Overview

overview

10

Static

static

10

XClient.exe

windows7-x64

10

XClient.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    929s
  • max time network
    1047s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-09-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XClient.exe

  • Size

    34KB

  • MD5

    17e7008acdf564a64c66b5e1551de7d1

  • SHA1

    89b9db120317d212ade05c2c300fe461d324d1a0

  • SHA256

    1a875a261fd81412ed0bc0dd53084dd6e9b7a5545802a1c37d85efeb3ec314bd

  • SHA512

    f4eb1e7c9997e3e9714e455b097081e52e3af72e5017c5ee2ab34c0cefcf197183f75f7a31870319ac24f36696778885f01d94accd3b5b866dbc20a406c36735

  • SSDEEP

    768:pXuuB5cBenG5Z96pbWx9FV9jJOjhj/4e:pXu25cBeGjspW/FV9jJOjZQe

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

lefferek-42016.portmap.host:42016

Mutex

CvqERIOnQqEv3r1K

Attributes
  • Install_directory

    %AppData%

  • install_file

    DiscordClient.exe

aes.plain

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Drops startup file 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XClient.exe
    "C:\Users\Admin\AppData\Local\Temp\XClient.exe"
    1⤵
    • Drops startup file
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4244
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3192
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7f2446f8,0x7ffe7f244708,0x7ffe7f244718
        3⤵
          PID:4668
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
          3⤵
            PID:1952
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:5028
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
            3⤵
              PID:2632
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              3⤵
                PID:1584
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                3⤵
                  PID:3036
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                  3⤵
                    PID:788
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                    3⤵
                      PID:3376
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2552
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                      3⤵
                        PID:3452
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                        3⤵
                          PID:3384
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                          3⤵
                            PID:4284
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                            3⤵
                              PID:2032
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                              3⤵
                                PID:2132
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6327809135946842802,16340359416148728059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
                                3⤵
                                  PID:3164
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1784
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1208

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  2783c40400a8912a79cfd383da731086

                                  SHA1

                                  001a131fe399c30973089e18358818090ca81789

                                  SHA256

                                  331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                                  SHA512

                                  b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  ff63763eedb406987ced076e36ec9acf

                                  SHA1

                                  16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                                  SHA256

                                  8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                                  SHA512

                                  ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  792B

                                  MD5

                                  c7d58de33389cb7b16cd19d818378eef

                                  SHA1

                                  8fcac28d0d06be58d927310df022e968a19a3b59

                                  SHA256

                                  16cf436e28abda116f7396923cee1febf5d28a77f22e235dc2604678bf7a45b3

                                  SHA512

                                  a65973b24ca77daf601fec6ac1bdd788126f3e618549315a0db4b66bc2a901a3ef6157f1bee0a8c22a74714c3ed4c8e41e0f33b5dacd8769a3322696d3e563c8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  2KB

                                  MD5

                                  465fde3b22d0486a168e73094bb5a95e

                                  SHA1

                                  d81d9e3ffe43424329eb9f4a2b693a2329d56187

                                  SHA256

                                  eb7e3d52ce051a20d7fc1fcced0abacd6e6b30b3d31cf95afdd45006cd056254

                                  SHA512

                                  2b694eefc19ec39877cb0b18afe86307922ca34d537baef2ea8a3b2ba6daa7896e474a1a7f0fb1fb0cfd5d7bd63e3783d909c9e3a524f41c5a51889244981271

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  b55b64853e2cb557e06347c4b9f4d343

                                  SHA1

                                  bc1f6784dc909fa5a4110b863d9fe38b17cf2540

                                  SHA256

                                  154f4e265f064e4d540f58ed3e5eb93f8549aae7bf099a6726d6f8bf46664118

                                  SHA512

                                  fd3a0ecdfdc2a5425ee21e62b6ccf6fc4327588f9102ce8cff1be7e0ca4221ab636e9249c7c6f018831b35ee645006f031e5b11bb8a8bd3f4202d41e12709db9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  d60359bf5fad3d64d8a4ceca0ddd35fe

                                  SHA1

                                  e6db912badf0f97c3f7f67a4934e51d5ddb9c06a

                                  SHA256

                                  4066ee033e2c4a6887b6bd770bd6ffd852546844c145e1ba78c165242bb90913

                                  SHA512

                                  07e53649a18b24198a8af277a93051414bb7a35e558560cf9513c36e1710136f3df5ea125e3ff535f6ef5b503dd24c76cbd27865e0e0d507ef98580a2c69f0a7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  a8c8fd2168895cd1a2e70d9d21612092

                                  SHA1

                                  947ad1d667e22d812021b3634090cef46dfbbe1f

                                  SHA256

                                  3884ad6255b4375c7f98a1ce9a26ca7deaff364640e5d58795f7d2c7784db2f5

                                  SHA512

                                  6e8956afd2397c1c11d1fe721207e3311730cb2ed353bae9f5e453e139aa2fab34c82fbe0864f3624580ab0961ae3723c1a3783984e7a8db38b85b858c2e2ae0

