Overview

overview

10

Static

static

10

XWorm V5.2.rar

windows10-2004-x64

10

Analysis

  • max time kernel
    243s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2024 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm V5.2.rar

  • Size

    30.2MB

  • MD5

    d46700f59429076e678aa91993165c4d

  • SHA1

    86e9e091021d1c87eb32a406261063362fc7aa0f

  • SHA256

    ba02819b258dd8fb8d5a649d45535189d3dd19e15ca12aa2ccc83bc2162ad0c4

  • SHA512

    b265ab5797b350bdee2798784eea56fa5d6ddccbc230ca3d8fb3874748a423a7ac292721a7259e03de1a055ad4bb1f381b32535882a4f52341184ec78baa636b

  • SSDEEP

    786432:AyEdI35cJuWL9qeVCp3K7cLpeEJfi2I7auNJuaaJxyXzmn:AI35crZlVCphFrfi37HPnjmn

Score
10/10
stormkittyxwormagilenetpersistenceratstealertrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:7000

Mutex

zo6xvzOOPk1tC4HT

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Signatures

  • Contains code to disable Windows Defender 2 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Xworm Payload 3 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Stormkitty family
    stormkitty
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 3 IoCs
  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Uses the VBS compiler for execution 1 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3940
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:5040
    • C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
      "C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:5052
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x438 0x4f8
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:8
    • C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
      "C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3968
      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\psmxhiob\psmxhiob.cmdline"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3356
        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES90FB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC01185EA17D84886B1D3F1A0DE78BC7E.TMP"
          3⤵
            PID:716
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:4928
        • C:\Users\Admin\Desktop\XClient.exe
          "C:\Users\Admin\Desktop\XClient.exe"
          1⤵
          • Checks computer location settings
          • Drops startup file
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3540
          • C:\Windows\System32\schtasks.exe
            "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
            2⤵
            • Scheduled Task/Job: Scheduled Task
            PID:2248
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /4
          1⤵
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:3980
        • C:\Users\Admin\AppData\Roaming\XClient.exe
          C:\Users\Admin\AppData\Roaming\XClient.exe
          1⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:4568

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWormLoader 5.2 x64.exe.log
          Filesize

          1KB

          MD5

          601373babf3e5b06dc0bcf79bcb408a2

          SHA1

          340b409a6774e67dc2d36b7d18f2faf41a315400

          SHA256

          6cf467dfa053cc07d9f68da0f6452c56a5ce06240c05fbac0ecb4950916eaa02

          SHA512

          e2bffcb60612017ee60329ca4ba4ae22ec2d97352631d7df5506d36af58561e7480dd54eea84ac23816e08e00a739fe9a17733ea31adfc87b50f249cafa3b335

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zE46F2F087\XWorm V5.2\Icons\icon (15).ico
          Filesize

          361KB

          MD5

          e3143e8c70427a56dac73a808cba0c79

          SHA1

          63556c7ad9e778d5bd9092f834b5cc751e419d16

          SHA256

          b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

          SHA512

          74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\RES90FB.tmp
          Filesize

          1KB

          MD5

          c4a7ab9be9999ce735e7fb656292c639

          SHA1

          4510c12c8ffcfd4125b029edd03c2003aceaa3f8

          SHA256

          6d19669ee006d6b85742cafe6c1f7de1615e1322fa97a74d52a2e13ffc69f6af

          SHA512

          4fd93645ce848e8890ea332c001039e2d13de423de423e222e921b8226a62bafb89b05adc50b9cb30b31a2764cbdf6dc1c803c45067838b0e1c261c820362c11

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
          Filesize

          112KB

          MD5

          2f1a50031dcf5c87d92e8b2491fdcea6

          SHA1

          71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f

          SHA256

          47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed

          SHA512

          1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\psmxhiob\psmxhiob.0.vb
          Filesize

          77KB

          MD5

          c4e0f48ca19530a203d8acb165dc424f

          SHA1

          cf7def16b46bb529ae1bf717f9e49baeac75b88c

          SHA256

          1aa4768cc0fe8d8405284edd9f98bdfd49e43f2765785a5c1dbe50cbbda6ef6a

          SHA512

          a149d96e1028736269d777c919f85f5770da26f58e40989d4f2850ef5798799ccfab6884a538c55e7b4f5eb91d2edb85786db3594b1156b23bbde707813008b6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\psmxhiob\psmxhiob.cmdline
          Filesize

