xworm | 8dc951e63096ed828b6ca4dceca2be6b640ed9d22be9cd1cce0f3c9a3a6ac899

Analysis

max time kernel
841s
max time network
899s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
07/03/2025, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45274.exe
Size

55KB
MD5

076f9e877b6b14ac5c2b1b6ac29811f1
SHA1

efe0a06e24c13a17d96a07c17de476698518b9fc
SHA256

8dc951e63096ed828b6ca4dceca2be6b640ed9d22be9cd1cce0f3c9a3a6ac899
SHA512

55bb7cf094464ee9de854620eb47615c09019a0ad001cc38a0a9de88e0e8701e31db9824a1fd1659c4f0702e5f9e3aa8c525100663876ae3d0c2a7104c8949da
SSDEEP

768:Uz2AQ7vDyb7YoBBlschSX9CioNIdxbyCdG5g9VrV/WthgOUhZZ5xBy:bLO7uchS8io2xbyCd2uQDgOU1By

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

orders-ic.gl.at.ply.gg:45999

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/2848-1-0x0000000000840000-0x0000000000854000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft Games\Solitaire\desktop.ini	solitaire.exe
File opened for modification	C:\Users\Admin\Saved Games\Microsoft Games\desktop.ini	solitaire.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX	solitaire.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}\LastPlayed = "0"	solitaire.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2756	solitaire.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2848	45274.exe

C:\Users\Admin\AppData\Local\Temp\45274.exe
"C:\Users\Admin\AppData\Local\Temp\45274.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2848

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2344

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2164

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1680

C:\Program Files\Microsoft Games\solitaire\solitaire.exe
"C:\Program Files\Microsoft Games\solitaire\solitaire.exe"
1⤵
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2756

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2936

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3044

C:\Windows\system32\rundll32.exe
rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}.gamestats

Filesize
2KB

MD5
a338c1bb5704e723487ef4f8d5d592f5

SHA1
9b6e89c7fdf4ed588a98b673dcc3073f85eaea5d

SHA256
c096f55238f36481b0e846e37004e813ea0b34ddbc7a94f0155fd64ed4dd5672

SHA512
ab62aac5a5fb6f599616d0998cb8011ca18c0631e42451958af89bcaa8db2b6e179651cb14c94f3f6868b0c8632a4048f8c9e6ba7ea6a31abb168e1362188952

Download Submit
C:\Users\Admin\Desktop\AddConvertTo.vdx

Filesize
638KB

MD5
a8315637ad8524b33196c161f88aeea7

SHA1
5fe37646c88353e05aa2e0a054727865ce7ea00f

SHA256
c01254f2ac7a4f28037bbd90e700624351725e89320bead934879efa42eddd91

SHA512
4b24b67ec6cf69421e4b9b454b7694caa99684c9e2370f1a43f05183d55c7fc33a24c089aaeb2967189de10e4de554e63f9aa30bbb2af9e2ce386bc76edfed49

Download Submit
C:\Users\Admin\Desktop\AddSplit.midi

Filesize
422KB

MD5
95b3c2719d61512241bf0a2a783e0451

SHA1
b9eda8b6b8708e4d838230c3a32d8e276e11d33b

SHA256
f873b19c4efc236028ec2669d919d86e7b627da19a567f4a05276e443d73e122

SHA512
4f27382a08b5fc6ab6d00bb52b4e3228f074c2d3f03478bdcfb13a60e9344be5c439995ea8e3ee750a91be6440c5147ed0ac30dd0d56649edcc98bbb4f5bd383

Download Submit
C:\Users\Admin\Desktop\ApproveRequest.mht

Filesize
521KB

MD5
1d6bdd631a6b95d71a685bb9d8b168a8

SHA1
ee5c2720316f9eafb4197b174bd1c2d27da33c56

SHA256
e965dca2d128d479a02f30acb60e2bc7dd4b1be64a7320182dcbc7e8982713f0

SHA512
4fbbfc85b445ae01c38d2c47ac0c67864efc1d11e12770132fc3b2bbc07543b71451444997e72c8259a70ec227426b4d8630ddcc2c3dfa9e273b662e91975e05

Download Submit
C:\Users\Admin\Desktop\ConnectCompress.emz

Filesize
245KB

MD5
4a9a140264223e0e4d11a6c6a79862ae

SHA1
d750cbc60c665532fb6ebf1c19310bd7866e2a6a

SHA256
aec41be072d6590cf79fa6800bcc7791aca2d759aa63abc960c1bcc46f9161b6

SHA512
28cfaa6acc04bb82ffeb187dc27f491ada821f91b6a71c6e35feb489e3962cc9099a5fc8c8212dfdee99a30d63fb79368cfc41990dbbd72632ed8821ac588787

