Overview

overview

10

Static

static

10

XWorm-5.6-main.zip

windows11-21h2-x64

10

Analysis

  • max time kernel
    368s
  • max time network
    312s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-10-2024 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm-5.6-main.zip

  • Size

    24.8MB

  • MD5

    98af17dc86622b292d58fbba45d51309

  • SHA1

    44a7d9423ce00ddda8000f9d18e3fe5693b5776f

  • SHA256

    eed75f0edf37bdd0d0a64ac8723672dbfe64288fb3845b89cc3596d0511f67d1

  • SHA512

    b3b9c67e373bcba5bd039088953400a3296b374f29f5de00f56c0702da7f9eccf0c452586d486c17ab1ea5ab16240112fda8457ec258d2ba9735b17959db4b05

  • SSDEEP

    786432:3vngbHGYI0DuXXEDgfI+tjIdubuu0SVww6vZqwffr:fgbHGY2hfI8yuxV7oswXr

Score
10/10
stormkittyxwormexecutionpersistenceratstealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:8888

Mutex

y01LD4x0A3CmYCys

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain
aes.plain

Extracted

Family

xworm

C2

127.0.0.1:8888

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 7 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Drops startup file 2 IoCs
  • Executes dropped EXE 5 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 53 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4192
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:732
    • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
      "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
      1⤵
      • Executes dropped EXE
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3712
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\v3cchdcu\v3cchdcu.cmdline"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3728
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES831C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE44D5D03EEEB48FB94A6ADD1A2A27484.TMP"
          3⤵
            PID:2392
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:3864
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E4
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3424
        • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
          "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
          1⤵
          • Executes dropped EXE
          • Enumerates system info in registry
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2868
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\3siokm5r\3siokm5r.cmdline"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:2792
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES536C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6E2C620AAB94200BE8FD491A3A65DF.TMP"
              3⤵
                PID:1872
          • C:\Windows\system32\wbem\WmiApSrv.exe
            C:\Windows\system32\wbem\WmiApSrv.exe
            1⤵
              PID:5064
            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
              "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe"
              1⤵
              • Drops startup file
              • Executes dropped EXE
              • Adds Run key to start application
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:1940
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:3568
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:1964
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:2996
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
                2⤵
                • Command and Scripting Interpreter: PowerShell
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:3076
              • C:\Windows\System32\schtasks.exe
                "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
                2⤵
                • Scheduled Task/Job: Scheduled Task
                PID:1756
            • C:\Users\Admin\AppData\Roaming\XClient.exe
              C:\Users\Admin\AppData\Roaming\XClient.exe
              1⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:232
            • C:\Users\Admin\AppData\Roaming\XClient.exe
              C:\Users\Admin\AppData\Roaming\XClient.exe
              1⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:1328

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XClient.exe.log
              Filesize

              654B

              MD5

              2cbbb74b7da1f720b48ed31085cbd5b8

              SHA1

              79caa9a3ea8abe1b9c4326c3633da64a5f724964

              SHA256

              e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

              SHA512

              ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Xworm V5.6.exe.log
              Filesize

              1KB

              MD5

              8e0f23092b7a620dc2f45b4a9a596029

              SHA1

              58cc7c47602c73529e91ff9db3c74ff05459e4ea

              SHA256

              58b9918225aee046894cb3c6263687bfe4b5a5b8dff7196d72687d0f3f735034

              SHA512

              be458f811ad6a1f6b320e8d3e68e71062a8de686bae77c400d65091947b805c95024f3f1837e088cf5ecac5388d36f354285a6b57f91ea55567f19706128a043

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
              Filesize

              2KB

              MD5

              627073ee3ca9676911bee35548eff2b8

              SHA1

              4c4b68c65e2cab9864b51167d710aa29ebdcff2e

              SHA256

              85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

              SHA512

              3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
              Filesize

              944B

              MD5

              e3840d9bcedfe7017e49ee5d05bd1c46

              SHA1

              272620fb2605bd196df471d62db4b2d280a363c6

              SHA256

              3ac83e70415b9701ee71a4560232d7998e00c3db020fde669eb01b8821d2746f

              SHA512

              76adc88ab3930acc6b8b7668e2de797b8c00edcfc41660ee4485259c72a8adf162db62c2621ead5a9950f12bfe8a76ccab79d02fda11860afb0e217812cac376