          290B

          MD5

          8451f1778d9d61c05b09cba762092260

          SHA1

          a3c3a544c458cdf86181d3d4d544026ee57bf814

          SHA256

          91dfd7d960044386d6efb5670b44e7d3e62065b39d93555a6d9c4cae11d425ca

          SHA512

          08982ee25528c04dd1db86e38a8c5e752ee1a5b5881decc1b343a489600d1a597fa8fa6c7dd378d615a805203a7b163e81de40973c1c4c239d2acb38475bd5f1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\vbcC01185EA17D84886B1D3F1A0DE78BC7E.TMP
          Filesize

          1KB

          MD5

          d40c58bd46211e4ffcbfbdfac7c2bb69

          SHA1

          c5cf88224acc284a4e81bd612369f0e39f3ac604

          SHA256

          01902f1903d080c6632ae2209136e8e713e9fd408db4621ae21246b65bfea2ca

          SHA512

          48b14748e86b7d92a3ea18f29caf1d7b4b2e1de75377012378d146575048a2531d2e5aaeae1abf2d322d06146177cdbf0c2940ac023efae007b9f235f18e2c68

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
          Filesize

          771B

          MD5

          87b7efcfee20e558ac506d5c1969485f

          SHA1

          c0dea9ce7afee5d58577a6ef33a57c5f3abe5d4f

          SHA256

          e341d6f0c9ab27c8054eefe381866bc7c13ebaf50dfe55cdd1a53d0f64c609d8

          SHA512

          87774c04c8ae1e70bc345fb798805bcd4089b197f85d03f18f256cbb8761a18c0f246fe0cfae871c75fbddf29d32934996b1b3dc6340655f251981d6103bd2e8

          Download Submit

        • C:\Users\Admin\Desktop\XClient.exe
          Filesize

          35KB

          MD5

          75e7bb2966517ce9b4855b642c097d56

          SHA1

          7660538f520e9f666be4db5cb6e68e90e60096e5

          SHA256

          d199bcddb897f3a3304620bddb68f0ac2532ffefca148f5951ad8bfc0de3b97c

          SHA512

          6881ab09cde9e9d5ac4266ec7358fac1b60f79a37f9d70b35a3f06c7be60138b3a3d4a531fc5d1cfbd2435c258dc8904564c8e3a0da1453de007c59a5df0d2f3

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\GMap.NET.Core.dll
          Filesize

          2.9MB

          MD5

          819352ea9e832d24fc4cebb2757a462b

          SHA1

          aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

          SHA256

          58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

          SHA512

          6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\GMap.NET.WindowsForms.dll
          Filesize

          147KB

          MD5

          32a8742009ffdfd68b46fe8fd4794386

          SHA1

          de18190d77ae094b03d357abfa4a465058cd54e3

          SHA256

          741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

          SHA512

          22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\GeoIP.dat
          Filesize

          1.2MB

          MD5

          8ef41798df108ce9bd41382c9721b1c9

          SHA1

          1e6227635a12039f4d380531b032bf773f0e6de0

          SHA256

          bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

          SHA512

          4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Guna.UI2.dll
          Filesize

          1.9MB

          MD5

          bcc0fe2b28edd2da651388f84599059b

          SHA1

          44d7756708aafa08730ca9dbdc01091790940a4f

          SHA256

          c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

          SHA512

          3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Mono.Cecil.dll
          Filesize

          350KB

          MD5

          de69bb29d6a9dfb615a90df3580d63b1

          SHA1

          74446b4dcc146ce61e5216bf7efac186adf7849b

          SHA256

          f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

          SHA512

          6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.Backports.dll
          Filesize

          138KB

          MD5

          dd43356f07fc0ce082db4e2f102747a2

          SHA1

          aa0782732e2d60fa668b0aadbf3447ef70b6a619

          SHA256

          e375b83a3e242212a2ed9478e1f0b8383c1bf1fdfab5a1cf766df740b631afd6

          SHA512

          284d64b99931ed1f2e839a7b19ee8389eefaf6c72bac556468a01f3eb17000252613c01dbae88923e9a02f3c84bcab02296659648fad727123f63d0ac38d258e

