Overview

overview

10

Static

static

10

Blueman.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    61s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-01-2025 14:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Blueman.exe

  • Size

    768KB

  • MD5

    be2a93d0adc2d1b29840d96521ecc0e0

  • SHA1

    92497c17f7f24893c716ae56973c4ddf093cd09f

  • SHA256

    14856c638f4322cf97ad138629e315118f88f4e8ea7bbc3b99a8ec59e1d47a70

  • SHA512

    e89d55dcf073a915c203ab4c6e44963387f0327b4838b22c7901b0863d247d20e538f23b8aa8f1ec52cf99a2a208d0148134fff45fa27668745c9e7077ff2c41

  • SSDEEP

    12288:KMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9B5BHj:KnsJ39LyjbJkQFMhmC+6GD9d

Score
10/10
xredbackdoordiscoverypersistence

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred

    Xred is backdoor written in Delphi.

    backdoorxred
  • Xred family
    xred
  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 26 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Blueman.exe
    "C:\Users\Admin\AppData\Local\Temp\Blueman.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4620
    • C:\Users\Admin\AppData\Local\Temp\._cache_Blueman.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_Blueman.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2320
    • C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:5352
      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3336
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 1176
          4⤵
          • Program crash
          PID:1252
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 1128
          4⤵
          • Program crash
          PID:1312
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1716
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3336 -ip 3336
    1⤵
      PID:5420
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:5460
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad9f0cc40,0x7ffad9f0cc4c,0x7ffad9f0cc58
        2⤵
          PID:4160
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4048
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffad9f0cc40,0x7ffad9f0cc4c,0x7ffad9f0cc58
          2⤵
            PID:648
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
            2⤵
              PID:4076
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
              2⤵
                PID:5836
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2388 /prefetch:8
                2⤵
                  PID:4796
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
                  2⤵
                    PID:4880
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
                    2⤵
                      PID:2988
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
                      2⤵
                        PID:5996
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4396,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
                        2⤵
                          PID:2252
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3680,i,10469511960190213384,13706789668133521416,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1
                          2⤵
                            PID:4744
                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                          1⤵
                            PID:5816
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3336 -ip 3336
                            1⤵
                              PID:3432
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                              1⤵
                                PID:1320
                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                1⤵
                                  PID:5388

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\ProgramData\Synaptics\Synaptics.exe
                                  Filesize

                                  768KB

                                  MD5

                                  be2a93d0adc2d1b29840d96521ecc0e0

                                  SHA1

                                  92497c17f7f24893c716ae56973c4ddf093cd09f

                                  SHA256

                                  14856c638f4322cf97ad138629e315118f88f4e8ea7bbc3b99a8ec59e1d47a70

                                  SHA512

                                  e89d55dcf073a915c203ab4c6e44963387f0327b4838b22c7901b0863d247d20e538f23b8aa8f1ec52cf99a2a208d0148134fff45fa27668745c9e7077ff2c41

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                  Filesize

                                  40B

                                  MD5

                                  883205c8c72a59af010552ad311f62e7

                                  SHA1

                                  626dbb16469339df3aecc88ece281291d1c9462a

                                  SHA256

                                  56028dc10510be6f9b2bc236fe26c790d3f3a851aa8a4420cb3bb74499d84c3a

                                  SHA512

                                  604ae32d8e37304b0b9735c225c5d50451796eea2526cc6c44b1d36a2af841d1733606c4797fd56a01f22922ad0094bbd7616262abf109e50ce332d916c444ae

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                  Filesize

                                  649B

                                  MD5

                                  f0b4d67a7a41ff3dcb29b99b13e64ee3

                                  SHA1

                                  284bf9e942bd73e45f272763a0daf2b99dade366

                                  SHA256

                                  d4c7b9c44cebc8f7e4c7137e1becadeaa8d02f95dea0418df7a6f44b2b450f02

                                  SHA512

                                  6597d89ec6c08196388c252a1ac584a6c96b33a5aff4b98c063c767320448a7b899a3685ddf67767046da834c74de4201652e248f43a12a0d1dc247817b5f584

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                  Filesize

                                  264KB

                                  MD5

                                  f50f89a0a91564d0b8a211f8921aa7de

                                  SHA1

                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                  SHA256

                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                  SHA512

                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  e395020c677b062a5e39e4fa586eb330

                                  SHA1

                                  a571b8b5c4f35df446c96d4e79c1438bd7f507bf

                                  SHA256

                                  dfddbd1b2698039d1d1bbbc80c135370f38183d98826ee1d5fe4ef8be7e04718

                                  SHA512

                                  099037b6ed357ac0e9a4c722ca6c8e751744a8fc24fcc688a9f6dd1ed740e45b3ad6df746ba85f72a776ada1a6fa0d9a871445c95b876f0d95ac481bbb18966d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  1f016c8a9fa8c0a6918313975a759d61

                                  SHA1

                                  2c269751e3c9a50adb18bc96c42f1c5961c8c3de

                                  SHA256

                                  c36c9bd0336fee16dedc29735c0eba35d3b0a1059d0de41d68c3aa6a657c6091

                                  SHA512

                                  3cfc60c58ebddb14dd8d46afd5d9611e7148288e715e4ef79badec22a7725e1afc3571394940877861ecee15b787dce00345ecc74ca7dc4f4bc5a352b2b6e2cb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  9KB

                                  MD5

                                  b252dc5c0b3ed505deba480e6c7da5df

                                  SHA1

                                  02cbd7bd5d7901e08341f3f5061412daa2fb43da

                                  SHA256

                                  ad72c9f41d45e38597a1f9402c3aa281d45b2f45ab4f369fa6f2f6903ac6a601

                                  SHA512

                                  b631280920e030cecd83d8cc08f16ea4a71b49cede46cd6cc95961e89b273277d6a1c838427d9d780ca66a971c255f2727395cf84f82e6257bff0c4b39c7d78d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  228KB