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                  Filesize

                                  96B

                                  MD5

                                  25831e5a332f82253024a8d4c731bc74

                                  SHA1

                                  15995c0ee1dcd83ed2c2905ae0e4f9d53c779470

                                  SHA256

                                  0bb09a05f3c4c5dc257cb6569dbe49f0501f10fd352f0d25d72a05b443389d2d

                                  SHA512

                                  152d222f7f10f024994aaa98386c15879243dbbf3a2e5c218b4c03f12c433abecd52acb205e8e5b893190071283a32e3dcc99d705ba07752e208c3e4bbf019d0

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586abb.TMP
                                  Filesize

                                  48B

                                  MD5

                                  74502c734e3cd4b423d0f0cbee4e017d

                                  SHA1

                                  53c7c8354ce584f7f68712c4a7c220cccd537a20

                                  SHA256

                                  06c720ff04dc9e141efa29ce12912d721d712884b0b4b9b74cb9d5bdb4f60318

                                  SHA512

                                  7c9157a15d728b3c1291b4e72ced37df1168dd5e8649d63e195c319524d435273bf7a8843131f21280f40e9caab85dbf9fbcb0709fd3f7a6b0c4c7a78db49eed

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  537B

                                  MD5

                                  5fb56cf2b649ae01953df8cd1da52c43

                                  SHA1

                                  900dc098e4ba7608502368b587b19ef21316a314

                                  SHA256

                                  1697f8b6f633a2383b2fbf8d5aa46eb97274f2bacaf7894f2940cea351debd97

                                  SHA512

                                  fbce4f31664d960e89856fde0bf2efec1ec881aebecd179f667ffc058bfd65ec7d5caf7329cb5130aaeff286a9c9c8f5de1e1edd874e3e65e12952c0e0a262cf

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5862ad.TMP
                                  Filesize

                                  537B

                                  MD5

                                  1d5653db00f73560510f81f07b9203c6

                                  SHA1

                                  8785ca679b8b6a858f151719a493f36f7ab22b2b

                                  SHA256

                                  0b45592ad0f9c5c83fa2ebd222a409bef3093e7c3617fa1b29db9c4137381cd0

                                  SHA512

                                  da12b1a077ebe13354ef7a22bd01f81b5fe55b038f741d1a8eaf1879cab1f4083e7f9fea052133937b1a42f76a8aebb40b3641e47201b687962cb4050eb59e17

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  8b47de07ff879e4345324901ba177b4b

                                  SHA1

                                  bb9a9d5fc530506b704e946d7c04b110968ae838

                                  SHA256

                                  8936ffc1d25fb75f3a87fa18f481d9e02416907087852ebe21ae8c5213666aab

                                  SHA512

                                  bb99d342d011127d5342192d7a8e9c2050c1bb3541fa5b86b16255156e8bdcfbb4062f06b760ed913bac1d52c9cf4c5325b9d845ff649404472602e5c2213084

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  53185b37e7ec9daf509c0a27bc0edcf5

                                  SHA1

                                  62133f9ac420757a13809685ae6afb107225e280

                                  SHA256

                                  4e751f93188506de25515618c7fa4131f4112a358c359333e888828d8330dc28

                                  SHA512

                                  6baa002194e9597c6afe13a8deb80d70011590b03552c814300eea85599c1f603f1c0491c00465754bed2f40165ba2a47fd6391df1b20d6e3b98b12f7bd337e9

                                  Download Submit

                                • \??\pipe\LOCAL\crashpad_3192_UOIUHVMUVJBLAJMO
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit

                                • memory/4244-6-0x00007FFE85060000-0x00007FFE85B21000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/4244-9-0x00007FFE85060000-0x00007FFE85B21000-memory.dmp

                                  Filesize

                                  10.8MB

                                  Download

                                • memory/4244-8-0x000000001BA70000-0x000000001BA7C000-memory.dmp

                                  Filesize

                                  48KB

                                  Download

                                • memory/4244-7-0x00007FFE85063000-0x00007FFE85065000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4244-202-0x000000001D8C0000-0x000000001D8CA000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/4244-169-0x000000001D740000-0x000000001D74A000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/4244-0-0x00007FFE85063000-0x00007FFE85065000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4244-1-0x0000000000510000-0x000000000051E000-memory.dmp

                                  Filesize

                                  56KB

                                  Download

                                • memory/4244-327-0x000000001AFC0000-0x000000001AFCA000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/4244-328-0x000000001B080000-0x000000001B08A000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/4244-329-0x000000001AFD0000-0x000000001AFDA000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/4244-330-0x000000001B0A0000-0x000000001B0AA000-memory.dmp

                                  Filesize

                                  40KB

                                  Download

                                • memory/4244-331-0x000000001C0A0000-0x000000001C0AE000-memory.dmp

                                  Filesize

                                  56KB

                                  Download

                                • memory/4244-332-0x000000001BD00000-0x000000001BD7E000-memory.dmp

                                  Filesize

                                  504KB

                                  Download