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.Core.dll
          Filesize

          216KB

          MD5

          b808181453b17f3fc1ab153bf11be197

          SHA1

          bce86080b7eb76783940d1ff277e2b46f231efe9

          SHA256

          da00cdfab411f8f535f17258981ec51d1af9b0bfcee3a360cbd0cb6f692dbcdd

          SHA512

          a2d941c6e69972f99707ade5c5325eb50b0ec4c5abf6a189eb11a46606fed8076be44c839d83cf310b67e66471e0ea3f6597857a8e2c7e2a7ad6de60c314f7d3

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.ILHelpers.dll
          Filesize

          6KB

          MD5

          6512e89e0cb92514ef24be43f0bf4500

          SHA1

          a039c51f89656d9d5c584f063b2b675a9ff44b8e

          SHA256

          1411e4858412ded195f0e65544a4ec8e8249118b76375050a35c076940826cd0

          SHA512

          9ffb2ff050cce82dbfbbb0e85ab5f976fcd81086b3d8695502c5221c23d14080f0e494a33e0092b4feb2eda12e2130a2f02df3125733c2f5ec31356e92dea00b

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\MonoMod.Utils.dll
          Filesize

          319KB

          MD5

          79f1c4c312fdbb9258c2cdde3772271f

          SHA1

          a143434883e4ef2c0190407602b030f5c4fdf96f

          SHA256

          f22a4fa1e8b1b70286ecf07effb15d2184454fa88325ce4c0f31ffadb4bef50a

          SHA512

          b28ed3c063ae3a15cd52e625a860bbb65f6cd38ccad458657a163cd927c74ebf498fb12f1e578e869bcea00c6cd3f47ede10866e34a48c133c5ac26b902ae5d9

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\NAudio.dll
          Filesize

          502KB

          MD5

          3b87d1363a45ce9368e9baec32c69466

          SHA1

          70a9f4df01d17060ec17df9528fca7026cc42935

          SHA256

          81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451

          SHA512

          1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Newtonsoft.Json.dll
          Filesize

          695KB

          MD5

          195ffb7167db3219b217c4fd439eedd6

          SHA1

          1e76e6099570ede620b76ed47cf8d03a936d49f8

          SHA256

          e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

          SHA512

          56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\ActiveWindows.dll
          Filesize

          14KB

          MD5

          eea1f284c21e67f9ae71822798793c28

          SHA1

          ce3187b35a736a3c18f10f449dfcb793c95dca26

          SHA256

          77ec3eee197d5c4b9ed3d6c059061c52615276360fe11f13f8a6bb6ce429f42b

          SHA512

          5b3f72d803f250668b9ada77b1a03ecd8662787b8e51c01a4e334503a5f1545ac9dc341804d0d1552e9c35596443e1a610553e3d1ab80aaef6e0f5283384def4

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\All-In-One.dll
          Filesize

          4.8MB

          MD5

          f24552f5f604c80ba4cf7afd2143df05

          SHA1

          98883b7bf9b996c788bb501336e388177b9b19c2

          SHA256

          e050a91599f3e6a89dc84a4825fdea6c4d66e970472aabf48ff586d79b67898c

          SHA512

          1edb1f6cc4bdb3b69204fa724b2f8a5205b3251f475ae7cf8cb015220a26e9a976c1baa3c938e8fb9df1470795ff579e21b339b58c79f96af96cfdd17eba6c15

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Chat.dll
          Filesize

          18KB

          MD5

          66e4c3a843b1076b96c48cfa0b467bcd

          SHA1

          2768257ff7ddc6107a576c4b739eeb09689772eb

          SHA256

          6b5beda1f2423aedaf83f210f8cb719d3f61f9d2cd489690fb0066ff0895ab80

          SHA512

          7912e5806b169a1da88ebf92842ec410ce3dd8d98578054e77cc4381e90ee174a497ea1f38a54c5c65c8475a7928cfc79ae8dd58b979c18f7133c5c83e145879

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Clipboard.dll
          Filesize

