xworm | 4b14895a45058c34fb029d0b867412bba2ba76aceb444f28b3b312b98a5a73df

Resubmissions

14/03/2024, 10:26

240314-mgrjcsbh52 10

14/03/2024, 10:25

240314-mfxc8ahe7z 10

Analysis

max time kernel
300s
max time network
211s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2024, 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rino's Discord Account ToolKit/Rinos_Discord_Account_ToolKit.exe
Size

4.3MB
MD5

a7553cc8ad2b91025f5bfb532090d2b6
SHA1

5326aeb29d57118faaad3af9946584b87ad7f0d0
SHA256

6aeee8b13c11c4157a2a92a38270c30af85fb060e5ccf3ef54994d2c3a1cf5b4
SHA512

1a62dec71262fcf6561cf6ea615f9cb0a4d9d495e8759ab62b5980f6ad4211effce2e3f0726e69afb55441999e264ea25512db0e6d584d4c7e3c949429c9b81c
SSDEEP

98304:XIPanxb7sGW9NcEJn5kKxGOd82SqTxaA/XjOqC1kIq9o8ha:Ys7sGqNcLGGOJSeV7L9o

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

Attributes

install_file
game.exe

Signatures

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral6/files/0x000700000002a74e-15.dat	family_xworm
behavioral6/memory/4668-40-0x00000223D1240000-0x00000223D1254000-memory.dmp	family_xworm
behavioral6/memory/4668-16-0x00000223D0DF0000-0x00000223D0E40000-memory.dmp	family_xworm

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4668 created 632	4668	IntelCpHDCPSvc.exe	698

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe	Rinos_Discord_Account_ToolKit.exe

Executes dropped EXE 2 IoCs

pid	Process
4668	IntelCpHDCPSvc.exe
3480	Rino's Discord Account ToolKit.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx	svchost.exe
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4668 set thread context of 4604	4668	IntelCpHDCPSvc.exe	1287

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4668	IntelCpHDCPSvc.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
3672	Process not Found
3592	Process not Found
2872	Process not Found
4632	Process not Found
2632	Process not Found
5108	Process not Found
2240	Process not Found
1464	Process not Found
4636	Process not Found
3160	Process not Found
532	Process not Found
4696	Process not Found
2896	Process not Found
232	Process not Found
5088	Process not Found
2264	Process not Found
3636	Process not Found
4940	Process not Found
348	Process not Found
3292	Process not Found
1204	Process not Found
2864	Process not Found
3668	Process not Found
2764	Process not Found
1616	Process not Found
4704	Process not Found
1188	Process not Found
848	Process not Found
4024	Process not Found
2272	Process not Found
4200	Process not Found
2216	Process not Found
1496	Process not Found
3540	Process not Found
4880	Process not Found
2700	Process not Found
4424	Process not Found
4836	Process not Found
1564	Process not Found
3760	Process not Found
3368	Process not Found
3524	Process not Found
3196	Process not Found
2156	Process not Found
3100	Process not Found
2628	Process not Found
2564	Process not Found
5084	Process not Found
236	Process not Found
1216	Process not Found
1240	Process not Found
3128	Process not Found
1968	Process not Found
2832	Process not Found
1836	Process not Found
1632	Process not Found
2600	Process not Found
1584	Process not Found
1520	Process not Found
4840	Process not Found
816	Process not Found
3972	Process not Found
3476	Process not Found
4180	Process not Found