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
              Filesize

              944B

              MD5

              09fa3a9354cae415b01d978986a872cf

              SHA1

              d7fea94d6f5320f94e0c94684d2faf02ef899f78

              SHA256

              95be5192e1439503771ad56bcdb38aaeb9d36a55ab80b6b5f3c6630fd97c09c2

              SHA512

              9b9c8b6cdbab965200b138fb3aedceb5ed73acf74e2853c0fa57174cd87611dcab6f727ce0b844f7b3bc54e3f779869bd2ee7c5ef045270e2cdc506ca50c4306

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
              Filesize

              944B

              MD5

              4ae54c3a00d1d664f74bfd4f70c85332

              SHA1

              67f3ed7aaea35153326c1f907c0334feef08484c

              SHA256

              1e56a98f74d4a604bef716b47ef730d88f93aec57a98c89aa4423394cbc95b5c

              SHA512

              b3bbdefeaadbdaac00f23ce3389bbd3b565bd7e0079aeebf3e4afba892382e1cd3896c00bb2e5a98146ac593f9bdc5568d0bd08c5b0139f0814b1a38911c3889

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\3siokm5r\3siokm5r.0.vb
              Filesize

              78KB

              MD5

              efd8aee2c5222b084bb58f499b232267

              SHA1

              f95766434cbe3120368cb965b0e6e52248321b9f

              SHA256

              63c4e284dcf19f865ec01ee21b32e262696cf7369f04ec1410f6b3bdc0829e07

              SHA512

              8ee73e3d1a7ae19f5ccec65f22238c2f20c5b722b8db5d787ad85c0d772d9d6083f712ae428a4aa17706889f2487fdc41e7e78a53d9b816f5265681cd4b70979

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\3siokm5r\3siokm5r.cmdline
              Filesize

              322B

              MD5

              994c3b206a50ac33a3e48192d58c5b9c

              SHA1

              cb5f51519b31fc69504f707d10be6aa02c95224f

              SHA256

              aa8f79a9aa99eaf495eb4f68f23dc56e492e823e2227930cbfc59414960af540

              SHA512

              d73c39a87955570935948c9317bbaafa376a4a86abc6c066153e98503a2b9360e7828dc4006fde43ad3ed1c59881a50e95df7b2af453c75d86e4d043295f3880

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\RES536C.tmp
              Filesize

              1KB

              MD5

              ce8a45bcdbcc4bdd4af18df6d3e5b502

              SHA1

              26273684c197791551d9074b80058e6f95791455

              SHA256

              d652398420844abc83661e142165391a7ef0a7c24b23ab2ce4846e4889b7fc68

              SHA512

              3697f3f7f35c3e80695ff3d56a42922364e7dbf0653d4a6a6faa2179132a47783fb0d4caf93489c60ded0ae0a5fe6fd1403271e7167f484641a5dcce10d002d9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\RES831C.tmp
              Filesize

              1KB

              MD5

              edab15695ec6bfb6acae446ee6c20f13

              SHA1

              3da7ce9de7d1b013c7037d255254e50ed13a8741

              SHA256

              a351ab8624f98e3a5a6542e4e53b2f34ed8c6442c741041895b23b81e3e5e394

              SHA512

              7d82d2338ac2759ba70775e5d53eafd8dfb6edc5e50dcdece615fb912aa5793d39bb73ebde684a0497e9e25e9d50ccec394d6c7a74f875516bc21a741590426c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nwcaiqqc.hh5.ps1
              Filesize

              60B

              MD5

              d17fe0a3f47be24a6453e9ef58c94641

              SHA1

              6ab83620379fc69f80c0242105ddffd7d98d5d9d

              SHA256

              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

              SHA512

              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\v3cchdcu\v3cchdcu.0.vb
              Filesize

              78KB

              MD5

              daa10818466dc6b581ed049ef6b8056f

              SHA1

              686a58c8f36a33182ecf28929de600737e5ec60c

              SHA256

              f753fef6852a3c3495c7b0cefafedfc8bdfd8fead6647efe0b7533e5501e7ab5

              SHA512

              1a02e4b7a3c701a60e67de5a612dcf110521f23004310f5477cb406a9ae2f116c864a91de1913be47f88a0ce079d58968f09fb25afe541c7ad38cddc83dbf4b7