          14KB

          MD5

          6ea5b16696c2f2d265c9f864d0c727ba

          SHA1

          030a0bf757767869428b0a7e11cd40df7a0cfe5a

          SHA256

          301ab3fe52f974dc5bab98bd127c93d755597fb58a0756539cde7ad4580725b1

          SHA512

          2426b43886ddf9896d9f27862de08ba9eada25b432c715259b71b000a2b474bcf29ba224ac0f3fad3224ef36b17b250d593f907ce0c18703cc37e152a7321203

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Cmstp-Bypass.dll
          Filesize

          11KB

          MD5

          cf15259e22b58a0dfd1156ab71cbd690

          SHA1

          3614f4e469d28d6e65471099e2d45c8e28a7a49e

          SHA256

          fa420fd3d1a5a2bb813ef8e6063480099f19091e8fa1b3389004c1ac559e806b

          SHA512

          7302a424ed62ec20be85282ff545a4ca9e1aecfe20c45630b294c1ae72732465d8298537ee923d9e288ae0c48328e52ad8a1a503e549f8f8737fabe2e6e9ad38

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\FileManager.dll
          Filesize

          679KB

          MD5

          b9dea988042c4d9878931cac41d61fb8

          SHA1

          82885bd2d01d27f4ce3741885256d7db418038b7

          SHA256

          29b44c17c85f05ced52004db716a156fc9e50b52debc8e061e2ea96957cc0d07

          SHA512

          81192c5b1f2e67787b569218c03e4c274a2184fb0e762afed6e3608995e3e1d1987306f32f64f28bc287fb09746476b4c7c60479fe0a5cefa186e5b208d8bacd

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\FileSeacher.dll
          Filesize

          478KB

          MD5

          fe625a7c51e699336f9acc3108437134

          SHA1

          50099ae8c3679930400261c80ade073157fe4f80

          SHA256

          68e4e6f42ffdf5ed18f1849e30f83b1baed1cfa57c68f57178bfa875e247c2b7

          SHA512

          26b9bf3c0b31fe029201c884f7d220b0bfe589d33dd6aa0dfd665c38af07c2352e89859198e0e9b18339c0e6c8f1e9c44358b222106531659aeb0d6f6c6c0c44

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\HBrowser.dll
          Filesize

          25KB

          MD5

          79f13be3582c42df73033819d093e1f8

          SHA1

          45c25633bfd0ab3c4f95b7137eb9671b911ea595

          SHA256

          f38e74a4bee2cf29d710d7c58eb83e548d92604621a8fb076bdc1e79714b9938

          SHA512

          e6e4331d26f35ac52d3524da0c6cdbb4bb36af54b57c61bce564bfec8663245bc7e5ff192c44a3c731e9ce7b83fdff40f274347a5241f6322833a92df944adb5

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\HRDP.dll
          Filesize

          1.7MB

          MD5

          4f16882639fc029fc367503eb820c298

          SHA1

          1e6b1314507e954649604dd9f80b4c45a93d7e89

          SHA256

          ef238f294111804c44f465d090a1634b6529d1eba85720b2e373d57cd59f75d6

          SHA512

          1fc02358b8347fac1acf751f7fe9c5d4d17cc35ee3df2052b69fdd518939092b54b8d29ecbf112d53604c087b01728d8961005d3946880df896998526a578ebf

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\HVNC.dll
          Filesize

          58KB

          MD5

          b5ea6d82ec2d4127124eb9467eb5ce16

          SHA1

          0a27f08f94a80024854721c73c7715af95581da7

          SHA256

          ecb1a845bc2e813193e628eea48738f2354eb1ce8902a092118aa48ea2ff4bc7

          SHA512

          ab459d26ce689d5c7fb533fb754b875896c214e0001ecc6e8b061f7cdaf1aec06400f66f506822775337a42b80f4e1e9ab008a658cfacc873cfa83eaab6f1880

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\HVNCMemory.dll
          Filesize

