xworm | 32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
Size

2.1MB
MD5

3b5757f632446842aac3ecd3f1c28366
SHA1

4e00b5c8670c8a184632bdd48eedb3f90fdd4f19
SHA256

32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2
SHA512

bee2b4ea1025ba5fd47ace7b3d9d72527ec6511aeb113f1d709c3df0debcb09405e20c5d746719d2bd91b7f304469c2c7dc9f8b746bec953947bbb9583601c6d
SSDEEP

49152:UqwmCCmvuorNkZQfE8UoGH3pRKl9+VvHu7fAws5Q:b8u8kainHPxVvHW3s5Q

Score

10^/10

xworm zgrat rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

5.182.87.154:7000

aes.plain

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/memory/3104-0-0x0000000000B80000-0x0000000000DA0000-memory.dmp	family_xworm
behavioral1/memory/628-280-0x0000000000400000-0x0000000000410000-memory.dmp	family_xworm

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/3104-0-0x0000000000B80000-0x0000000000DA0000-memory.dmp	family_zgrat_v1

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msmgnr.lnk	MSBuild.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msmgnr.lnk	MSBuild.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3104 set thread context of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
2372	powershell.exe
2372	powershell.exe
2372	powershell.exe
1440	powershell.exe
1440	powershell.exe
1440	powershell.exe
3484	powershell.exe
3484	powershell.exe
3484	powershell.exe
2896	powershell.exe
2896	powershell.exe
2896	powershell.exe
628	MSBuild.exe
628	MSBuild.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
Token: SeDebugPrivilege	628	MSBuild.exe
Token: SeDebugPrivilege	2372	powershell.exe
Token: SeDebugPrivilege	1440	powershell.exe
Token: SeDebugPrivilege	3484	powershell.exe
Token: SeDebugPrivilege	2896	powershell.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
628	MSBuild.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 3104 wrote to memory of 628	3104	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	100
PID 628 wrote to memory of 2372	628	MSBuild.exe	102
PID 628 wrote to memory of 2372	628	MSBuild.exe	102
PID 628 wrote to memory of 2372	628	MSBuild.exe	102
PID 628 wrote to memory of 1440	628	MSBuild.exe	105
PID 628 wrote to memory of 1440	628	MSBuild.exe	105
PID 628 wrote to memory of 1440	628	MSBuild.exe	105
PID 628 wrote to memory of 3484	628	MSBuild.exe	109
PID 628 wrote to memory of 3484	628	MSBuild.exe	109
PID 628 wrote to memory of 3484	628	MSBuild.exe	109
PID 628 wrote to memory of 2896	628	MSBuild.exe	111
PID 628 wrote to memory of 2896	628	MSBuild.exe	111
PID 628 wrote to memory of 2896	628	MSBuild.exe	111

C:\Users\Admin\AppData\Local\Temp\32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
"C:\Users\Admin\AppData\Local\Temp\32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  sad
  2⤵
  - Drops startup file
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:628
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2372
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'MSBuild.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1440
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\msmgnr.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3484
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'msmgnr.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2896

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
3c3a1cb309651967080ffb257fcef9c5

SHA1
7f51a6b573a2a09091bc615613ac5e30cb0dcd60

SHA256
ea53c1302109e01957115f2efc7f5e0377c557023ec53d0d944980c5a6e7dd8a

SHA512
09f2c5d3aa816f078ca9450c93d937756a8c5733d3b82afe576fa792f85d3bf3bf6f1c9b38dbbd633cb389ca52c7ce35904d61a5afbe48eda454ca4d2fc5081c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
0785582d1dc3f384ef7d06cf7ad970fc

SHA1
2c1b984c5003c96de9b94d04735811a5fa3265a9

SHA256
7ccf5651964e18d79c44057bb8fff3036bbd2e05666bec8737e2551832c0816d

SHA512
2074ff3182c51448d0a28221333e6ed07016352cb7c27f142791b08747c21f6d167546e81599d0ba0fd372c0688237fd834225b67a8e8a0708a0dbeea5fbdb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
90a9543e17e2e32b9a7b4926d9314198

SHA1
8bfb20d2bcf73f246b85524fb7450cd6fb7933a4

SHA256
9c5b55f634f92fbe322c9d1fe8ce0e856c4c7507009fa6aa462cf876db9f7ac0

SHA512
8705d36bead58725cba9a137b38b3ce3fd7d2ab380d6d17548c609810ec69e7d0c444d421f9bc647e6d5aff1f17916a9b30899ed8f7ce7a09f7c945001ff93bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p10nh25q.d0e.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/628-422-0x0000000006A10000-0x0000000006FB4000-memory.dmp

Filesize
5.6MB

Download
memory/628-421-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/628-364-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/628-281-0x0000000005790000-0x000000000582C000-memory.dmp

Filesize
624KB

Download
memory/628-282-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/628-280-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1440-361-0x0000000004C10000-0x0000000004C20000-memory.dmp

Filesize
64KB

Download
memory/1440-347-0x0000000005A90000-0x0000000005DE4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-335-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/1440-336-0x0000000004C10000-0x0000000004C20000-memory.dmp

