xworm | ebf760dbfa32628221a5a902ffd7e98f560d181225e260ed4326aa36aa99f659

Analysis

max time kernel
12s
max time network
61s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SocketHeciServer.exe
Size

326KB
MD5

b31a895d0c68b927f671ad83cd75746a
SHA1

feeeb2c2221b40f07eb5f8a61b42fa74b515777d
SHA256

dfffdd9f71b964ea17dec2660be833b0ecf007e239a3e44f4b8108967557d78a
SHA512

7dde6e228200f7776d5ed2414e4fc1c19f487f8a77719f0af87ad612f605dcc87bd525192d3819c8eb022a9d9e563ab87308d6c08adc70cece6f7b83b2e99e93
SSDEEP

6144:sjJL98jtwguKV5BwUnZqazMhD9RLJt88sndcP8pPyDvUGOksDRb:DjtkKLBwiZlzMB9xgndcP88DvvP

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

209.25.143.223:505

Attributes

install_file
game.exe

aes.plain

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral17/memory/2748-0-0x000000013FC10000-0x000000013FC66000-memory.dmp	family_xworm
behavioral17/memory/2748-15-0x00000000008B0000-0x00000000008CC000-memory.dmp	family_xworm

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2748 created 436	2748	SocketHeciServer.exe	3

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2748 set thread context of 1616	2748	SocketHeciServer.exe	28

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3064	SCHTASKS.exe
2292	SCHTASKS.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2748	SocketHeciServer.exe
1616	dllhost.exe
1616	dllhost.exe
1616	dllhost.exe
1616	dllhost.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2748	SocketHeciServer.exe
Token: SeDebugPrivilege	2748	SocketHeciServer.exe
Token: SeDebugPrivilege	1616	dllhost.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 1616	2748	SocketHeciServer.exe	28
PID 2748 wrote to memory of 2292	2748	SocketHeciServer.exe	32
PID 2748 wrote to memory of 2292	2748	SocketHeciServer.exe	32
PID 2748 wrote to memory of 2292	2748	SocketHeciServer.exe	32
PID 2748 wrote to memory of 3064	2748	SocketHeciServer.exe	30
PID 2748 wrote to memory of 3064	2748	SocketHeciServer.exe	30
PID 2748 wrote to memory of 3064	2748	SocketHeciServer.exe	30
PID 1616 wrote to memory of 436	1616	dllhost.exe	3
PID 1616 wrote to memory of 480	1616	dllhost.exe	2

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
1⤵
PID:480

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:436
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{e9d01d2c-99fc-4a6a-8924-37a819244d3a}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1616

C:\Users\Admin\AppData\Local\Temp\SocketHeciServer.exe
"C:\Users\Admin\AppData\Local\Temp\SocketHeciServer.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\system32\SCHTASKS.exe
  "SCHTASKS.exe" /create /tn "$77SocketHeciServer.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\SocketHeciServer.exe'" /sc onlogon /rl HIGHEST
  2⤵
  - Creates scheduled task(s)
  PID:3064
- C:\Windows\system32\SCHTASKS.exe
  "SCHTASKS.exe" /create /tn "$77SocketHeciServer.exe" /tr "'C:\Users\Admin\AppData\Local\Temp\SocketHeciServer.exe'" /sc onlogon /rl HIGHEST
  2⤵
  - Creates scheduled task(s)
  PID:2292
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SocketHeciServer.exe'
  2⤵
  PID:2496
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SocketHeciServer.exe'
  2⤵
  PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
14db9088692b83f365d9133d3d421764

SHA1
63673dbdc222230f21dc52ae75885c1a0c7db7e8

SHA256
e726a5394a486842d74d9c8d9a540968f742d3113fdecf11e34ecd5cedb6111b

SHA512
806bcd5d0e1b164a11b96fe30428c20dd681d41c87b9fbb549fb5179747684b651b1d5169efa0a9f08cdea40ff319af12582172cdc66f2fbba6dd728bba54c67

Download Submit
C:\Windows\System32\perfc007.dat

Filesize
51KB

MD5
8ee82e26070502a8781544fd914c4850

SHA1
8a10500cd26833f4003377dbbf77b52a1cf5d749

SHA256
d3353f185f6dec27583535c771caf0707c163bf44e0395e6f57f5fa2cc31c231

SHA512
6ed6cffc86209c253b3b59456e77078b03a7805781533befa4863ae4d02ad2315e17b2bba2fae84834ac712b9e22a730d6ccfa96e11af9ec73640a9508002c49

Download Submit
C:\Windows\System32\perfc00A.dat

Filesize
80KB

MD5
4dafc6fba4b58011f2978693b5b19669

SHA1
aab87e2aadfacf367ddffa177565d54c98a64273

SHA256
4c136ba3dbaecafb90bbb17fae00d3a2d198eae776e7601b89457de159d41802

SHA512
3bb52eb61c5a1b8452862892f2e28fcccc0263224379a5d9a286b0fa11123bac8dd965ee888b923815160b0f34ec3cb0f024e5222bfd06b2b5265526e6f245bd