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\v3cchdcu\v3cchdcu.cmdline
              Filesize

              322B

              MD5

              6abb7067d2d243bbe43a940b8ff9243b

              SHA1

              f837cd8aef8e5315e53ca69faf9ba125fb37876e

              SHA256

              fd0c4987d4bfd15621bc243837b7c84bb44c033f3480de5f8e04f1552e2f66de

              SHA512

              e5f48830cba880a35a5050da5d9388a9d2bdeafdf752c67796c2c2d1597354f8271d17067be489a540b3bcb0c89977a48a7d1b9861eed6ef57a01d4796d4f871

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\vbcE44D5D03EEEB48FB94A6ADD1A2A27484.TMP
              Filesize

              1KB

              MD5

              d40c58bd46211e4ffcbfbdfac7c2bb69

              SHA1

              c5cf88224acc284a4e81bd612369f0e39f3ac604

              SHA256

              01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

              SHA512

              48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\GMap.NET.Core.dll
              Filesize

              2.9MB

              MD5

              819352ea9e832d24fc4cebb2757a462b

              SHA1

              aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

              SHA256

              58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

              SHA512

              6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\GMap.NET.WindowsForms.dll
              Filesize

              147KB

              MD5

              32a8742009ffdfd68b46fe8fd4794386

              SHA1

              de18190d77ae094b03d357abfa4a465058cd54e3

              SHA256

              741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

              SHA512

              22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\GeoIP.dat
              Filesize

              1.2MB

              MD5

              8ef41798df108ce9bd41382c9721b1c9

              SHA1

              1e6227635a12039f4d380531b032bf773f0e6de0

              SHA256

              bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

              SHA512

              4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Guna.UI2.dll
              Filesize

              1.9MB

              MD5

              bcc0fe2b28edd2da651388f84599059b

              SHA1

              44d7756708aafa08730ca9dbdc01091790940a4f

              SHA256

              c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

              SHA512

              3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\icon (15).ico
              Filesize

              361KB

              MD5

              e3143e8c70427a56dac73a808cba0c79

              SHA1

              63556c7ad9e778d5bd9092f834b5cc751e419d16

              SHA256

              b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

              SHA512

              74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\NAudio.dll
              Filesize

              502KB

              MD5

              3b87d1363a45ce9368e9baec32c69466

              SHA1

              70a9f4df01d17060ec17df9528fca7026cc42935

              SHA256

              81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

              SHA512

              1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Newtonsoft.Json.dll
              Filesize

              695KB

              MD5

              195ffb7167db3219b217c4fd439eedd6

              SHA1

              1e76e6099570ede620b76ed47cf8d03a936d49f8

              SHA256

              e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

              SHA512

              56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\ActiveWindows.dll
              Filesize

              14KB

              MD5

              5a766a4991515011983ceddf7714b70b

              SHA1

              4eb00ae7fe780fa4fe94cedbf6052983f5fd138b

              SHA256

              567b9861026a0dbc5947e7515dc7ab3f496153f6b3db57c27238129ec207fc52

              SHA512

              4bd6b24e236387ff58631207ea42cd09293c3664468e72cd887de3b3b912d3795a22a98dcf4548fb339444337722a81f8877abb22177606d765d78e48ec01fd8

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Chat.dll
              Filesize

              18KB

              MD5

              59f75c7ffaccf9878a9d39e224a65adf

              SHA1

              46b0f61a07e85e3b54b728d9d7142ddc73c9d74b

              SHA256

              aab20f465955d77d6ec3b5c1c5f64402a925fb565dda5c8e38c296cb7406e492

              SHA512

              80056163b96ce7a8877874eaae559f75217c0a04b3e3d4c1283fe23badfc95fe4d587fd27127db4be459b8a3adf41900135ea12b0eeb4187adbcf796d9505cb8

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Chromium.dll
              Filesize

