Overview

overview

10

Static

static

10

XWorm-5.6-main.zip

windows11-21h2-x64

10

Analysis

  • max time kernel
    389s
  • max time network
    384s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21-10-2024 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm-5.6-main.zip

  • Size

    24.8MB

  • MD5

    98af17dc86622b292d58fbba45d51309

  • SHA1

    44a7d9423ce00ddda8000f9d18e3fe5693b5776f

  • SHA256

    eed75f0edf37bdd0d0a64ac8723672dbfe64288fb3845b89cc3596d0511f67d1

  • SHA512

    b3b9c67e373bcba5bd039088953400a3296b374f29f5de00f56c0702da7f9eccf0c452586d486c17ab1ea5ab16240112fda8457ec258d2ba9735b17959db4b05

  • SSDEEP

    786432:3vngbHGYI0DuXXEDgfI+tjIdubuu0SVww6vZqwffr:fgbHGY2hfI8yuxV7oswXr

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

OI6iZgjnsVJKGNav

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain
aes.plain
aes.plain

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

Signatures

  • Detect Xworm Payload 11 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Executes dropped EXE 6 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 53 IoCs
  • Suspicious behavior: EnumeratesProcesses 49 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm-5.6-main.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4044
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4776
    • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
      "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
      1⤵
      • Executes dropped EXE
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1048
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4k2hddg4\4k2hddg4.cmdline"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3460
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES497E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1BFD6DB520C241A2B6B7B95A81DB045.TMP"
          3⤵
            PID:1564
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:4148
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E0
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:400
        • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
          "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe"
          1⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:2040
        • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
          "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
          1⤵
          • Executes dropped EXE
          • Enumerates system info in registry
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:988
          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
            "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gxhs4yub\gxhs4yub.cmdline"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:3324
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDF21.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC7607D1B3C0641A0B7D67DE8594791D3.TMP"
              3⤵
                PID:1796
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uz0x4y1k\uz0x4y1k.cmdline"
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:4116
              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD70.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc471F1C85EFE341CC8014281B8843E49.TMP"
                3⤵
                  PID:1700
            • C:\Windows\system32\wbem\WmiApSrv.exe
              C:\Windows\system32\wbem\WmiApSrv.exe
              1⤵
                PID:4504
              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:240
              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:3352
              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                "C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe"
                1⤵
                • Executes dropped EXE
                • Suspicious use of AdjustPrivilegeToken
                PID:1540

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Xworm V5.6.exe.log
                Filesize

                1KB

                MD5

                8e0f23092b7a620dc2f45b4a9a596029

                SHA1

                58cc7c47602c73529e91ff9db3c74ff05459e4ea

                SHA256

                58b9918225aee046894cb3c6263687bfe4b5a5b8dff7196d72687d0f3f735034

                SHA512

                be458f811ad6a1f6b320e8d3e68e71062a8de686bae77c400d65091947b805c95024f3f1837e088cf5ecac5388d36f354285a6b57f91ea55567f19706128a043

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\4k2hddg4\4k2hddg4.0.vb
                Filesize

                78KB

                MD5

                71cb42b38f2b3946d97fb7e21c8aba5a

                SHA1

                b3cfd34dfbc110fade4aef5bb5bba3bcb28f8423

                SHA256

                f14ec20f71f40f73c9e42004de393f31c79141042544dec8d33910d601fc87a3

                SHA512

                48dc5aafc794458153de4b51e371f00dec8d055db52252293943dc5e1afc8b8752305447ae880e66fe823e76247b4549e2914f57fe4aaa12a049cea62f3d58d4

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\4k2hddg4\4k2hddg4.cmdline
                Filesize

                322B

                MD5

                d6e9ec6a788dd7b5ac6644abf5cf4d4d

                SHA1

                41e28fc81947b8b1304f8536a93082a6cda7a71a

                SHA256

                f1578d96eb9b26dec815fafffb83642070b1378af9e4357318e241bea16ee71a

                SHA512

                72b63d513be07370fcbf911c9453b87b9af41294221cf92803eb16056f5350d4b7213bab3eb00989781ecc7ab5d78b4e2fc09ec87aff243d4ebf0ae08b314a9b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\RES497E.tmp
                Filesize