Download Submit
C:\Windows\System32\perfc00C.dat

Filesize
142KB

MD5
b2b17c1d7abc80fba62b6ecfb10b309e

SHA1
3bb4d043d2434582a631ce3f8c1c5e8a729815b4

SHA256
418cd127329c248e99a1265b1c5bbbe281bd11d49413a63e2966f86c296a32b7

SHA512
f8833db0169203e60d5f3b8452d81e8762b195ee7756628e4c5168c258e6e42c363ae71d11871c08b2b462c96592914ff4d4418fe7be355776fe082dd38b9dd9

Download Submit
C:\Windows\System32\perfc010.dat

Filesize
92KB

MD5
8421b5829817bff94616e684324ef6e8

SHA1
e0847f5850a8d79ea80aa1c9238ac96d5075dc19

SHA256
97a12ec8fe964a75cb85915bc0362d827217dcb139dec1dba0ef388c77c77b6d

SHA512
95e3789d1a58b377966ed2bbbedc5dfacc74dbd75d29ff2f66fcfa9a2c18f5923233a875d3e2205c7ac7aa14c78da3b604c83666cb2b97b9b8c201748f22f455

Download Submit
C:\Windows\System32\perfc011.dat

Filesize
114KB

MD5
bee5d91b496fb80f633b314b1dbb55eb

SHA1
25c99dd2d14166bdb16a3b0238204fa8c0094780

SHA256
60f1cd5bc3deb6245e628c6be28bb5425e9c9c24437832929f4d55265ce51334

SHA512
468c5745197bf8a044236dcb86ee398d269e35ef1c93bceb171c9e99bd2bcb39240cbe8280daa8f3d0af4f93b616a47d5d73188c3d2fce244f9ad2e089e2f460

Download Submit
C:\Windows\System32\perfh007.dat

Filesize
231KB

MD5
c48768811593df0a56239db8ebd85b44

SHA1
f5b725ecf98643a0449e933cf5c10b31a03e2d85

SHA256
63dbdb68d50b213fa23d09fbb75b39724a301445f605adb700243709db4cc96a

SHA512
902fa23ac98d8e4890bf979091ffeca1c636aee7140d3d85f5a6c6a9a7c56f4f78fc14a945791d1703de8e980709efcc2228b8d85e4e01a23c19d2e846797fca

Download Submit
C:\Windows\System32\perfh009.dat

Filesize
88KB

MD5
dd6415a82461ebf3899ed38e5ec3bfe7

SHA1
7235ea37f45eba41130d68397a633f66e9eb1b7c

SHA256
431f5ab4f268bdbb29ee8c814b7c677e28ab55a7e7ff245bdbf3d5c393efb7d6

SHA512
b4dc009749d5d7037b314f5e9f8a160dd47bc5e09423df5e635c00ce8c829e0603edc768460a8b98e23ed00507a40f09eeba6b88dbe561583608029fcedf97c1

Download Submit
C:\Windows\System32\perfh00A.dat

Filesize
135KB

MD5
bf8d84635931c0afc2ca8482ad3bb04a

SHA1
334d02695b3f287ea024da3bc1f5998c0d4f22ea

SHA256
606dbc56acad526c205bc9069a474c2d2c861b7dfae45332b7af17a9569b0f12

SHA512
2dfae26072698bb722b9d4477166748334fa1b0ce900c6caa1aa920e61a1adcbb7fcd717c791ea6e0e546303dc426b856bfdf3dd047d3383a1671953ec068021

Download Submit
C:\Windows\System32\perfh00C.dat

Filesize
80KB

MD5
e8b62b0880de0c1ce6070815c3f795d1

SHA1
4e1b88dc2db652ac0ef67b5f178a4b6aac37b0b3

SHA256
60bc9380942ab176942a842b50158c50b98f9904141437d65d6b208a46e9e482

SHA512
a6f60928ad4cd79c6aa3bf47edab1a0a7c492b7a4981e8dbf7a5c4ebd880eba7d81b08c275e1536d6eec8b506bc5c82fc17755fc6ca5dc496f84fe936847236a

Download Submit
C:\Windows\System32\perfh010.dat

Filesize
39KB

MD5
d639f5bd4e92ce4bf954837dd1357e19

SHA1
29865890eacf8120385f065c070d80bd2e97c715

SHA256
c9f9c6df34312b03aa930cd4adaece9f7b58ef667685f2d9e0ac4cfba509f9b4

SHA512
f2a04f259e1f3c04e4ed9256f3b106988c955d7ce28866253129e9ec66a13b028839becc4d2f222b9a01d725c61309dd577affcb5c3e06c1eff7d3c5f1a16a54