              32KB

              MD5

              edb2f0d0eb08dcd78b3ddf87a847de01

              SHA1

              cc23d101f917cad3664f8c1fa0788a89e03a669c

              SHA256

              b6d8bccdf123ceac6b9642ad3500d4e0b3d30b9c9dd2d29499d38c02bd8f9982

              SHA512

              8f87da834649a21a908c95a9ea8e2d94726bd9f33d4b7786348f6371dfae983cc2b5b5d4f80a17a60ded17d4eb71771ec25a7c82e4f3a90273c46c8ee3b8f2c3

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Clipboard.dll
              Filesize

              14KB

              MD5

              831eb0de839fc13de0abab64fe1e06e7

              SHA1

              53aad63a8b6fc9e35c814c55be9992abc92a1b54

              SHA256

              e31a1c2b1baa2aa2c36cabe3da17cd767c8fec4c206bd506e889341e5e0fa959

              SHA512

              2f61bcf972671d96e036b3c99546cd01e067bef15751a87c00ba6d656decb6b69a628415e5363e650b55610cf9f237585ada7ce51523e6efc0e27d7338966bee

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Cmstp-Bypass.dll
              Filesize

              11KB

              MD5

              cf15259e22b58a0dfd1156ab71cbd690

              SHA1

              3614f4e469d28d6e65471099e2d45c8e28a7a49e

              SHA256

              fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b

              SHA512

              7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\FileManager.dll
              Filesize

              679KB

              MD5

              641a8b61cb468359b1346a0891d65b59

              SHA1

              2cdc49bcd7428fe778a94cdcd19cabf5ece8c9c0

              SHA256

              b58ed3ebbcd27c7f4b173819528ff4db562b90475a5e304521ed5c564d39fffd

              SHA512

              042702d34664ea6288e891c9f7aa10a5b4b07317f25f82d6c9fa9ba9b98645c14073d0f66637060b416a30c58dec907d9383530320a318523c51f19ebd0a4fee

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\FilesSearcher.dll
              Filesize

              478KB

              MD5

              6f8f1621c16ac0976600146d2217e9d2

              SHA1

              b6aa233b93aae0a17ee8787576bf0fbc05cedde4

              SHA256

              e66e1273dc59ee9e05ce3e02f1b760b18dd296a47d92b3ce5b24efb48e5fb21b

              SHA512

              eb55acdea8648c8cdefee892758d9585ff81502fc7037d5814e1bd01fee0431f4dde0a4b04ccb2b0917e1b11588f2dc9f0bfe750117137a01bbd0c508f43ef6a

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\HBrowser.dll
              Filesize

              25KB

              MD5

              f0e921f2f850b7ec094036d20ff9be9b

              SHA1

              3b2d76d06470580858cc572257491e32d4b021c0

              SHA256

              75e8ff57fa6d95cf4d8405bffebb2b9b1c55a0abba0fe345f55b8f0e88be6f3c

              SHA512

              16028ae56cd1d78d5cb63c554155ae02804aac3f15c0d91a771b0dcd5c8df710f39481f6545ca6410b7cd9240ec77090f65e3379dcfe09f161a3dff6aec649f3

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\HRDP.dll
              Filesize

              1.7MB

              MD5

              f27b6e8cf5afa8771c679b7a79e11a08

              SHA1

              6c3fcf45e35aaf6b747f29a06108093c284100da

              SHA256

              4aa18745a5fddf7ec14adaff3ad1b4df1b910f4b6710bf55eb27fb3942bb67de

              SHA512

              0d84966bbc9290b04d2148082563675ec023906d58f5ba6861c20542271bf11be196d6ab24e48372f339438204bd5c198297da98a19fddb25a3df727b5aafa33

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\HVNC.dll
              Filesize

              58KB

              MD5

              30eb33588670191b4e74a0a05eecf191

              SHA1

              08760620ef080bb75c253ba80e97322c187a6b9f

              SHA256

              3a287acb1c89692f2c18596dd4405089ac998bb9cf44dd225e5211923d421e96

              SHA512

              820cca77096ff2eea8e459a848f7127dc46af2e5f42f43b2b7375be6f4778c1b0e34e4aa5a97f7fbabe0b53dcd351d09c231bb9afedf7bcec60d949918a06b97