                1KB

                MD5

                2bda7895e08d9697be5d8c8d040fe656

                SHA1

                59794f69a9303b16c55dcfd896f593b15db2fd90

                SHA256

                69063ef15cf6d820fea4f45f9e9290bc26970b92ca37b783ca86212d9acb9b01

                SHA512

                9c24f6356b145db93fbd0777ccc6f94a70f9040e851e0c38de2a9948bc8374111e429987e6c4ca7ac6821ec496be2276adc5ec170f635443bfc4b52c3b354e14

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\RESD70.tmp
                Filesize

                1KB

                MD5

                59b0d6477572ee89534d14709d5a5d2d

                SHA1

                816bb866447ea3fb78e237ccd3a3aed8fdd2d202

                SHA256

                ea7c43b08e6412e3bf66d4ad097be264228ac05d4ae838ea64c5e76e12f35d53

                SHA512

                3d9fc66b40ff77d9b1b6fd7d6e7e6cb312e2b34b71d30b6210ce68a2de9ace00a8acb6f514395122f345c79db7a01770c22278b9762420137166db32fa155130

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\RESDF21.tmp
                Filesize

                1KB

                MD5

                77c9051555ce6313ad9a17e8540011aa

                SHA1

                6e45cd3f1ee8f540854b3bb3af8df9cda7e42369

                SHA256

                4528d811b6a751abc8808b56ddcb29492b2660881ab05095bb5c871281ab92a1

                SHA512

                ae27bcf8f07e9c244cfd734bacc493dfb27c24cc980295dc2a80cad292947563ff526152788b0b3c6a54682965d96af4a711b9fe9787d73b14a36f5ecc17d519

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\gxhs4yub\gxhs4yub.0.vb
                Filesize

                78KB

                MD5

                bd39fe6fbcc97a1f5b95c88847877960

                SHA1

                85ade326b7848ed5191a7e5ec21e08db82676764

                SHA256

                996368d28497af801f95ee2ac67ffc7dae82f2c29e9bbc7179e4452114310a11

                SHA512

                9013ec3be9c69d5d84f1e0933047acffd45a23f79c1a62999963f481920e1e380a981da1362c7c4c68703b26c9abbdde48bdbe0ea1354bb893875d50a00fa93b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\gxhs4yub\gxhs4yub.cmdline
                Filesize

                322B

                MD5

                2573f514d450867c055ab3e9f6bd7715

                SHA1

                90794772ad1503056c48770458aa7a3864580aa9

                SHA256

                185c8d5cf660ec7d9fb55b869771ae3aaaf6c44ab8f753e64da154a43675a837

                SHA512

                9706ca185e46a22736455f73557e387bb0cd7093eaa65a05b3a114e6a3219baea8027a65edf5128a8fb031e57ce9570c5f7d017bad424e822c8456501d7b1f56

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\uz0x4y1k\uz0x4y1k.0.vb
                Filesize

                78KB

                MD5

                e33a227b3fc4fe33cda6ce28325bbd4e

                SHA1

                005f3ce2916651102ce2112b6877279c110df31d

                SHA256

                bf2fdc2a86423a4a849f2c05e3a66306892ae0f70373be54a591996ebf9dfcce

                SHA512

                a45b769d8bb6a9d1c4c70956420b55bd2ead3b0f27c0039710f9627928579ae9de307617fb2c279288d4abc01ac69e0589867df089ad780a332e56ba3ee5715b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\uz0x4y1k\uz0x4y1k.cmdline
                Filesize