                                  MD5

                                  8af66c6cb2b39c6376402af55aa45c18

                                  SHA1

                                  56961b7e9678d3bdacf74b27d4e9e6ac753bee64

                                  SHA256

                                  2d7605065e98e7e2071529dcd6f1db572129d96270f082303002c7c93c851e0d

                                  SHA512

                                  16e8822e3b49cf55b2ef63502fd6b6a315c273e8c3da2f241886080b6881f182ae4b16a02f31dc2cfa828ffe6184637d536ec59aba40b70844834998ea5c3535

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  228KB

                                  MD5

                                  a1c03663059315feb0d816b124f5645f

                                  SHA1

                                  aa56609a6d27449271d5d93eb28401bb01882bd2

                                  SHA256

                                  14e03a2ec883243dfd12f1e607cf03ac5ebbfdb7b43a69281ef775be89c8da1f

                                  SHA512

                                  0439bfb421143d77a9ddf93f67ae16b53df4dabfe630fdfb12de23c56e8680922dfdd0904006bd91a2a295648124d0880057efc859f417dcce53dbc89be34455

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                  Filesize

                                  10KB

                                  MD5

                                  76fbe77cbc68f3bd5f0decad25775716

                                  SHA1

                                  2ebc2dea0b2224ea73fb5413d94ad38218122bf3

                                  SHA256

                                  8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6

                                  SHA512

                                  1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                  Filesize

                                  10KB

                                  MD5

                                  0c71204dc7dd088aa8f1b279e29d7bf5

                                  SHA1

                                  475dbeb8589312574e6b5f3ca2913b8b80af155b

                                  SHA256

                                  28f655f695c0992c73fa7b02fca2c93b65aec5b8c82297e1be30ed9016eb54a1

                                  SHA512

                                  f10ec78286923446833e4f19900a790be0440885688fe273a811648de090a765ea82ef8ccc062987ec12285e0de608b803671d01358a18dd4504f90845169826

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\._cache_Blueman.exe
                                  Filesize

                                  14KB

                                  MD5

                                  184bd75eebd7df441f1213572bf8eb48

                                  SHA1

                                  583e39aa931b1932b08fed0c50b09d4c73edfbf5

                                  SHA256

                                  c96b00e3e5cb9c157e20fff1889c1c1ba99c4449147a5c70cae75757c0477831

                                  SHA512

                                  32338dbb568ce0baf9acdc0d2d4322b309ccdde91c6799b5ca8431e8bb6bf8ed6e3e42f7a432fddf9a6083bbf8736d98ec442d1d2a7a5862efe1d7017485db4a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\D6F75E00
                                  Filesize

                                  23KB

                                  MD5

                                  617e7c1989e81d3110ffdda578edcd3a

                                  SHA1

                                  2d7532ab7cf04c415df15676596979b3f039e749

                                  SHA256

                                  ec959a2f5f312dcce5cbe85e542f2641552b598666e1117568674642fc377bd9

                                  SHA512

                                  fd74bb336c164854d14d13a4ffcd5e7f689e49a4aed0f542be1965d7892fd97bc722bff40b627a8a93cc2da1c4eef8ab1c272358cd9e15e46c1c2f2eef3e5c6d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\f1sQnyOg.xlsm
                                  Filesize

                                  17KB

                                  MD5

                                  e566fc53051035e1e6fd0ed1823de0f9

                                  SHA1

                                  00bc96c48b98676ecd67e81a6f1d7754e4156044

                                  SHA256

                                  8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

                                  SHA512

                                  a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

                                  Download Submit

                                • memory/1716-197-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-202-0x00007FFABF8F0000-0x00007FFABF900000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-203-0x00007FFABF8F0000-0x00007FFABF900000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-201-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-298-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-297-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-200-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-198-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-199-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-295-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/1716-296-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/2320-195-0x0000000004C50000-0x0000000004C5A000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/2320-132-0x0000000004B20000-0x0000000004BBC000-memory.dmp

                                  Filesize

                                  624KB

                                  Download

                                • memory/2320-118-0x000000007270E000-0x000000007270F000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/2320-131-0x00000000000F0000-0x00000000000FA000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/2320-225-0x000000007270E000-0x000000007270F000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/2320-196-0x0000000004D80000-0x0000000004DD6000-memory.dmp

                                  Filesize

                                  344KB

                                  Download

                                • memory/2320-135-0x0000000005190000-0x0000000005736000-memory.dmp

                                  Filesize

                                  5.6MB

                                  Download

                                • memory/2320-178-0x0000000004C80000-0x0000000004D12000-memory.dmp

                                  Filesize

                                  584KB

                                  Download

                                • memory/4620-0-0x0000000002340000-0x0000000002341000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4620-129-0x0000000000400000-0x00000000004C6000-memory.dmp

                                  Filesize

                                  792KB

                                  Download

                                • memory/5352-292-0x0000000000400000-0x00000000004C6000-memory.dmp

                                  Filesize

                                  792KB

                                  Download

                                • memory/5352-261-0x0000000000400000-0x00000000004C6000-memory.dmp

                                  Filesize

                                  792KB

                                  Download

                                • memory/5352-226-0x0000000000400000-0x00000000004C6000-memory.dmp

                                  Filesize

                                  792KB

                                  Download

                                • memory/5352-130-0x0000000002220000-0x0000000002221000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/5352-227-0x0000000002220000-0x0000000002221000-memory.dmp

                                  Filesize

                                  4KB

                                  Download