xworm | 32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2

Analysis

max time kernel
135s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
19-03-2024 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
Size

2.1MB
MD5

3b5757f632446842aac3ecd3f1c28366
SHA1

4e00b5c8670c8a184632bdd48eedb3f90fdd4f19
SHA256

32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2
SHA512

bee2b4ea1025ba5fd47ace7b3d9d72527ec6511aeb113f1d709c3df0debcb09405e20c5d746719d2bd91b7f304469c2c7dc9f8b746bec953947bbb9583601c6d
SSDEEP

49152:UqwmCCmvuorNkZQfE8UoGH3pRKl9+VvHu7fAws5Q:b8u8kainHPxVvHW3s5Q

Score

10^/10

xworm zgrat rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

5.182.87.154:7000

aes.plain

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral2/memory/684-0-0x0000000000EB0000-0x00000000010D0000-memory.dmp	family_xworm
behavioral2/memory/2444-278-0x0000000000400000-0x0000000000410000-memory.dmp	family_xworm

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral2/memory/684-0-0x0000000000EB0000-0x00000000010D0000-memory.dmp	family_zgrat_v1

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msmgnr.lnk	MSBuild.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msmgnr.lnk	MSBuild.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 684 set thread context of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
3436	powershell.exe
3436	powershell.exe
3300	powershell.exe
3300	powershell.exe
1176	powershell.exe
1176	powershell.exe
2376	powershell.exe
2376	powershell.exe
2444	MSBuild.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
Token: SeDebugPrivilege	2444	MSBuild.exe
Token: SeDebugPrivilege	3436	powershell.exe
Token: SeDebugPrivilege	3300	powershell.exe
Token: SeDebugPrivilege	1176	powershell.exe
Token: SeDebugPrivilege	2376	powershell.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2444	MSBuild.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 684 wrote to memory of 2444	684	32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe	86
PID 2444 wrote to memory of 3436	2444	MSBuild.exe	87
PID 2444 wrote to memory of 3436	2444	MSBuild.exe	87
PID 2444 wrote to memory of 3436	2444	MSBuild.exe	87
PID 2444 wrote to memory of 3300	2444	MSBuild.exe	89
PID 2444 wrote to memory of 3300	2444	MSBuild.exe	89
PID 2444 wrote to memory of 3300	2444	MSBuild.exe	89
PID 2444 wrote to memory of 1176	2444	MSBuild.exe	91
PID 2444 wrote to memory of 1176	2444	MSBuild.exe	91
PID 2444 wrote to memory of 1176	2444	MSBuild.exe	91
PID 2444 wrote to memory of 2376	2444	MSBuild.exe	93
PID 2444 wrote to memory of 2376	2444	MSBuild.exe	93
PID 2444 wrote to memory of 2376	2444	MSBuild.exe	93

C:\Users\Admin\AppData\Local\Temp\32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe
"C:\Users\Admin\AppData\Local\Temp\32ba94d58bb386a630c0f7ff76b730caa6e18dc023262bc160a4bc695d4d6ac2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  sad
  2⤵
  - Drops startup file
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3436
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'MSBuild.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3300
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\msmgnr.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1176
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'msmgnr.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2376

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
b981fb9aa0f588cff4edb66419f77ecc

SHA1
cd2535b70da2d8d31531187e69a08f1d8e4a6d54

SHA256
bc6702d728335ac6a679a23b20dfd2a4e226b945757e56221d62bd12fb4bd0d4

SHA512
409809dd664c5d94c55e06fc70f0ad010da6cb867f4d3052dcf437cb6c59a562f2799a140d7e1746cfbf82c304f19e0f38e0111f5a6090961815cfb52c50e455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
3586a8d84f2ae4a4ac95a74817790cb1

SHA1
ba8716df853de3d91970a388ddb46fe0473d79ec

SHA256
4d9be626f1481fdb2f3f2da73aae7acf9f9a69b3c110423975f15b2eea56ed03

SHA512
096626b0f23f7995abb91918e4a30dc1fc34432dc18d35223bb9d8ae9f8d3fe3047aba85adb57ba98304cd34adcf078b51c2d3d9bca7c75fa8b0ace520c1211f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
841c70e2deb564f34b8dad87b9480313

SHA1
5b04ad107ceeebcaaacc2dd182678c366c323e77

SHA256
d4d02e7878fc65dc8722d2286d0a88bff55545ade77b95eaec6975b5850d2de4

SHA512
fe15c8387e8be19de096238edad337aa7dbddcc865d35e4e54831e295fa7266ac8af2bae88000a1ff60f7516615353d0faea1f6b677837e0a3dd99650f23055f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rbcnvksx.pni.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/684-41-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-63-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-9-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-11-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-6-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-13-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-15-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-23-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-21-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-25-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-19-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-31-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-33-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-37-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-39-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-43-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-47-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-53-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-67-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-69-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-65-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-4-0x000000001BF30000-0x000000001BF52000-memory.dmp

Filesize
136KB

Download
memory/684-61-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-59-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-57-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-55-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-51-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-49-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-45-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-5-0x000000001F8E0000-0x000000001F9C8000-memory.dmp

Filesize
928KB

Download
memory/684-7-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-0-0x0000000000EB0000-0x00000000010D0000-memory.dmp