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\HVNCMemory.dll
              Filesize

              39KB

              MD5

              065f0830d1e36f8f44702b0f567082e8

              SHA1

              724c33558fcc8ecd86ee56335e8f6eb5bfeac0db

              SHA256

              285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4

              SHA512

              bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\HiddenApps.dll
              Filesize

              45KB

              MD5

              ba2141a7aefa1a80e2091bf7c2ca72db

              SHA1

              9047b546ce9c0ea2c36d24a10eb31516a24a047d

              SHA256

              6a098f5a7f9328b35d73ee232846b13e2d587d47f473cbc9b3f1d74def7086ea

              SHA512

              91e43620e5717b699e34e658d6af49bba200dcf91ac0c9a0f237ec44666b57117a13bc8674895b7a9cac5a17b2f91cdc3daa5bcc52c43edbabd19bc1ed63038c

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Informations.dll
              Filesize

              22KB

              MD5

              67a884eeb9bd025a1ef69c8964b6d86f

              SHA1

              97e00d3687703b1d7cc0939e45f8232016d009d9

              SHA256

              cba453460be46cfa705817abbe181f9bf65dca6b6cea1ad31629aa08dbeaf72b

              SHA512

              52e852021a1639868e61d2bd1e8f14b9c410c16bfca584bf70ae9e71da78829c1cada87d481e55386eec25646f84bb9f3baee3b5009d56bcbb3be4e06ffa0ae7

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Keylogger.dll
              Filesize

              17KB

              MD5

              246f7916c4f21e98f22cb86587acb334

              SHA1

              b898523ed4db6612c79aad49fbd74f71ecdbd461

              SHA256

              acfe5c3aa2a3bae3437ead42e90044d7eee972ead25c1f7486bea4a23c201d3a

              SHA512

              1c256ca9b9857e6d393461b55e53175b7b0d88d8f3566fd457f2b3a4f241cb91c9207d54d8b0867ea0abd3577d127835beb13157c3e5df5c2b2b34b3339bd15d

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Maps.dll
              Filesize

              15KB

              MD5

              806c3802bfd7a97db07c99a5c2918198

              SHA1

              088393a9d96f0491e3e1cf6589f612aa5e1df5f8

              SHA256

              34b532a4d0560e26b0d5b81407befdc2424aacc9ef56e8b13de8ad0f4b3f1ab6

              SHA512

              ed164822297accd3717b4d8e3927f0c736c060bb7ec5d99d842498b63f74d0400c396575e9fa664ad36ae8d4285cfd91e225423a0c77a612912d66ea9f63356c

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\MessageBox.dll
              Filesize

              14KB

              MD5

              7db8b7e15194fa60ffed768b6cf948c2

              SHA1

              3de1b56cc550411c58cd1ad7ba845f3269559b5c

              SHA256

              bc09b671894c9a36f4eca45dd6fbf958a967acea9e85b66c38a319387b90dd29

              SHA512

              e7f5430b0d46f133dc9616f9eeae8fb42f07a8a4a18b927dd7497de29451086629dfc5e63c0b2a60a4603d8421c6570967c5dbde498bb480aef353b3ed8e18a1

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Microphone.dll
              Filesize

              540KB

              MD5

              9c3d90ccf5d47f6eef83542bd08d5aeb

              SHA1

              0c0aa80c3411f98e8db7a165e39484e8dae424c7

              SHA256

              612898afdf9120cfef5843f9b136c66ecc3e0bb6f3d1527d0599a11988b7783c

              SHA512

              0786f802fbd24d4ab79651298a5ba042c275d7d01c6ac2c9b3ca1e4ee952de7676ec8abf68d226b72696e9480bd4d4615077163efbcda7cff6a5f717736cbdfe

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Ngrok-Installer.dll
              Filesize

              400KB

              MD5

              3e19341a940638536b4a7891d5b2b777

              SHA1

              ca6f5b28e2e54f3f86fd9f45a792a868c82e35b5

              SHA256

              b574aabf02a65aa3b6f7bfff0a574873ce96429d3f708a10f87bc1f6518f14aa

              SHA512

              06639892ea4a27c8840872b0de450ae1a0dac61e1dcb64523973c629580323b723c0e9074ff2ddf9a67a8a6d45473432ffc4a1736c0ddc74e054ae13b774f3e2