          39KB

          MD5

          14ca9b8f7993924b77078e08ec0d5df5

          SHA1

          fb2b5717da357f6d13bb1127980c22bada68836a

          SHA256

          8ab3391fa5880be5991133416bae0d5b76daa2d43c8ff92ff44d6dda23386e57

          SHA512

          64aac1a872666bce5bb86144a6f96bb6905a2d900d76e8d2d6f1cf8b499baefd35c7fb4d6b5150d5717451c5ad632d677ae6f85737d334a7cebbd9d725c9964f

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\HiddenApps.dll
          Filesize

          45KB

          MD5

          c5efa70a04a026b9a2fa97b1ea43e840

          SHA1

          aab2de0ab74c12e04256ff2b113b062dc93179e6

          SHA256

          f9ef7709f34e944d99ca5bef6af1524d7cf3889894084b7ae61e9202f267a728

          SHA512

          1348d4ebd3ac5b56eb32820ee14f9aee20a43b7dc3d06dd7fd62c8f227b12a27d0c0376c7d858e78315cd92d17e588bc2e37648c04d146530db706e8b3c4ff1d

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Informations.dll
          Filesize

          22KB

          MD5

          310ba7a07953ed7f783e89bcff6197e3

          SHA1

          147aa53e0d7cb027e6c67fa50fcb0dc0c770e157

          SHA256

          b10616eb3f5e4b0ceffc696179cdb616c78ef970dedbac10845a39985c91a38a

          SHA512

          554ead0f700dd617eed6055a84ecad288c4779ab20206e7434a8f3443a03a95a501014cd52390eb57570c25ea2bd7a298b96e88e8550d10b2a5db4f9633af529

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Keylogger.dll
          Filesize

          17KB

          MD5

          40ba99b80654259d0428c7e4f3645948

          SHA1

          8fa93e0f035694cd8e420aa2232aca859b3a2a6b

          SHA256

          3361bb2309e4ee31f14081bc170ac530e2ae9d1336026e736190a0304e2e77e4

          SHA512

          fc1deb29eea114e5a472102a51d49fa253a5c79821acffa930b30089ebecec4312437d4720b46e92149be2ce69aed57dc3939621a596ed6c413397363fa44ee7

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Maps.dll
          Filesize

          15KB

          MD5

          b74f037f6c6de44e817660922a3044fc

          SHA1

          eb5acc30d3f607193bd819e8c0cdaaf70295c5b4

          SHA256

          ccb32961b904a22c2531313ed7c3733d7288daab181074f034eb4c73a0958a65

          SHA512

          a547961b87ecdbc0f9bf02381f16e03795dc73eda744a86da2cc07c97d7f1b65642971347d1ca69f36ead63c3b9078b6e0f2ecb4b6f2178a3b9a62f3ffb76579

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\MessageBox.dll
          Filesize

          15KB

          MD5

          bde9c12607827e21c64e1d64033043b5

          SHA1

          d980614dda65f1f4c3a73d1f9c8162e597fcac4e

          SHA256

          2170fe155b56e362500ece32013bbf8d45d5dc93e689ab33d3612066c7450f75

          SHA512

          e015d9b915b748d1683c18621919161f9d495221c9bf788b661e3eeab60320ee0b0d9d64a393fafa47b521b484f0af2c9948f6dac0a9b7ef1e8910571e7e98eb

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Microphone.dll
          Filesize

          540KB

          MD5

          747554e4ca902a8d18b797c2edcb43ed

          SHA1

          508d7c9f0b031a352a1a1f25d4c6abf4167392d5

          SHA256

          1f135bc57ea4f44bf8a37d66b42788bed5aba753c5cbd0b4d3349ede64abfc59

          SHA512

          deb3f480dc7febb1d9ff4ccdb1dd04d83e9fbe7e74fb0dd39d103dbe85fa0c434407ab032e9bca027e38a0f482d08308513cd821b09dc08aafafd905e97126fd

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Ngrok-Disk.dll
          Filesize

          7.0MB

          MD5

          4443f2173682ef836df2f89e1b44296e

          SHA1

          1b0db6530eb5c5404af614143f464d663382c2e4

          SHA256

          01e170bc479dc22cec4658a39067e001a72a974a4e562aca01162f82decd20b6

          SHA512

          7bb8df753fc3636d3b01f2145c1df553b34a427a9e07d4c563a1fb2e23480ba2d609658d6ca2c4deaa386feff8af741397a3cbdb15c28157c4cf4ba8244fb61f