Filesize
2.1MB

Download
memory/684-27-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-17-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-276-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/684-1-0x00007FFEA6C80000-0x00007FFEA7742000-memory.dmp

Filesize
10.8MB

Download
memory/684-35-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-279-0x00007FFEA6C80000-0x00007FFEA7742000-memory.dmp

Filesize
10.8MB

Download
memory/684-29-0x000000001F8E0000-0x000000001F9C1000-memory.dmp

Filesize
900KB

Download
memory/684-283-0x00007FFEA6C80000-0x00007FFEA7742000-memory.dmp

Filesize
10.8MB

Download
memory/684-2-0x000000001BF60000-0x000000001BF70000-memory.dmp

Filesize
64KB

Download
memory/684-3-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/1176-354-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/1176-378-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/1176-357-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/1176-356-0x00000000060F0000-0x0000000006447000-memory.dmp

Filesize
3.3MB

Download
memory/1176-376-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/1176-367-0x00000000702B0000-0x00000000702FC000-memory.dmp

Filesize
304KB

Download
memory/2376-379-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/2376-400-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/2376-380-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/2376-403-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/2376-381-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/2376-391-0x00000000702B0000-0x00000000702FC000-memory.dmp

Filesize
304KB

Download
memory/2376-401-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/2444-410-0x0000000006480000-0x0000000006512000-memory.dmp

Filesize
584KB

Download
memory/2444-409-0x0000000006720000-0x0000000006CC6000-memory.dmp

Filesize
5.6MB

Download
memory/2444-355-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/2444-412-0x0000000005940000-0x0000000005950000-memory.dmp

Filesize
64KB

Download
memory/2444-278-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2444-411-0x0000000006440000-0x000000000644A000-memory.dmp

Filesize
40KB

Download
memory/2444-281-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/2444-280-0x00000000056B0000-0x000000000574C000-memory.dmp

Filesize
624KB

Download
memory/2444-408-0x0000000005940000-0x0000000005950000-memory.dmp

Filesize
64KB

Download
memory/3300-331-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/3300-330-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/3300-353-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/3300-341-0x000000007F210000-0x000000007F220000-memory.dmp

Filesize
64KB

Download
memory/3300-342-0x00000000702B0000-0x00000000702FC000-memory.dmp

Filesize
304KB

Download
memory/3300-343-0x0000000004B40000-0x0000000004B50000-memory.dmp

Filesize
64KB

Download
memory/3436-303-0x0000000006800000-0x0000000006834000-memory.dmp

Filesize
208KB

Download
memory/3436-313-0x0000000007410000-0x000000000742E000-memory.dmp

Filesize
120KB

Download
memory/3436-322-0x00000000077C0000-0x00000000077CE000-memory.dmp

Filesize
56KB

Download
memory/3436-323-0x00000000077D0000-0x00000000077E5000-memory.dmp

Filesize
84KB

Download
memory/3436-328-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/3436-325-0x00000000078C0000-0x00000000078C8000-memory.dmp

Filesize
32KB

Download
memory/3436-320-0x0000000007820000-0x00000000078B6000-memory.dmp

Filesize
600KB

Download
memory/3436-319-0x00000000075F0000-0x00000000075FA000-memory.dmp

Filesize
40KB

Download
memory/3436-317-0x0000000007BC0000-0x000000000823A000-memory.dmp

Filesize
6.5MB

Download
memory/3436-318-0x0000000007580000-0x000000000759A000-memory.dmp

Filesize
104KB

Download
memory/3436-302-0x000000007FD50000-0x000000007FD60000-memory.dmp

Filesize
64KB

Download
memory/3436-324-0x00000000078E0000-0x00000000078FA000-memory.dmp

Filesize
104KB

Download
memory/3436-304-0x00000000702B0000-0x00000000702FC000-memory.dmp

Filesize
304KB

Download
memory/3436-321-0x0000000007790000-0x00000000077A1000-memory.dmp

Filesize
68KB

Download
memory/3436-315-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/3436-316-0x0000000007440000-0x00000000074E4000-memory.dmp

Filesize
656KB

Download
memory/3436-314-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/3436-301-0x0000000006260000-0x00000000062AC000-memory.dmp

Filesize
304KB

Download
memory/3436-300-0x0000000006220000-0x000000000623E000-memory.dmp

Filesize
120KB

Download
memory/3436-299-0x0000000005DC0000-0x0000000006117000-memory.dmp

Filesize
3.3MB

Download
memory/3436-289-0x0000000005C70000-0x0000000005CD6000-memory.dmp

Filesize
408KB

Download
memory/3436-295-0x0000000005CE0000-0x0000000005D46000-memory.dmp

Filesize
408KB

Download
memory/3436-288-0x0000000005460000-0x0000000005482000-memory.dmp

Filesize
136KB

Download
memory/3436-287-0x0000000005490000-0x0000000005ABA000-memory.dmp

Filesize
6.2MB

Download
memory/3436-286-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/3436-285-0x0000000074CA0000-0x0000000075451000-memory.dmp

Filesize
7.7MB

Download
memory/3436-284-0x0000000002A60000-0x0000000002A96000-memory.dmp

Filesize
216KB

Download