                322B

                MD5

                5a6f01b34aeb4f0540e5f5b5d6fde7fa

                SHA1

                b14c03ac83a4d930718142b4e077ac6cf4c3d3ff

                SHA256

                004f2fb150f3d83d819225a194dd7fe7cf2aad84cdd2264ecc348aa218d5df60

                SHA512

                b9b027a81846b29bf31337fef79b9948bd5cf7bd57005763ca1958f6fa333db18b6adeed57d35fe98fddde8c2ab0ca958fce3699109fe0c693f1321b9c9f816f

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\vbc1BFD6DB520C241A2B6B7B95A81DB045.TMP
                Filesize

                1KB

                MD5

                d40c58bd46211e4ffcbfbdfac7c2bb69

                SHA1

                c5cf88224acc284a4e81bd612369f0e39f3ac604

                SHA256

                01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

                SHA512

                48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\GeoIP.dat
                Filesize

                1.2MB

                MD5

                8ef41798df108ce9bd41382c9721b1c9

                SHA1

                1e6227635a12039f4d380531b032bf773f0e6de0

                SHA256

                bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

                SHA512

                4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Guna.UI2.dll
                Filesize

                1.9MB

                MD5

                bcc0fe2b28edd2da651388f84599059b

                SHA1

                44d7756708aafa08730ca9dbdc01091790940a4f

                SHA256

                c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

                SHA512

                3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Icons\icon (15).ico
                Filesize

                361KB

                MD5

                e3143e8c70427a56dac73a808cba0c79

                SHA1

                63556c7ad9e778d5bd9092f834b5cc751e419d16

                SHA256

                b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

                SHA512

                74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\SimpleObfuscator.dll
                Filesize

                1.4MB

                MD5

                9043d712208178c33ba8e942834ce457

                SHA1

                e0fa5c730bf127a33348f5d2a5673260ae3719d1

                SHA256

                b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

                SHA512

                dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Sounds\Intro.wav
                Filesize

                238KB

                MD5

                ad3b4fae17bcabc254df49f5e76b87a6

                SHA1

                1683ff029eebaffdc7a4827827da7bb361c8747e

                SHA256

                e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

                SHA512

                3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                Filesize

                45KB

                MD5

                d3447f8b95f5107746819fcb52b9ed23

                SHA1

                8c8fdf9215b42462f85b1e9918a7ebd44b354c3d

                SHA256

                c0ddafa82c51e307675e6d295fd1cd9955155d4bb32c700986075486b6b897e9

                SHA512

                5ffd338e91b20a9f601678f4809b75466d2d1d0325e4df952f8b02df21883a5c9f8cc20d8395cbab6ae1fad40c554e158f935ab32707a1397d40df624f2e49ca

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                Filesize

                68KB

                MD5

                69926d550de76928f18afc717b50a490

                SHA1

                0f0698ee57e04eaeb6f20f39e195fe897533a1e4

                SHA256

                e279fbab9e74817484f1ef1fe15a178c204deda7748d761feb7c24edc4a4304f

                SHA512

                aa7f3f8389cae5468281318a33f51be720bee592501ad0078e5757877a2b68d18f347045a49f28dfb8b095795f71cec3fcb4ba82af716fd332755bcd14868f47

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                Filesize

                32KB

                MD5

                11f5ff83e3c261fd958b4bbbf660774b

                SHA1

                25a08e34ac76c285bc1b5a9625f8600d123f26ce

                SHA256

                1506eac2e408628acf0dc894a099b61f767c240e9e9e2733caac6773910e6dcb

                SHA512

                ede3c2acc23cc92ca5b5ef5b7e84c79ed68d9e7346e45444f57cb1c5a5d727dfb911e6df90b3d9bafe756e325f2059846fbfb2017af7fb383ac929c11eb3b4d1

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                Filesize

                45KB

                MD5

                eaf3093667184bc0e0bc90fce42d6a81

                SHA1

                835e5e6caa05e196148c21031d20da58ceb44984

                SHA256

                107d8190f1dc6e26b3107fc3bd1536b8ef662d70a03580115ceb999225240cb0

                SHA512

                5c8d36b0f9dab67c8d88f25910ad0dc75f0cb4b6743eda95f86681245cbfb5216074ce6f9d4522525f2e558de183be2c5370572371bfbafaef0740118d375c09