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Options.dll
              Filesize

              30KB

              MD5

              97193fc4c016c228ae0535772a01051d

              SHA1

              f2f6d56d468329b1e9a91a3503376e4a6a4d5541

              SHA256

              5c34aee5196e0f8615b8d1d9017dd710ea28d2b7ac99295d46046d12eea58d78

              SHA512

              9f6d7da779e8c9d7307f716d4a4453982bb7f090c35947850f13ec3c9472f058fc11e1120a9641326970b9846d3c691e0c2afd430c12e5e8f30abadb5dcf5ed2

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Pastime.dll
              Filesize

              17KB

              MD5

              6430ab4458a703fb97be77d6bea74f5b

              SHA1

              59786b619243d4e00d82b0a3b7e9deb6c71b283c

              SHA256

              a46787527ac34cd71d96226ddfc0a06370b61e4ad0267105be2aec8d82e984c1

              SHA512

              7b6cf7a613671826330e7f8daddc4c7c37b4d191cf4938c1f5b0fb7b467b28a23fb56e412dc82192595cfa9d5b552668ef0aaa938c8ae166029a610b246d3ecc

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Performance.dll
              Filesize

              16KB

              MD5

              1841c479da7efd24521579053efcf440

              SHA1

              0aacfd06c7223b988584a381cb10d6c3f462fc6a

              SHA256

              043b6a0284468934582819996dbaa70b863ab4caa4f968c81c39a33b2ac81735

              SHA512

              3005e45728162cc04914e40a3b87a1c6fc7ffde5988d9ff382d388e9de4862899b3390567c6b7d54f0ec02283bf64bcd5529319ca32295c109a7420848fa3487

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\ProcessManager.dll
              Filesize

              19KB

              MD5

              3d4ec14005a25a4cb05b1aa679cf22bf

              SHA1

              6f4a827d94ad020bc23fbd04b7d8ca2995267094

              SHA256

              7cf1921a5f8429b2b9e8197de195cfae2353fe0d8cb98e563bdf1e782fe2ee4e

              SHA512

              0ee72d345d5431c7a6ffc71cf5e37938b93fd346e5a4746f5967f1aa2b69c34ca4ba0d0abd867778d8ca60b56f01e2d7fc5e7cf7c5a39a92015d4df2d68e382e

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Programs.dll
              Filesize

              13KB

              MD5

              a6734a047b0b57055807a4f33a80d4dd

              SHA1

              0b3a78b2362b0fd3817770fdc6dd070e3305615c

              SHA256

              953a8276faa4a18685d09cd9187ed3e409e3cccd7daf34b6097f1eb8d96125a4

              SHA512

              7292eab25f0e340e78063f32961eff16bb51895ad46cfd09933c0c30e3315129945d111a877a191fc261ad690ad6b02e1f2cabc4ff2fdac962ee272b41dd6dfa

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Ransomware.dll
              Filesize

              20KB

              MD5

              ccc9ea43ead4aa754b91e2039fe0ac1c

              SHA1

              f382635559045ac1aeb1368d74e6b5c6e98e6a48

              SHA256

              14c2bbccdabb8408395d636b44b99de4b16db2e6bf35181cb71e7be516d83ad9

              SHA512

              5d05254ba5cd7b1967a84d5b0e6fd23c54766474fb8660a001bf3d21a3f5c8c20fcdb830fb8659a90da96655e6ee818ceefb6afa610cc853b7fba84bb9db4413

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Recovery.dll
              Filesize

              1.1MB

              MD5

              776193701a2ed869b5f1b6e71970a0ac

              SHA1

              2f973458531aaa283cdc835af4e24f5f709cbad1

              SHA256

              66dbe3b90371fe58caa957e83c1c1f0acce941a36cf140a0f07e64403dd13303

              SHA512

              a41f981c861e8d40487a9cd0863f9055165427e10580548e972a47ef47cf3e777aab2df70dc6f464cc3077860e86eda7462e9754f9047a1ecc0ed9721663aeb9

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\Regedit.dll
              Filesize

