

Filesize
24KB

MD5
12a6d6db47fdcb61866312ea66d8b2a7

SHA1
543904d2dbf977495b1d25dc784a38c24c58b791

SHA256
32a7b0bf0a61422febbf83b701d28defeddaf246486ce5e89112cb921c772d9a

SHA512
56778e777d3cbe8f82a079519952c522b423ecaa198b63ffd1dfe82305532c626cea916b548b3a43e782bbf28dfaed6e38f475606efa12031a657f56cd080404

Download Submit
C:\Users\Admin\AppData\Local\Temp\PPvb1YFX.xlsm

Filesize
31KB

MD5
5d588707b2d050af80fe90b8a4fbf467

SHA1
47731a1ad5b3225b519071fc86343fa8be0848be

SHA256
a2efce0dc6ccb7865c5921b641d3ff83f2437d3f56845e09b057cb25d50cf59b

SHA512
362627acc6fbc4ef8c9b1c64ba93b15197e9464992b3178642c9dd4eeea23ddb4fdbaf1563612adf303e568db2406e3e3b5f66177bf0d25eb05ed1db715bd672

Download Submit
C:\Users\Admin\AppData\Local\Temp\PPvb1YFX.xlsm

Filesize
26KB

MD5
0899525a6a1edd25ecbab7b27c910d3d

SHA1
01eb304b2796c2d90ef619bad0292289cc9e6f0b

SHA256
e31163118ed7e8a7008f749535a872b7ab10b74d32edc0875267b069c5a9ee54

SHA512
94e0194fb1c3cd263c5c3e06b15be5927505026b27a9753a49c3f7127ce8657733c080456b244818e49de9e964454eef8947ce0b6ef9574ef7e842c8d62ea78e

Download Submit
C:\Users\Admin\AppData\Local\Temp\PPvb1YFX.xlsm

Filesize
26KB

MD5
7c8637b8157c571e44839df2739ffc7f

SHA1
6689fc0a244132161b725b6242c359a44651e134

SHA256
5a820db9d8d341f0c10a605bff27a1db1bc9872196048794d60eee8b3f15f040

SHA512
b04f7308f8dfb769298e869cf59e7d05b0d220b6b7df2fbcc03527cdcdaafe2fbfbc357b6296e80d1e462cfccd3e730441c9cd5126f415b3021c6427fa6be847

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDB13.tmp

Filesize
1KB

MD5
4037c9318188e436b6af7849ab31a68d

SHA1
b8b35ef3c83445a18a662c465cda819e7ccc60ab

SHA256
90797b59cf4ba7f60f63ca0c101766bcebe0af08ddf4c4708a49b24a8c0fb89e

SHA512
e2bd992daa146f9bf39a2f8136181254782e58b9fd28291b122600c1535941bf76c1ffb438e4c3cccab32d58a8ce5e98f457da8206c716c4bde1f56e3d384aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDB33.tmp

Filesize
1KB

MD5
bb52da2afef96834a101a86f99c9eea2

SHA1
bc0a5987024339989202c13c2dd334d654ab3387

SHA256
9df6e8f19d890b7ad50b4625aba5af7da4bff84c58e3a3de51b450e637b84147

SHA512
75558e179da51cf392ea00aa64cd7039567f9848b87cf8d4c6a229141ff42412f1c7872ec6d0656481d620da4e218e463847c1e6a231ab52c90dc7623398938c

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDBEF.tmp

Filesize
1KB

MD5
2a86ef34f315258839e59e5a0a079b6a

SHA1
97ea29a432a89df2d6fff9bf27d30ca04f9fd271

SHA256
3c0430dc9095a538f84135106131cbe2ac1618c4851c9d05eddd2c1115789928

SHA512
cad25b8be59cf8c7245b65e7dfae784ad1d5a16ebab3b77fceac346647915ffff25408b8e62c54a0aab578c9e232aaad9f7aadb1ecbe415874f0df77721e6f4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDC1F.tmp

Filesize
1KB

MD5
6a25e341d40f91b87b11f447d2e4237a

SHA1
88194bcef787bbf2acca55405d8cfcb21ac2dcb7

SHA256
a529d3162289366a251bbebe05adb25f6db925896e54aebf956763133a3d460d

SHA512
a0a0be4b82918822b69e33c3dbb39c4f908d605aeb3a8857cb1fbee014adca4d0414b04e101f7c06209639b22443c50549d728778b00ee38ecccfc2485b907ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDCCC.tmp