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Options.dll
          Filesize

          30KB

          MD5

          b0ebfc762fd2a7511e819336524551ea

          SHA1

          b3657c8edc6b9231d16b49bec11f01983d965495

          SHA256

          bf2978e31b7a1612255ff79217481374ea2ae976c2b8c270ec3eb5324251d8d7

          SHA512

          2adfff3089ac551ba057f2b4b2d208255a4558abb2761b39fd9cc10f37313386fdc1307fffb80777e0a1b6c1d1dbabf61b26cbff8592e77f982453679145822d

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Pastime.dll
          Filesize

          17KB

          MD5

          178627a4b30c54d20e5a59049b5af211

          SHA1

          5ae226eb92df19cb693764509b953bf1dbfeffcd

          SHA256

          c3ffa5aedbfe2c83e68d7b70afd1adb590801da429c3a5d4fd6da18116ab0cc9

          SHA512

          75e9684378f5155f228a75c03cb517257e7e04cddf9762e7e5b348f7b30482a9c750cb0285e28279dc9ef740c3ce759e4ebfb4e3efddd094daab7eb3bdf713c8

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Performance.dll
          Filesize

          16KB

          MD5

          d447b98bf277020e48a04d2771b190ba

          SHA1

          a9b312d1d858e06156eecab2cd97d246a37822e8

          SHA256

          57af9bb212361e2dbfe97a784beb2f978426b42f9ea0986f74c8fbfebb630f13

          SHA512

          8c58bf90c5433005d7e3c8a871171dd5fbc558947d5ce387351fa7625ed6bf2a6b72afa91f8d3c7243c5e950467855838f27b6356266074321204347cded15a1

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\ProcessManager.dll
          Filesize

          17KB

          MD5

          12630688eb6538b34e5a392cde76ec09

          SHA1

          add2c24ef79657f47693995b1ddb2c760520670a

          SHA256

          8dbffc8d2928cc2fe3dc67b071619419bd4e21506bf8d8b66bbdef54101953d3

          SHA512

          24da487f34fbad245f64f86b88db8c61041e80956c2befe859903ece46905ded09e90e08f2d148316947dde8a4990bd1c944ad36a96930b197769dab025689e0

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Programs.dll
          Filesize

          13KB

          MD5

          c730d22a23fb8ec58f51116e54ac4cc4

          SHA1

          45c4b19479d6e58736630db5405dd58450a601dc

          SHA256

          4bfe2b70271956dbcf08086ff04bc36a23928d974469ffeaca97ed5ad5b6dcfb

          SHA512

          da5d553e1e470958db4565699f0d2a58c9ab8a653b34003fd33758ed85f1a4f3c027064fcd0c24dae3ba88f7adc22f9b45ff55c22e2b29cbc0cf8f0b7293f7db

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Ransomware.dll
          Filesize

          20KB

          MD5

          e55dfe70871fb442f8b8eea790875a7c

          SHA1

          0f659147ad89de0dadca9d74abb0854ec64ae403

          SHA256

          b0ccb9a2bef7fd24d7f31bb70a8516129a099b47d2564f9f18cb0d87144fc5da

          SHA512

          daf5fc4a89d841a04b2b6fd8e516d7efa3baa08710af6ff85c57771d99a2ee07da4c2482baed9ecdae54e3eca2d840341ee3371a826cf26fb180dfba864e63a8

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Recovery.dll
          Filesize

          1.1MB

          MD5

          be590ee7d8c0366cc28c200308ba0823

          SHA1

          0fa6c6ca44893c45f115e446566f0d4dcf5168d6

          SHA256

          a81e4efc2c85a4f8fed46b9b0f3bd3c2a750a3047ae7ce5b29f21df52d85dfbb

          SHA512

          cbbb4c62d703bf8dd0e0e34b438401710c1bd62c82f71060483f4a84dfaa802a9b0d39b904d6f77cf4ef0b630f173f66f349497d53a6039c640e0f4301e26041

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\Regedit.dll
          Filesize