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4668	IntelCpHDCPSvc.exe
Token: SeDebugPrivilege	4668	IntelCpHDCPSvc.exe
Token: SeDebugPrivilege	4604	dllhost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 4668	1188	Rinos_Discord_Account_ToolKit.exe	82
PID 1188 wrote to memory of 4668	1188	Rinos_Discord_Account_ToolKit.exe	82
PID 1188 wrote to memory of 3480	1188	Rinos_Discord_Account_ToolKit.exe	83
PID 1188 wrote to memory of 3480	1188	Rinos_Discord_Account_ToolKit.exe	83
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4668 wrote to memory of 4604	4668	IntelCpHDCPSvc.exe	1287
PID 4604 wrote to memory of 632	4604	dllhost.exe	698
PID 4604 wrote to memory of 692	4604	dllhost.exe	7
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 4604 wrote to memory of 980	4604	dllhost.exe	12
PID 4604 wrote to memory of 460	4604	dllhost.exe	394
PID 4604 wrote to memory of 764	4604	dllhost.exe	14
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 4604 wrote to memory of 676	4604	dllhost.exe	15
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 4604 wrote to memory of 1076	4604	dllhost.exe	16
PID 4604 wrote to memory of 1084	4604	dllhost.exe	17
PID 4604 wrote to memory of 1164	4604	dllhost.exe	19
PID 4604 wrote to memory of 1176	4604	dllhost.exe	20
PID 4604 wrote to memory of 1244	4604	dllhost.exe	21
PID 4604 wrote to memory of 1300	4604	dllhost.exe	22
PID 4604 wrote to memory of 1396	4604	dllhost.exe	23
PID 4604 wrote to memory of 1432	4604	dllhost.exe	24
PID 4604 wrote to memory of 1476	4604	dllhost.exe	25
PID 4604 wrote to memory of 1576	4604	dllhost.exe	26
PID 4604 wrote to memory of 1596	4604	dllhost.exe	27
PID 4604 wrote to memory of 1680	4604	dllhost.exe	28
PID 4604 wrote to memory of 1720	4604	dllhost.exe	29
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 1476 wrote to memory of 2112	1476	svchost.exe	989
PID 1476 wrote to memory of 2112	1476	svchost.exe	989
PID 1476 wrote to memory of 4764	1476	svchost.exe	992
PID 1476 wrote to memory of 4764	1476	svchost.exe	992
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 1476 wrote to memory of 4760	1476	svchost.exe	994
PID 1476 wrote to memory of 4760	1476	svchost.exe	994
PID 1476 wrote to memory of 5068	1476	svchost.exe	1618
PID 1476 wrote to memory of 5068	1476	svchost.exe	1618
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45
PID 692 wrote to memory of 2692	692	lsass.exe	45

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:980

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:676

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1176

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
1⤵
PID:1244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1396

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
- Drops file in System32 directory
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:2112
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:4764
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:4760
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:5068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1576

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1596

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
1⤵
PID:1680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p
1⤵
PID:2576

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rinos_Discord_Account_ToolKit.exe
"C:\Users\Admin\AppData\Local\Temp\Rino's Discord Account ToolKit\Rinos_Discord_Account_ToolKit.exe"
1⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4668
- C:\TOOLS\Rino's Discord Account ToolKit.exe
  "C:\TOOLS\Rino's Discord Account ToolKit.exe"
  2⤵
  - Executes dropped EXE
  PID:3480

C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe /Processid:{7bf50dff-a510-4c7f-bf78-54afc659ecf7}
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4604

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000138 0000008c
1⤵
PID:460

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 0000008c
1⤵
PID:632

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000e4 0000008c
1⤵
PID:2112

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 0000010c 0000008c
1⤵
PID:4764

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f0 0000008c
1⤵
PID:4760

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 00000110 0000008c
1⤵
PID:4604

C:\Windows\System32\smss.exe
\SystemRoot\System32\smss.exe 000000f8 0000008c
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\TOOLS\Rino's Discord Account ToolKit.exe

Filesize
1.0MB

MD5
9f65d905b34fb00cb30b1dccccbfa431

SHA1
fbd44d688914699bd711972726482a81c54830a8

SHA256
bcb2cce497235ef8b47c6b0a91e40ad639ea9270845ae32d49d54b4e00c8760f

SHA512
0d4262ac75d30c083856dd01a23b7c5b737c073abd6f12912e8fd7b7a17acd9377194718d60bec7ef2922b0133313f613e48e1d4b25df6279e18fb116afc9d60

Download Submit
C:\TOOLS\Rino's Discord Account ToolKit.exe

Filesize
606KB

MD5
2360524f65e8272678d61af2a125cc9f

SHA1
775aa288e1fda3df46ad0a8d75fc3eb89a28b83c

SHA256
b418eb8afa5a8935924681c8f4b2af2e91408edce40275b278e853dafbdf2153

SHA512
11219bdd33a1254ae9eecfb44ce7aad483514821eda2955ea41116cc10febf6cd990817bcf77414a80e4a291087e2976203388ff8ef182329a3d7b6d7aafd412

Download Submit
C:\TOOLS\Rino's Discord Account ToolKit.exe

Filesize
450KB

MD5
63c7f7603dca29aa9bb9d6e970ca452a

SHA1
253997966c7996acfda41e651f958bc679a36fac

SHA256
0fedff4da7bd34ca861b82b032507f86faa3fec75fc3197c4bf7e16dba8a04f4

SHA512
93c7892f34d4116bc7418ea1566596488dfff658eee8e483da743ec95c2dc712100de434b37241777df30a5d9865db3052c1b8cb2445a4d716740280356d0bf0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelCpHDCPSvc.exe