Download Submit
C:\Windows\System32\perfh011.dat

Filesize
104KB

MD5
b7feb2bb4aacad2752df757f525ffb4b

SHA1
d5cf280ef27942e6669a9bc157968cf2a7e9f9fd

SHA256
9761cd25e4ba68a43b1ac87ce8c39f6b4e304daef6cc0eeadd5d66abcccc8237

SHA512
6aa0aa0b2661742df8653fe186a956d815e8732adad8a39782dc6a61418c9f0c766aec2a5c93e0e240b8204bc2e1426da5f6b72e9bcc2532ac0b6beb5c7a1edd

Download Submit
C:\Windows\System32\wbem\Performance\WmiApRpl.h

Filesize
3KB

MD5
b133a676d139032a27de3d9619e70091

SHA1
1248aa89938a13640252a79113930ede2f26f1fa

SHA256
ae2b6236d3eeb4822835714ae9444e5dcd21bc60f7a909f2962c43bc743c7b15

SHA512
c6b99e13d854ce7a6874497473614ee4bd81c490802783db1349ab851cd80d1dc06df8c1f6e434aba873a5bbf6125cc64104709064e19a9dc1c66dcde3f898f5

Download Submit
C:\Windows\System32\wbem\Performance\WmiApRpl.ini

Filesize
27KB

MD5
46d08e3a55f007c523ac64dce6dcf478

SHA1
62edf88697e98d43f32090a2197bead7e7244245

SHA256
5b15b1fc32713447c3fbc952a0fb02f1fd78c6f9ac69087bdb240625b0282614

SHA512
b1f42e70c0ba866a9ed34eb531dbcbae1a659d7349c1e1a14b18b9e23d8cbd302d8509c6d3a28bc7509dd92e83bcb400201fb5d5a70f613421d81fe649d02e42

Download Submit
memory/348-138-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/348-130-0x0000000000DD0000-0x0000000000DFA000-memory.dmp

Filesize
168KB

Download
memory/436-18-0x0000000000AF0000-0x0000000000B13000-memory.dmp

Filesize
140KB

Download
memory/436-17-0x0000000000AF0000-0x0000000000B13000-memory.dmp

Filesize
140KB

Download
memory/436-23-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/436-22-0x0000000000B20000-0x0000000000B4A000-memory.dmp

Filesize
168KB

Download
memory/436-24-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/436-86-0x0000000000B20000-0x0000000000B4A000-memory.dmp

Filesize
168KB

Download
memory/436-27-0x0000000077431000-0x0000000077432000-memory.dmp

Filesize
4KB

Download
memory/480-26-0x0000000000D70000-0x0000000000D9A000-memory.dmp

Filesize
168KB

Download
memory/480-30-0x0000000000D70000-0x0000000000D9A000-memory.dmp

Filesize
168KB

Download
memory/480-29-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/480-90-0x0000000000D70000-0x0000000000D9A000-memory.dmp

Filesize
168KB

Download
memory/480-31-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/496-66-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/496-64-0x0000000000120000-0x000000000014A000-memory.dmp

Filesize
168KB

Download
memory/496-63-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/496-135-0x0000000000120000-0x000000000014A000-memory.dmp

Filesize
168KB

Download
memory/496-62-0x0000000000120000-0x000000000014A000-memory.dmp

Filesize
168KB

Download
memory/504-78-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/504-74-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/504-75-0x0000000000260000-0x000000000028A000-memory.dmp

Filesize
168KB

Download
memory/504-73-0x0000000000260000-0x000000000028A000-memory.dmp

Filesize
168KB

Download
memory/504-182-0x0000000000260000-0x000000000028A000-memory.dmp

Filesize
168KB

Download
memory/548-142-0x0000000001FB0000-0x0000000001FDA000-memory.dmp

Filesize
168KB

Download
memory/548-145-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/600-80-0x0000000000470000-0x000000000049A000-memory.dmp

Filesize
168KB

Download
memory/600-89-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/600-85-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/676-98-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/676-94-0x0000000000160000-0x000000000018A000-memory.dmp

Filesize
168KB

Download
memory/676-93-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/676-87-0x0000000000160000-0x000000000018A000-memory.dmp

Filesize
168KB

Download
memory/752-95-0x0000000000C80000-0x0000000000CAA000-memory.dmp

Filesize
168KB

Download
memory/752-99-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/752-103-0x0000000000C80000-0x0000000000CAA000-memory.dmp

Filesize
168KB

Download
memory/752-105-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/824-108-0x000007FEBF570000-0x000007FEBF580000-memory.dmp

Filesize
64KB

Download
memory/824-112-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/824-109-0x0000000000C60000-0x0000000000C8A000-memory.dmp