              15KB

              MD5

              53a2cfe273c311b64cf5eaca62f8c2fd

              SHA1

              4ec95ec4777a0c5b4acde57a3490e1c139a8f648

              SHA256

              2f73dc0f3074848575c0408e02079fd32b7497f8816222ae3ce8c63725a62fe6

              SHA512

              992b37d92157ae70a106a9835de46a4ac156341208cfe7fb0477dc5fc3bc9ddae71b35e2336fc5c181630bac165267b7229f97be436912dfd9526a020d012948

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Plugins\RemoteDesktop.dll
              Filesize

              18KB

              MD5

              e6367d31cf5d16b1439b86ae6b7b31c3

              SHA1

              f52f1e73614f2cec66dab6af862bdcb5d4d9cf35

              SHA256

              cc52384910cee944ddbcc575a8e0177bfa6b16e3032438b207797164d5c94b34

              SHA512

              8bc78a9b62f4226be146144684dc7fcd085bcf4d3d0558cb662aacc143d1438b7454e8ac70ca83ebeedc2a0fcea38ad8e77a5d926a85254b5a7d420a5605538a

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\SimpleObfuscator.dll
              Filesize

              1.4MB

              MD5

              9043d712208178c33ba8e942834ce457

              SHA1

              e0fa5c730bf127a33348f5d2a5673260ae3719d1

              SHA256

              b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

              SHA512

              dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Sounds\Chat.wav
              Filesize

              45KB

              MD5

              832a3652fd780edcdb2439ec33532c0d

              SHA1

              f0754ee6519d77700f5ee5b744b8c99386d7b577

              SHA256

              45f4136e58a5f749d125d2ab54308f81954d2c5b364b66013660a6c358845d1e

              SHA512

              3b3b55afcdfa00d9b7085b20ed52a7b4d8b7d403f5d0d1c539781db1a20257efd8c856e19b8f32ea33766a580690b498ff063849519691a9a4cbbcd3e9447cd4

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Sounds\Intro.wav
              Filesize

              238KB

              MD5

              ad3b4fae17bcabc254df49f5e76b87a6

              SHA1

              1683ff029eebaffdc7a4827827da7bb361c8747e

              SHA256

              e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

              SHA512

              3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
              Filesize

              39KB

              MD5

              ce4e6361f0100741b806a03fa5ef4492

              SHA1

              0f04916702207050c1ea7c4faaf1c4b9d77f1ca6

              SHA256

              627b30564489fb2f3e17ef25e00109550db1d27e456db81ed1d4d26133c888b1

              SHA512

              c19f7311bee0b808bdf96b0b446b87a94775a56f3be7bb370b3977f5ab852fda45f886173d1f29191caafb5542519a05226efabff8db92fcb69876277ad0517c

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
              Filesize

              71KB

              MD5

              55a15cccc1e9204c7da23bf7029ed58a

              SHA1

              c14c4ae459aa9d8fc59bc7867c739861d610d41a

              SHA256

              caa7e85733ebae490aafde5ade1d078b8df1327ca5c5ed3a250971faf017220a

              SHA512

              269772d384ea61c5f0b4115853a402d9aede7d407a5a610a788721aab6130b031d56ca22d71e2db63c01b43966d785179f2f22028beb51e2d838edaf8c5dc04c

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
              Filesize

              39KB

              MD5

              924c2b6f2c5f374043fb95b80b5166f1

              SHA1

              6edc1563540671aac069319060ffa95913292d0e

              SHA256

              b380ed1540717653f722bc1a7f3ba575fc2a7d98dc26c501a542276e085798da

              SHA512

              6ffdef84f85123cc6a055d18c6e4d2c85ed795bf0434d2e07684eef94dce3588da1715bca5b65b25a8731f067df77c9da16422e5744e5235ce4ad8e4b18f1a3f

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
              Filesize

              70KB

              MD5

              c5ca2055deddec1a96282c055a1189f9

              SHA1

              2490af14d123542c9d8d0b545460849d2d055fd4

              SHA256

              e12bb03ec1122bcbf424e7bfeb9e59b6760030e706fbe927b80bc55f96654096

              SHA512

              e9fdc89a5b19b456ac217dd3ef8ee55d358aa5bfcd6688069d61297219973adfc1974246b22763c2f20e59cee1264e9410387619e66e6c98f9acd422d318d77e

