xworm | d608c65caef9766a1253aec412c65e4155c9cee370b5a90ca83300b97dc05e29

Analysis

max time kernel
60s
max time network
142s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tatashop.exe
Size

32KB
MD5

b1f0cf268c89c3b4451fa8fb0de4425e
SHA1

bb82f62faabd3bc890d6e153834d4a5e1a43598c
SHA256

d608c65caef9766a1253aec412c65e4155c9cee370b5a90ca83300b97dc05e29
SHA512

a98c106ce6fe8baabca305bf2a69545eccd49f9719531b59251472ece28816c50a500ba0a2e46cd7aa1a8b8010be7fc805d68d02a4753e586820842472274f96
SSDEEP

768:mVa+vNtg+PB93Tw4eJdVFE9jnocOjh6bzd:IvNtgw93U4e9FE9jnZOjYN

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

127.0.0.1:1234

Mutex

LnpsNdDKOK2XQbyg

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/3048-1-0x00000000011C0000-0x00000000011CE000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeDebugPrivilege	3048	Tatashop.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2740	2300	chrome.exe	31
PID 2300 wrote to memory of 2740	2300	chrome.exe	31
PID 2300 wrote to memory of 2740	2300	chrome.exe	31
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 2636	2300	chrome.exe	33
PID 2300 wrote to memory of 1780	2300	chrome.exe	34
PID 2300 wrote to memory of 1780	2300	chrome.exe	34
PID 2300 wrote to memory of 1780	2300	chrome.exe	34
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35
PID 2300 wrote to memory of 2624	2300	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\Tatashop.exe
"C:\Users\Admin\AppData\Local\Temp\Tatashop.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66f9758,0x7fef66f9768,0x7fef66f9778
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:1
  2⤵
  PID:272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:2
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1416 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1140 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:8
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1284,i,231101729994729875,16930526199125969634,131072 /prefetch:8
  2⤵
  PID:3024

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:552

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x58c
1⤵
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\88ffd1b2-91f9-4a1b-b972-1122c102ca94.tmp

Filesize
350KB

MD5
3a71e4134aa3c52cd7c5374daab8b803

SHA1
eee4ab49ed1701881804ca5fe570fc991e698f1e

SHA256
29750a49f44e9a02f88849d0787741988105e6f9cb2c1779589226aa6efcd6b7

SHA512
89d27035e79a732fc12064a4d2d17b50622c0fb264600fb3672b75517d0beeb66cdfe76f75afe92d79d2edc3050a4c907908fc097aef6df261f78b4a60d10f85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\50ebe72f-bd97-4558-aff6-080b2ed6a8ba.tmp

Filesize
4KB

MD5
86f25ae3295bfcec07592b24e2dc8f33

SHA1
6c6e64e3ee4248b61fd59ba3865faf23953194fa

SHA256
96cf923898610370f5ad280f2a01a02fd449b58f5cebc95a1dd4423ea0e31c4e

SHA512
a5c5f07eea6bd2965c5c1b47dec09c57729a147b9eab260c3dcf78988f89ae975dc8639f975965d602ecbfa7e9197bb9a59ef23ac7bed05840870c7765508c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ef67c032fb90e796e4d60026d28c5aa3

SHA1
e9a957f344a7901d712fa34dc08573771f2cc06e

SHA256
a706ce725c2d4fe0d884904dc3e04ff7416559a33712adba42e806df35f9a425

SHA512
8371005b7a6a37ca84c885d03ea2e40cf17adc634593e5de4b18f27a91e23b01ee8d40cfae1aa61a380fc38980cfdd83ef6fc5b031c2720e8af2fd734d76ec1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6a05fb09cff38af754486d5a0bddc0bd

SHA1
d1e7b2b0bd7488a70bf07babc3c21592eb40f307

SHA256
e279861aadd4c2a51f7a5f00042f34c3e74b30fe906078cbd2401c5a460cb547

SHA512
21fc1a318d32d53aebd3748cbe71bf1e91311cc8f4b8b8a46eb380b69a8bb95132c4b9f73193dafed587da36c39246f2e8be6f43b8cdb66706c9003c90d95d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
350KB

MD5
39393022fdab21f3dd65cb3f4f45bc0f

SHA1
ec920036fb638c78ef98bfe50289bcee8695aa97

SHA256
a50c5322690324d268b44c1b945c0b8c5fe05f5d3e467cc62a414c43657c5fdf

SHA512
b41deb6253d73b4c6013abf33b860a3dad833c923d586aa41a4925b2b88801318bd6355744ea274d4d01704e6d29334981af46d9cb6cea53be29a6bb5457eca7

Download Submit
memory/3048-69-0x000007FEF55F3000-0x000007FEF55F4000-memory.dmp

Filesize
4KB

Download
memory/3048-82-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

Filesize
9.9MB

Download
memory/3048-49-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

Filesize
9.9MB

Download
memory/3048-0-0x000007FEF55F3000-0x000007FEF55F4000-memory.dmp

Filesize
4KB

Download
memory/3048-1-0x00000000011C0000-0x00000000011CE000-memory.dmp

Filesize
56KB

Download