          15KB

          MD5

          d92b2e7472ec9cb8b803bc039558c828

          SHA1

          0ca9e950b5ef64e3cdd23a31a2b51ad2b82581de

          SHA256

          1989885e6f4f459b4ef37ab11e97ffe8c1598a8189eb3a4110f259357af2414f

          SHA512

          ef4ded6ae8349a58a0745aa55ad96530d028f8137437124b02a80b332e2801447dde2e6e908e48151ee7102868676ef435fe5ecf0ebd980f497435e58e599171

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\RemoteDesktop.dll
          Filesize

          18KB

          MD5

          f4e00005c72b4331eb0e9243346d3e1d

          SHA1

          f8afb37fc362430b4045cd2f22e5a5cdaca43ace

          SHA256

          9bcf8dfc92bc643b9414a446da4632050de1b7577fedf4f7711d3b4b3d46e06d

          SHA512

          7e9be2c2a247a7ee067b156062098a2494113ca935c83a6c8723ee2fe3b7ae15ce5addac5630b8aaba9b12d52896127609f8d7974bb622b79d9a8dddd6c7a155

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\ReverseProxy.dll
          Filesize

          16KB

          MD5

          a4bd2edda7e214bc50ec559c15cf81c1

          SHA1

          1f268ba761ef9dd38d74d3eead9289a2a35d21a4

          SHA256

          9fd3621ffec11e0ad254b37ce4fe527f82461b67cc8d8827532d3573a011e2e3

          SHA512

          b3d8857b0fc31c5fafc8552e54c34b2e463f5dba2d167ecf41e5c22aca8a36ea352a4aa1baac73278c409f975e4c68ecc55e0c085280c62151e7898b59a4bbff

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\RunPE.dll
          Filesize

          11KB

          MD5

          e8f0b68716a0bc4459601623c5c3c757

          SHA1

          261e11edb2ec5b14d8feaf80d6a8e966da1817f8

          SHA256

          0f075f2dd5a41d601329c4bff57ff38302e1da2ad149399f7f2776e640063502

          SHA512

          5539be32acecb59e43eb35ef9971b82764ed6bb5cc50b02ca0921ec30ccbb4d49a743262350ec9860bc669000e6511d3b3dcba0a37a5360f3f6ff4af2bc420bf

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Plugins\WebCam.dll
          Filesize

          209KB

          MD5

          0f120604ef985616821459e5ff2feccd

          SHA1

          100bceb7d6c01b574b7089e999bc05ab3fc0847d

          SHA256

          a07f0452fc4b47b53ec48d6c790aa4407aee15ec67320c506ba674a1dae551ef

          SHA512

          d4127d42d61a93e5e02d2e68ca21c91c5ad47e4149e0eecc9902f1daf69a9f52499c16e42bb51993289f5afb7f6f73b76a0d7c4631e8a998aa6c731053385806

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\RVGLib.dll
          Filesize

          241KB

          MD5

          d34c13128c6c7c93af2000a45196df81

          SHA1

          664c821c9d2ed234aea31d8b4f17d987e4b386f1

          SHA256

          aaf9fb0158bd40ab562a4212c2a795cb40ef6864042dc12f3a2415f2446ba1c7

          SHA512

          91f4e0e795f359b03595b01cbf29188a2a0b52ab9d64eadd8fb8b3508e417b8c7a70be439940975bf5bdf26493ea161aa45025beb83bc95076ed269e82d39689

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\SimpleObfuscator.dll
          Filesize

          1.4MB

          MD5

          9043d712208178c33ba8e942834ce457

          SHA1

          e0fa5c730bf127a33348f5d2a5673260ae3719d1

          SHA256

          b7a6eea19188b987dad97b32d774107e9a1beb4f461a654a00197d73f7fad54c

          SHA512

          dd6fa02ab70c58cde75fd4d4714e0ed0df5d3b18f737c68c93dba40c30376cc93957f8eef69fea86041489546ce4239b35a3b5d639472fd54b80f2f7260c8f65

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\Sounds\Intro.wav
          Filesize

          238KB

          MD5

          ad3b4fae17bcabc254df49f5e76b87a6

          SHA1

          1683ff029eebaffdc7a4827827da7bb361c8747e

          SHA256

          e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

          SHA512

          3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
          Filesize

          12.2MB

          MD5

          8b7b015c1ea809f5c6ade7269bdc5610

          SHA1

          c67d5d83ca18731d17f79529cfdb3d3dcad36b96

          SHA256

          7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e

          SHA512

          e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe.Config
          Filesize