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\XClient.exe
                Filesize

                76KB

                MD5

                fca15bb2260c536776e36a40ea50e926

                SHA1

                e807d6d1ed598f00fee06b87c71daee6d9e3ba77

                SHA256

                e6f31bc23b724429b2ec4c0fd0ba017ec5caa1ab96f749d781b13ef6e7500955

                SHA512

                1b2b546153adc1ec5373a3a007fee63f9b46cb3584344aba08be743b8ef99e22fc1c13e3919bfb22cf940f84e8d677be15755cc3e7f410f986bff16602e42246

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
                Filesize

                14.9MB

                MD5

                56ccb739926a725e78a7acf9af52c4bb

                SHA1

                5b01b90137871c3c8f0d04f510c4d56b23932cbc

                SHA256

                90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

                SHA512

                2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

                Download Submit

              • C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe.config
                Filesize

                183B

                MD5

                66f09a3993dcae94acfe39d45b553f58

                SHA1

                9d09f8e22d464f7021d7f713269b8169aed98682

                SHA256

                7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

                SHA512

                c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

                Download Submit

              • memory/240-378-0x0000000000EF0000-0x0000000000F08000-memory.dmp

                Filesize

                96KB

                Download

              • memory/1048-296-0x00000222AE790000-0x00000222AE8F8000-memory.dmp

                Filesize

                1.4MB

                Download

              • memory/1048-251-0x00007FFEB1DB0000-0x00007FFEB2872000-memory.dmp

                Filesize

                10.8MB

                Download

              • memory/1048-256-0x00000222A0400000-0x00000222A040D000-memory.dmp

                Filesize

                52KB

                Download

              • memory/1048-340-0x00000222A0600000-0x00000222A061E000-memory.dmp

                Filesize

                120KB

                Download

              • memory/1048-339-0x00000222A0400000-0x00000222A040D000-memory.dmp

                Filesize

                52KB

                Download

              • memory/1048-338-0x000002229FD00000-0x000002229FD09000-memory.dmp

                Filesize

                36KB

                Download

              • memory/1048-337-0x00000222A1290000-0x00000222A12D6000-memory.dmp

                Filesize

                280KB

                Download

              • memory/1048-342-0x00007FFEB1DB0000-0x00007FFEB2872000-memory.dmp

                Filesize

                10.8MB

                Download

              • memory/1048-249-0x00000222A17A0000-0x00000222A1994000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/1048-250-0x00007FFEB1DB3000-0x00007FFEB1DB5000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1048-247-0x00007FFEB1DB0000-0x00007FFEB2872000-memory.dmp

                Filesize

                10.8MB

                Download

              • memory/1048-259-0x00000222A1290000-0x00000222A12D6000-memory.dmp

                Filesize

                280KB

                Download

              • memory/1048-246-0x0000022284470000-0x0000022285358000-memory.dmp

                Filesize

                14.9MB

                Download

              • memory/1048-255-0x000002229FD00000-0x000002229FD09000-memory.dmp

                Filesize

                36KB

                Download

              • memory/1048-257-0x00000222A0600000-0x00000222A061E000-memory.dmp

                Filesize

                120KB

                Download

              • memory/1048-245-0x00007FFEB1DB3000-0x00007FFEB1DB5000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1048-258-0x00000222A0410000-0x00000222A041B000-memory.dmp

                Filesize

                44KB

                Download

              • memory/1048-254-0x00000222A1290000-0x00000222A12D6000-memory.dmp

                Filesize

                280KB

                Download

              • memory/2040-320-0x0000000000FF0000-0x000000000100A000-memory.dmp

                Filesize

                104KB

                Download

              • memory/3352-437-0x0000000000710000-0x000000000071E000-memory.dmp

                Filesize

                56KB

                Download