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
              Filesize

              14.9MB

              MD5

              56ccb739926a725e78a7acf9af52c4bb

              SHA1

              5b01b90137871c3c8f0d04f510c4d56b23932cbc

              SHA256

              90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

              SHA512

              2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

              Download Submit

            • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe.config
              Filesize

              183B

              MD5

              66f09a3993dcae94acfe39d45b553f58

              SHA1

              9d09f8e22d464f7021d7f713269b8169aed98682

              SHA256

              7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

              SHA512

              c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

              Download Submit

            • memory/1940-351-0x00000000008A0000-0x00000000008B8000-memory.dmp

              Filesize

              96KB

              Download

            • memory/1940-472-0x000000001B420000-0x000000001B42C000-memory.dmp

              Filesize

              48KB

              Download

            • memory/1940-510-0x000000001C410000-0x000000001C41C000-memory.dmp

              Filesize

              48KB

              Download

            • memory/2868-405-0x0000025D71C60000-0x0000025D71CE2000-memory.dmp

              Filesize

              520KB

              Download

            • memory/2868-409-0x0000025D7DC40000-0x0000025D7DF22000-memory.dmp

              Filesize

              2.9MB

              Download

            • memory/2868-411-0x0000025D7D1A0000-0x0000025D7D252000-memory.dmp

              Filesize

              712KB

              Download

            • memory/2868-323-0x0000025D71F00000-0x0000025D71F46000-memory.dmp

              Filesize

              280KB

              Download

            • memory/2868-407-0x0000025D71C00000-0x0000025D71C2C000-memory.dmp

              Filesize

              176KB

              Download

            • memory/2868-318-0x0000025D71760000-0x0000025D71769000-memory.dmp

              Filesize

              36KB

              Download

            • memory/2868-319-0x0000025D71F50000-0x0000025D71F5D000-memory.dmp

              Filesize

              52KB

              Download

            • memory/2868-320-0x0000025D72150000-0x0000025D7216E000-memory.dmp

              Filesize

              120KB

              Download

            • memory/2868-321-0x0000025D71F60000-0x0000025D71F6B000-memory.dmp

              Filesize

              44KB

              Download

            • memory/2868-317-0x0000025D71F00000-0x0000025D71F46000-memory.dmp

              Filesize

              280KB

              Download

            • memory/3568-357-0x0000028061380000-0x00000280613A2000-memory.dmp

              Filesize

              136KB

              Download

            • memory/3712-251-0x00007FFDE5B73000-0x00007FFDE5B75000-memory.dmp

              Filesize

              8KB

              Download

            • memory/3712-314-0x00007FFDE5B70000-0x00007FFDE6632000-memory.dmp

              Filesize

              10.8MB

              Download

            • memory/3712-252-0x00007FFDE5B70000-0x00007FFDE6632000-memory.dmp

              Filesize

              10.8MB

              Download

            • memory/3712-256-0x00000215786A0000-0x00000215786AD000-memory.dmp

              Filesize

              52KB

              Download

            • memory/3712-249-0x00000215796D0000-0x00000215798C4000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/3712-286-0x0000021580130000-0x0000021580298000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/3712-254-0x0000021579550000-0x0000021579596000-memory.dmp

              Filesize

              280KB

              Download

            • memory/3712-257-0x00000215786B0000-0x00000215786CE000-memory.dmp

              Filesize

              120KB

              Download

            • memory/3712-258-0x00000215786D0000-0x00000215786DB000-memory.dmp

              Filesize

              44KB

              Download

            • memory/3712-255-0x0000021577FB0000-0x0000021577FB9000-memory.dmp

              Filesize

              36KB

              Download

            • memory/3712-245-0x00007FFDE5B73000-0x00007FFDE5B75000-memory.dmp

              Filesize

              8KB

              Download

            • memory/3712-246-0x000002155C610000-0x000002155D4F8000-memory.dmp

              Filesize

              14.9MB

              Download

            • memory/3712-247-0x00007FFDE5B70000-0x00007FFDE6632000-memory.dmp

              Filesize

              10.8MB

              Download