Filesize
1KB

MD5
8d5a3c47f0d0cccd9b8ef6872bf845a8

SHA1
2e24f1f90870405cd7dc743b2560d8f334319701

SHA256
a41f406995addeb19a5b456b34504df9e9ae35ba2a05d029a20741131cb01c44

SHA512
6d2c133a923e2b945b5d9de2c729d1ca36b3498270d343c8475d0566d760ce5ad15c79d5674b7b48cfecfa1ebb2f73de9205cda379df2c0b3ff47c3df7a563b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDCFC.tmp

Filesize
1KB

MD5
fc41f921283d788505e600c39138a735

SHA1
9d64742e27ccd68f76c6af3ecb28519b3c009481

SHA256
80b5408dadc8155573719ac6a031eb741478c9f4f7d63e9d508455bd0b5717fc

SHA512
c008bba0ff1d607c5371667490e1f928b257550f9d4cec29ccca03518eb20b591d2267a609cf746174a7bc5522e49f5ec8711b8274091fbaaba244241282c03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDD1C.tmp

Filesize
1KB

MD5
7e750f44816d30edebfbc9e17eb820d9

SHA1
d471fb00b758bdbaeac36657367332b97c3d0d31

SHA256
56dddf1d34a7bd5243c0983a1d4b5c76abc29a98a9f932d9c6c55f352cfe8d03

SHA512
62678c595083e9415a767c1f4ccbbf1a1aa4ab92354bbda7d73ed4cd3b2d0239ba4afa4d47ef1f2778051a63178c0b480c51aedbfc78813accdbfb5551c0f4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\evbDDF7.tmp

Filesize
1KB

MD5
33ce91de20ac8ec5f04e2fb241b6f4fc

SHA1
d0b7682c2b82595da7ab2a4f36e3019468b6c41f

SHA256
d9c23116ba8788e27b61b3e45a6101b762464a4c1ecba8a36a6ae2c91dc91dd1

SHA512
dda5d17b1c4a24f2b34fc8a2d917893227ac447d1297f72d5efb7ad82707b821cfafc989157d9489f3b0db9b311156330a6f005923b3827647c676380827cad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~$PPvb1YFX.xlsm

Filesize
165B

MD5
ff09371174f7c701e75f357a187c06e8

SHA1
57f9a638fd652922d7eb23236c80055a91724503

SHA256
e4ba04959837c27019a2349015543802439e152ddc4baf4e8c7b9d2b483362a8

SHA512
e4d01e5908e9f80b7732473ec6807bb7faa5425e3154d5642350f44d7220af3cffd277e0b67bcf03f1433ac26a26edb3ddd3707715b61d054b979fbb4b453882

Download Submit
\Users\Admin\AppData\Local\Temp\._cache_2024-12-03_fe812223b4ec65e09362ec90e98aeb66_darkgate_magniber.exe

Filesize
3.3MB

MD5
f0e5feb33456e9d07be9cd6c475076ba

SHA1
69e24ec64e8825b9f639a417aaadf6386087b61a

SHA256
2f009ce8426068f39eaa5c8df77d340f40090d422a6ab5fdfd0f5416c2f62a41

SHA512
16b7b933dcb1d6c7f033601808ff0367810dd86f6f3aad03d0739f42845e5755643aed3837866420adbb17db0ed20b1c9006ea4847cead9f3ad08d75705d6eba

Download Submit
memory/592-216-0x00000000002A0000-0x00000000002E6000-memory.dmp

Filesize
280KB

Download
memory/592-158-0x00000000027B0000-0x00000000028C2000-memory.dmp

Filesize
1.1MB

Download
memory/592-215-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/592-213-0x0000000003170000-0x00000000031F7000-memory.dmp

Filesize
540KB

Download
memory/592-203-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/592-204-0x0000000002D80000-0x0000000002DB6000-memory.dmp