Filesize
64KB

Download
memory/1440-337-0x0000000004C10000-0x0000000004C20000-memory.dmp

Filesize
64KB

Download
memory/1440-360-0x0000000004C10000-0x0000000004C20000-memory.dmp

Filesize
64KB

Download
memory/1440-350-0x0000000070020000-0x000000007006C000-memory.dmp

Filesize
304KB

Download
memory/1440-349-0x000000007FA70000-0x000000007FA80000-memory.dmp

Filesize
64KB

Download
memory/1440-363-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/2372-290-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2372-318-0x0000000006FD0000-0x0000000006FEE000-memory.dmp

Filesize
120KB

Download
memory/2372-292-0x0000000005330000-0x0000000005396000-memory.dmp

Filesize
408KB

Download
memory/2372-295-0x00000000053A0000-0x0000000005406000-memory.dmp

Filesize
408KB

Download
memory/2372-304-0x0000000006020000-0x000000000603E000-memory.dmp

Filesize
120KB

Download
memory/2372-291-0x0000000005060000-0x0000000005082000-memory.dmp

Filesize
136KB

Download
memory/2372-305-0x0000000006060000-0x00000000060AC000-memory.dmp

Filesize
304KB

Download
memory/2372-289-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2372-333-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/2372-329-0x0000000007690000-0x00000000076AA000-memory.dmp

Filesize
104KB

Download
memory/2372-330-0x0000000007670000-0x0000000007678000-memory.dmp

Filesize
32KB

Download
memory/2372-328-0x0000000007590000-0x00000000075A4000-memory.dmp

Filesize
80KB

Download
memory/2372-327-0x0000000007580000-0x000000000758E000-memory.dmp

Filesize
56KB

Download
memory/2372-306-0x000000007F560000-0x000000007F570000-memory.dmp

Filesize
64KB

Download
memory/2372-326-0x0000000007550000-0x0000000007561000-memory.dmp

Filesize
68KB

Download
memory/2372-307-0x0000000006FF0000-0x0000000007022000-memory.dmp

Filesize
200KB

Download
memory/2372-325-0x00000000075D0000-0x0000000007666000-memory.dmp

Filesize
600KB

Download
memory/2372-303-0x0000000005C40000-0x0000000005F94000-memory.dmp

Filesize
3.3MB

Download
memory/2372-324-0x00000000073D0000-0x00000000073DA000-memory.dmp

Filesize
40KB

Download
memory/2372-322-0x00000000079A0000-0x000000000801A000-memory.dmp

Filesize
6.5MB

Download
memory/2372-323-0x0000000007350000-0x000000000736A000-memory.dmp

Filesize
104KB

Download
memory/2372-319-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2372-321-0x0000000007230000-0x00000000072D3000-memory.dmp

Filesize
652KB

Download
memory/2372-320-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/2372-308-0x0000000070020000-0x000000007006C000-memory.dmp

Filesize
304KB

Download
memory/2372-286-0x00000000026F0000-0x0000000002726000-memory.dmp

Filesize
216KB

Download
memory/2372-288-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/2372-287-0x0000000005440000-0x0000000005A68000-memory.dmp

Filesize
6.2MB

Download
memory/2896-393-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/2896-392-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/2896-391-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/2896-404-0x0000000070020000-0x000000007006C000-memory.dmp

Filesize
304KB

Download
memory/2896-414-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/2896-416-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/3104-32-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-16-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-0-0x0000000000B80000-0x0000000000DA0000-memory.dmp

Filesize
2.1MB

Download
memory/3104-285-0x00007FFA337B0000-0x00007FFA34271000-memory.dmp

Filesize
10.8MB

Download
memory/3104-24-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-22-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-38-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-279-0x00007FFA337B0000-0x00007FFA34271000-memory.dmp

Filesize
10.8MB

Download
memory/3104-277-0x000000001B8B0000-0x000000001B8B1000-memory.dmp

Filesize
4KB

Download
memory/3104-34-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-36-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-54-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-64-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-68-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-66-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-56-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-62-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-60-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-58-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-30-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-26-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-20-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-18-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-28-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-14-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-52-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-12-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-10-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-8-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-7-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-6-0x000000001D690000-0x000000001D778000-memory.dmp

Filesize
928KB

Download
memory/3104-5-0x000000001C530000-0x000000001C6D9000-memory.dmp

Filesize
1.7MB

Download
memory/3104-1-0x00007FFA337B0000-0x00007FFA34271000-memory.dmp

Filesize
10.8MB

Download
memory/3104-4-0x000000001B9F0000-0x000000001BA12000-memory.dmp

Filesize
136KB

Download
memory/3104-2-0x000000001BA20000-0x000000001BA30000-memory.dmp

Filesize
64KB

Download
memory/3104-46-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-48-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-44-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-40-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-50-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-42-0x000000001D690000-0x000000001D771000-memory.dmp

Filesize
900KB

Download
memory/3104-3-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/3484-390-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/3484-378-0x0000000070020000-0x000000007006C000-memory.dmp

Filesize
304KB

Download
memory/3484-388-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/3484-365-0x0000000074A70000-0x0000000075220000-memory.dmp

Filesize
7.7MB

Download
memory/3484-371-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/3484-372-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download