Filesize
301KB

MD5
34613dee8aeb37cf39ea63ce5fdb47ea

SHA1
c0c5816551614719bb79b7fc5f0092f3c6e50f6f

SHA256
9a14d4f1fc797330557379e7fdec808cd3ef0ba5d372c02f8ce37a86b8bed214

SHA512
0d11526487843c62fe0edf3fbba413ac6c035e8b3ce8d47f878daf9ab39e45aae4d7108e4a1652da144b8af6c38c20df354fd34850df51943748f6c21e7f36e2

Download Submit
memory/460-61-0x0000021CBFD50000-0x0000021CBFD7A000-memory.dmp

Filesize
168KB

Download
memory/460-71-0x0000021CBFD50000-0x0000021CBFD7A000-memory.dmp

Filesize
168KB

Download
memory/632-50-0x000001CEBF8E0000-0x000001CEBF90A000-memory.dmp

Filesize
168KB

Download
memory/632-58-0x00007FF84A403000-0x00007FF84A404000-memory.dmp

Filesize
4KB

Download
memory/632-64-0x00007FF84A406000-0x00007FF84A407000-memory.dmp

Filesize
4KB

Download
memory/632-125-0x000001CEBF8E0000-0x000001CEBF90A000-memory.dmp

Filesize
168KB

Download
memory/632-55-0x00007FF84A404000-0x00007FF84A405000-memory.dmp

Filesize
4KB

Download
memory/632-52-0x000001CEBF8E0000-0x000001CEBF90A000-memory.dmp

Filesize
168KB

Download
memory/632-49-0x000001CEBF8B0000-0x000001CEBF8D3000-memory.dmp

Filesize
140KB

Download
memory/632-124-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/676-80-0x0000021DFDEA0000-0x0000021DFDECA000-memory.dmp

Filesize
168KB

Download
memory/676-75-0x0000021DFDEA0000-0x0000021DFDECA000-memory.dmp

Filesize
168KB

Download
memory/676-77-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/692-53-0x0000023C2F3D0000-0x0000023C2F3FA000-memory.dmp

Filesize
168KB

Download
memory/692-67-0x0000023C2F3D0000-0x0000023C2F3FA000-memory.dmp

Filesize
168KB

Download
memory/692-56-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/764-73-0x0000018020460000-0x000001802048A000-memory.dmp

Filesize
168KB

Download
memory/764-68-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/764-66-0x0000018020460000-0x000001802048A000-memory.dmp

Filesize
168KB

Download
memory/980-69-0x000001ED28290000-0x000001ED282BA000-memory.dmp

Filesize
168KB

Download
memory/980-63-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/980-72-0x00007FF84A404000-0x00007FF84A405000-memory.dmp

Filesize
4KB

Download
memory/980-60-0x000001ED28290000-0x000001ED282BA000-memory.dmp

Filesize
168KB

Download
memory/1076-83-0x00000160E7560000-0x00000160E758A000-memory.dmp

Filesize
168KB

Download
memory/1076-84-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1076-98-0x00000160E7560000-0x00000160E758A000-memory.dmp

Filesize
168KB

Download
memory/1084-91-0x0000013002330000-0x000001300235A000-memory.dmp

Filesize
168KB

Download
memory/1084-95-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1084-108-0x0000013002330000-0x000001300235A000-memory.dmp

Filesize
168KB

Download
memory/1164-94-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1164-104-0x000001DB40360000-0x000001DB4038A000-memory.dmp

Filesize
168KB

Download
memory/1164-89-0x000001DB40360000-0x000001DB4038A000-memory.dmp

Filesize
168KB

Download
memory/1176-96-0x000001FF8A8D0000-0x000001FF8A8FA000-memory.dmp

Filesize
168KB

Download
memory/1176-101-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1176-110-0x000001FF8A8D0000-0x000001FF8A8FA000-memory.dmp

Filesize
168KB

Download
memory/1188-1-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/1188-3-0x000000001BA40000-0x000000001BA50000-memory.dmp

Filesize
64KB

Download
memory/1188-34-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/1188-0-0x0000000000730000-0x0000000000B80000-memory.dmp

Filesize
4.3MB

Download
memory/1244-111-0x0000018C1EDA0000-0x0000018C1EDCA000-memory.dmp

Filesize
168KB

Download
memory/1244-97-0x0000018C1EDA0000-0x0000018C1EDCA000-memory.dmp

Filesize
168KB

Download
memory/1244-103-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1300-106-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1300-112-0x0000016BAB690000-0x0000016BAB6BA000-memory.dmp