Filesize
216KB

Download
memory/592-194-0x00000000028D0000-0x0000000002928000-memory.dmp

Filesize
352KB

Download
memory/592-185-0x00000000026F0000-0x0000000002752000-memory.dmp

Filesize
392KB

Download
memory/592-168-0x0000000002640000-0x0000000002699000-memory.dmp

Filesize
356KB

Download
memory/592-241-0x0000000003170000-0x00000000031F7000-memory.dmp

Filesize
540KB

Download
memory/592-146-0x00000000002A0000-0x00000000002E6000-memory.dmp

Filesize
280KB

Download
memory/592-239-0x0000000002D80000-0x0000000002DB6000-memory.dmp

Filesize
216KB

Download
memory/592-217-0x00000000027B0000-0x00000000028C2000-memory.dmp

Filesize
1.1MB

Download
memory/592-218-0x00000000026F0000-0x0000000002752000-memory.dmp

Filesize
392KB

Download
memory/592-238-0x00000000028D0000-0x0000000002928000-memory.dmp

Filesize
352KB

Download
memory/2012-56-0x0000000000400000-0x0000000000806000-memory.dmp

Filesize
4.0MB

Download
memory/2012-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2012-7-0x0000000004350000-0x000000000443F000-memory.dmp

Filesize
956KB

Download
memory/2284-83-0x0000000002710000-0x0000000002772000-memory.dmp

Filesize
392KB

Download
memory/2284-89-0x0000000002FC0000-0x0000000003018000-memory.dmp

Filesize
352KB

Download
memory/2284-107-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2284-118-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/2284-115-0x0000000003310000-0x0000000003397000-memory.dmp

Filesize
540KB

Download
memory/2284-112-0x0000000003310000-0x0000000003397000-memory.dmp

Filesize
540KB

Download
memory/2284-95-0x0000000003230000-0x0000000003266000-memory.dmp

Filesize
216KB

Download
memory/2284-94-0x0000000002FC0000-0x0000000003018000-memory.dmp

Filesize
352KB

Download
memory/2284-67-0x0000000002710000-0x000000000276D000-memory.dmp

Filesize
372KB

Download
memory/2284-133-0x0000000000500000-0x0000000000546000-memory.dmp

Filesize
280KB

Download
memory/2284-96-0x0000000003230000-0x0000000003266000-memory.dmp

Filesize
216KB

Download
memory/2284-145-0x0000000002BA0000-0x0000000002CB2000-memory.dmp

Filesize
1.1MB

Download
memory/2284-99-0x0000000003230000-0x0000000003266000-memory.dmp

Filesize
216KB

Download
memory/2284-157-0x00000000025F0000-0x0000000002649000-memory.dmp

Filesize
356KB

Download
memory/2284-167-0x0000000002710000-0x0000000002772000-memory.dmp

Filesize
392KB

Download
memory/2284-68-0x0000000002710000-0x0000000002762000-memory.dmp

Filesize
328KB

Download
memory/2284-183-0x0000000002FC0000-0x0000000003018000-memory.dmp

Filesize
352KB

Download
memory/2284-86-0x0000000002FC0000-0x0000000003018000-memory.dmp

Filesize
352KB

Download
memory/2284-184-0x0000000003230000-0x0000000003266000-memory.dmp

Filesize
216KB

Download
memory/2284-128-0x0000000003310000-0x0000000003397000-memory.dmp

Filesize
540KB

Download
memory/2284-69-0x0000000002710000-0x0000000002742000-memory.dmp

Filesize
200KB

Download
memory/2284-70-0x00000000031E0000-0x0000000003263000-memory.dmp

Filesize
524KB

Download
memory/2284-75-0x0000000002710000-0x0000000002772000-memory.dmp

Filesize
392KB

Download
memory/2284-214-0x0000000003310000-0x0000000003397000-memory.dmp

Filesize
540KB

Download
memory/2284-79-0x0000000002710000-0x0000000002772000-memory.dmp

Filesize
392KB

Download
memory/2284-48-0x0000000002BA0000-0x0000000002CB2000-memory.dmp

Filesize
1.1MB

Download
memory/2284-58-0x0000000002BA0000-0x0000000002CB2000-memory.dmp

Filesize
1.1MB

Download
memory/2284-60-0x00000000025F0000-0x0000000002649000-memory.dmp

Filesize
356KB

Download
memory/2284-66-0x00000000025F0000-0x0000000002649000-memory.dmp

Filesize
356KB

Download
memory/2284-63-0x00000000025F0000-0x0000000002649000-memory.dmp

Filesize
356KB

Download
memory/2284-25-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/2284-30-0x0000000000500000-0x0000000000546000-memory.dmp

Filesize
280KB

Download
memory/2284-36-0x0000000010000000-0x00000000100DC000-memory.dmp

Filesize
880KB

Download
memory/2284-37-0x0000000000500000-0x0000000000546000-memory.dmp

Filesize
280KB

Download
memory/2284-21-0x00000000021F0000-0x00000000022C8000-memory.dmp

Filesize
864KB

Download
memory/2284-19-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2284-20-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download