          183B

          MD5

          66f09a3993dcae94acfe39d45b553f58

          SHA1

          9d09f8e22d464f7021d7f713269b8169aed98682

          SHA256

          7ea08548c23bd7fd7c75ca720ac5a0e8ca94cb51d06cd45ebf5f412e4bbdd7d7

          SHA512

          c8ea53ab187a720080bd8d879704e035f7e632afe1ee93e7637fad6bb7e40d33a5fe7e5c3d69134209487d225e72d8d944a43a28dc32922e946023e89abc93ed

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x32.exe
          Filesize

          109KB

          MD5

          f3b2ec58b71ba6793adcc2729e2140b1

          SHA1

          d9e93a33ac617afe326421df4f05882a61e0a4f2

          SHA256

          2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae

          SHA512

          473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
          Filesize

          109KB

          MD5

          e6a20535b636d6402164a8e2d871ef6d

          SHA1

          981cb1fd9361ca58f8985104e00132d1836a8736

          SHA256

          b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2

          SHA512

          35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30

          Download Submit

        • C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe.config
          Filesize

          187B

          MD5

          15c8c4ba1aa574c0c00fd45bb9cce1ab

          SHA1

          0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8

          SHA256

          f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15

          SHA512

          52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4

          Download Submit

        • memory/3540-288-0x000000001BFC0000-0x000000001C04E000-memory.dmp

          Filesize

          568KB

          Download

        • memory/3540-302-0x000000001C060000-0x000000001C09A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/3540-311-0x000000001B990000-0x000000001B99A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3540-312-0x000000001B9B0000-0x000000001B9BE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3540-243-0x0000000000050000-0x0000000000060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3968-215-0x000002166F310000-0x000002166F316000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3968-216-0x000002166F320000-0x000002166F326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3968-264-0x0000021674B10000-0x0000021674B3C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/3968-266-0x00000216776F0000-0x00000216779D2000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3968-268-0x0000021674BD0000-0x0000021674C52000-memory.dmp

          Filesize

          520KB

          Download

        • memory/3968-226-0x0000021677580000-0x00000216776E8000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/3968-270-0x0000021674D20000-0x0000021674DD2000-memory.dmp

          Filesize

          712KB

          Download

        • memory/3980-250-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-254-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-255-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-257-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-258-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-259-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-260-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-256-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-249-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3980-248-0x0000020974C00000-0x0000020974C01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5052-212-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-210-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-209-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-208-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-207-0x00007FFF0B2A3000-0x00007FFF0B2A5000-memory.dmp

          Filesize

          8KB

          Download

        • memory/5052-206-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-205-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-204-0x0000025272510000-0x0000025272704000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/5052-202-0x0000025271920000-0x000002527250C000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/5052-201-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-193-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-192-0x00000252704E0000-0x0000025271118000-memory.dmp

          Filesize

          12.2MB

          Download

        • memory/5052-190-0x0000025256F40000-0x0000025256F5A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/5052-187-0x0000025255540000-0x0000025255546000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5052-189-0x0000025256F80000-0x0000025256FBC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/5052-186-0x0000025255530000-0x0000025255536000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5052-185-0x00007FFF0B2A0000-0x00007FFF0BD61000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5052-184-0x000002526F840000-0x000002526F896000-memory.dmp

          Filesize

          344KB

          Download

        • memory/5052-182-0x000002526F790000-0x000002526F7EE000-memory.dmp

          Filesize

          376KB

          Download

        • memory/5052-180-0x0000025255570000-0x0000025255576000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5052-178-0x0000025256F10000-0x0000025256F38000-memory.dmp

          Filesize

          160KB

          Download

        • memory/5052-176-0x0000025256E80000-0x0000025256EC2000-memory.dmp

          Filesize

          264KB

          Download

        • memory/5052-174-0x0000000000580000-0x00000000005A0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/5052-173-0x00007FFF0B2A3000-0x00007FFF0B2A5000-memory.dmp

          Filesize

          8KB

          Download