Filesize
168KB

Download
memory/824-102-0x0000000000C60000-0x0000000000C8A000-memory.dmp

Filesize
168KB

Download
memory/872-113-0x0000000000C70000-0x0000000000C9A000-memory.dmp

Filesize
168KB

Download
memory/872-118-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/1000-126-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/1000-122-0x0000000000B90000-0x0000000000BBA000-memory.dmp

Filesize
168KB

Download
memory/1060-148-0x00000000004A0000-0x00000000004CA000-memory.dmp

Filesize
168KB

Download
memory/1060-154-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/1116-158-0x0000000002280000-0x00000000022AA000-memory.dmp

Filesize
168KB

Download
memory/1116-160-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/1176-163-0x0000000001E50000-0x0000000001E7A000-memory.dmp

Filesize
168KB

Download
memory/1176-166-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/1204-174-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/1204-170-0x00000000025E0000-0x000000000260A000-memory.dmp

Filesize
168KB

Download
memory/1616-11-0x00000000771C0000-0x00000000772DF000-memory.dmp

Filesize
1.1MB

Download
memory/1616-14-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/1616-13-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/1616-81-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/1616-12-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/1616-10-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/1616-9-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/1616-7-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/2132-188-0x0000000037420000-0x0000000037430000-memory.dmp

Filesize
64KB

Download
memory/2132-179-0x00000000002D0000-0x00000000002FA000-memory.dmp

Filesize
168KB

Download
memory/2196-59-0x000007FEEE3F0000-0x000007FEEED8D000-memory.dmp

Filesize
9.6MB

Download
memory/2196-57-0x0000000002CD0000-0x0000000002D50000-memory.dmp

Filesize
512KB

Download
memory/2196-50-0x000000001B650000-0x000000001B932000-memory.dmp

Filesize
2.9MB

Download
memory/2196-53-0x0000000002CD0000-0x0000000002D50000-memory.dmp

Filesize
512KB

Download
memory/2196-51-0x000007FEEE3F0000-0x000007FEEED8D000-memory.dmp

Filesize
9.6MB

Download
memory/2196-54-0x000007FEEE3F0000-0x000007FEEED8D000-memory.dmp

Filesize
9.6MB

Download
memory/2196-55-0x0000000002CD0000-0x0000000002D50000-memory.dmp

Filesize
512KB

Download
memory/2196-58-0x0000000002CDB000-0x0000000002D42000-memory.dmp

Filesize
412KB

Download
memory/2196-52-0x0000000002710000-0x0000000002718000-memory.dmp

Filesize
32KB

Download
memory/2300-187-0x0000000000C20000-0x0000000000C4A000-memory.dmp

Filesize
168KB

Download
memory/2496-44-0x0000000002830000-0x00000000028B0000-memory.dmp

Filesize
512KB

Download
memory/2496-42-0x000007FEF1FA0000-0x000007FEF293D000-memory.dmp

Filesize
9.6MB

Download
memory/2496-40-0x000007FEF1FA0000-0x000007FEF293D000-memory.dmp

Filesize
9.6MB

Download
memory/2496-41-0x0000000002830000-0x00000000028B0000-memory.dmp

Filesize
512KB

Download
memory/2496-43-0x0000000002830000-0x00000000028B0000-memory.dmp

Filesize
512KB

Download
memory/2496-36-0x000000001B720000-0x000000001BA02000-memory.dmp

Filesize
2.9MB

Download
memory/2496-39-0x0000000002830000-0x00000000028B0000-memory.dmp

Filesize
512KB

Download
memory/2496-38-0x0000000001F70000-0x0000000001F78000-memory.dmp

Filesize
32KB

Download
memory/2748-56-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

Filesize
9.9MB

Download
memory/2748-195-0x0000000002450000-0x000000000247A000-memory.dmp

Filesize
168KB

Download
memory/2748-67-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/2748-0-0x000000013FC10000-0x000000013FC66000-memory.dmp

Filesize
344KB

Download
memory/2748-15-0x00000000008B0000-0x00000000008CC000-memory.dmp

Filesize
112KB

Download
memory/2748-77-0x000000001C0A0000-0x000000001C120000-memory.dmp

Filesize
512KB

Download
memory/2748-70-0x00000000771C0000-0x00000000772DF000-memory.dmp

Filesize
1.1MB

Download
memory/2748-6-0x000000001C0A0000-0x000000001C120000-memory.dmp

Filesize
512KB

Download
memory/2748-4-0x00000000771C0000-0x00000000772DF000-memory.dmp

Filesize
1.1MB

Download
memory/2748-5-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/2748-3-0x00000000773E0000-0x0000000077589000-memory.dmp

Filesize
1.7MB

Download
memory/2748-1-0x00000000005F0000-0x000000000062E000-memory.dmp

Filesize
248KB

Download
memory/2748-2-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

Filesize
9.9MB

Download