Filesize
168KB

Download
memory/1300-102-0x0000016BAB690000-0x0000016BAB6BA000-memory.dmp

Filesize
168KB

Download
memory/1396-117-0x000002A7F0A60000-0x000002A7F0A8A000-memory.dmp

Filesize
168KB

Download
memory/1396-121-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1396-150-0x000002A7F0A60000-0x000002A7F0A8A000-memory.dmp

Filesize
168KB

Download
memory/1432-122-0x00007FF80A3F0000-0x00007FF80A400000-memory.dmp

Filesize
64KB

Download
memory/1432-127-0x00000235110F0000-0x000002351111A000-memory.dmp

Filesize
168KB

Download
memory/1432-161-0x00000235110F0000-0x000002351111A000-memory.dmp

Filesize
168KB

Download
memory/1432-118-0x00000235110F0000-0x000002351111A000-memory.dmp

Filesize
168KB

Download
memory/1476-134-0x000001E0D2A90000-0x000001E0D2ABA000-memory.dmp

Filesize
168KB

Download
memory/1476-123-0x000001E0D2A90000-0x000001E0D2ABA000-memory.dmp

Filesize
168KB

Download
memory/1476-163-0x000001E0D2A90000-0x000001E0D2ABA000-memory.dmp

Filesize
168KB

Download
memory/1576-140-0x0000015DF6970000-0x0000015DF699A000-memory.dmp

Filesize
168KB

Download
memory/1576-162-0x0000015DF6970000-0x0000015DF699A000-memory.dmp

Filesize
168KB

Download
memory/1596-160-0x0000028A83180000-0x0000028A831AA000-memory.dmp

Filesize
168KB

Download
memory/1680-156-0x0000025FBEB00000-0x0000025FBEB2A000-memory.dmp

Filesize
168KB

Download
memory/1720-159-0x000002BF2C3B0000-0x000002BF2C3DA000-memory.dmp

Filesize
168KB

Download
memory/3480-146-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/3480-76-0x00000242868B0000-0x00000242868C0000-memory.dmp

Filesize
64KB

Download
memory/3480-88-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/3480-33-0x0000024284880000-0x0000024284C84000-memory.dmp

Filesize
4.0MB

Download
memory/3480-38-0x00000242868B0000-0x00000242868C0000-memory.dmp

Filesize
64KB

Download
memory/3480-42-0x000002429F2D0000-0x000002429F784000-memory.dmp

Filesize
4.7MB

Download
memory/3480-32-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/4604-151-0x00007FF84A360000-0x00007FF84A569000-memory.dmp

Filesize
2.0MB

Download
memory/4604-44-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4604-39-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4604-37-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4604-43-0x00007FF84A360000-0x00007FF84A569000-memory.dmp

Filesize
2.0MB

Download
memory/4604-46-0x00007FF84A170000-0x00007FF84A22D000-memory.dmp

Filesize
756KB

Download
memory/4604-47-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4604-41-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4668-79-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/4668-31-0x00007FF84A360000-0x00007FF84A569000-memory.dmp

Filesize
2.0MB

Download
memory/4668-153-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/4668-158-0x00007FF84A360000-0x00007FF84A569000-memory.dmp

Filesize
2.0MB

Download
memory/4668-16-0x00000223D0DF0000-0x00000223D0E40000-memory.dmp

Filesize
320KB

Download
memory/4668-17-0x00007FF829260000-0x00007FF829D22000-memory.dmp

Filesize
10.8MB

Download
memory/4668-28-0x00000223D1260000-0x00000223D129E000-memory.dmp

Filesize
248KB

Download
memory/4668-35-0x00007FF84A170000-0x00007FF84A22D000-memory.dmp

Filesize
756KB

Download
memory/4668-116-0x00007FF84A170000-0x00007FF84A22D000-memory.dmp

Filesize
756KB

Download
memory/4668-120-0x00000223EB780000-0x00000223EB790000-memory.dmp

Filesize
64KB

Download
memory/4668-40-0x00000223D1240000-0x00000223D1254000-memory.dmp

Filesize
80KB

Download
memory/4668-92-0x00007FF84A360000-0x00007FF84A569000-memory.dmp

Filesize
2.0MB

Download
memory/4668-36-0x00000223EB780000-0x00000223EB790000-memory.dmp

Filesize
64KB

Download