Download Submit
C:\Users\Admin\Desktop\ConnectEdit.vbs

Filesize
560KB

MD5
0300e13dc201d18f1ab36b5709c7bd99

SHA1
2313a9895855f8ebef2b9cceeb8b16e8b7629c80

SHA256
ee562cc3195a6331d757ecbf9d5efd04a6b273c47944428c7e79d71ca5a50b33

SHA512
df69f2ba46f677993b12e92405776016284d79a632d249d0f0b99ada8a6d0a722c6123cf79a124e25f8b0f5264d408daaeba0002ccc60fcbb9e601cf48a6b953

Download Submit
C:\Users\Admin\Desktop\CopyUnprotect.pdf

Filesize
580KB

MD5
2cdab46c2ea760ad360294b416d7b59c

SHA1
456ac72092c3e43bbb3bc4409d7d68b54c78f932

SHA256
ea68726122ea93939db8218ac191b5b3d1afe69b0599d18bec72a7f97b185e52

SHA512
70fc5b4204c3e2d4c7ad9dce6bbf2dfc8b1f37e0b2d067e50caffcee64dd289cfd56ae9b16bd71454f0bb7372f1b2505ad66844819bc7de03b0a60dde97a3687

Download Submit
C:\Users\Admin\Desktop\DebugAssert.lock

Filesize
599KB

MD5
71505ba2decc38495a0959e843fcd2d1

SHA1
d3dffcdd731fea0ad8509a3ecf5b4d63a055b88b

SHA256
b4bc1f65ee08157899506aacfdc17ed4e0d02b5c5a6ac129cb53736cd87d20c9

SHA512
60f3e7b3022099656839116dd27fd11274915f702efd1cf708c7e32cea630e381487f96cfe6f013a7284ccd4314b055fe5de820a692150e246f35b6d0aac75b3

Download Submit
C:\Users\Admin\Desktop\DebugLimit.svg

Filesize
481KB

MD5
281ab7ee420aadfd66107c5def094392

SHA1
b58e5f6fde29e248156ef8900c40181cc9e187d2

SHA256
c0174420c1975eaddbb5c6c3efbdcc9855e7e6a5a071890de114dd0354210195

SHA512
19eee07a215c51b6c2e1bf7839f394dc7d9ee991c02304d10e950c3afe77281c0cb5489b46eac39c23573fb4d2a57e6636a422c7a5950906c5a18b95e86dfaed

Download Submit
C:\Users\Admin\Desktop\DisableWait.wdp

Filesize
697KB

MD5
37115ad55843704dbdf3d82edba21549

SHA1
6669a2fccc86e5b997d78ef9b43ff134cff89c85

SHA256
1d3ed9ebaf0bab8d93f329096ff117cb9c616466838dbe6889a78cc1303fbc7e

SHA512
c45ee01e4f26439d03e391e557a35d3adb6449d78d64a872179b5c04bb6735f58e12c0cd9599bad480c56c2c49e7d932e48816c48ffcb3e64864a49be46d1632

Download Submit
C:\Users\Admin\Desktop\DismountDeny.vsdm

Filesize
304KB

MD5
0a1a315eda4df6ca1a7b5dd7ecf6600d

SHA1
2647490ef73317a602fb3b2c15cc0b3990bd8c48

SHA256
5e9f528175f8ae78a0a07f1f20d29293e8d9266cd49739ea922892d90508d4d2

SHA512
338dcc7456980c32cff36c2edd06e7a27ae6ae13654e5bc3f210a1b39576b9f1623bef156935f02a84427d99461796b759905b56995f575ed9e27e67f0c9c64f

Download Submit
C:\Users\Admin\Desktop\EnterSkip.mov

Filesize
540KB

MD5
500351e95d67738b7c9e8e500a681dab

SHA1
73452cd88a28cd0f6160e1122f5c328b244ca039

SHA256
e2e23839c4afe57ee20e424140ae28d996858f599038d9ed62bd44420498a73b

SHA512
2c72bed085d145059a20c3f21c9351d257394d3499b0c00e7a0a48ab05c8e1854d9378ccde382a77ecb78826b9bc13bba6ef8db7d2d9b0680d83fcb907cad418

Download Submit
C:\Users\Admin\Desktop\ExpandRemove.wma

Filesize
363KB

MD5
8206adc0ab6513bb01bab3b784f5a245

SHA1
c76c790637d04335217ef2013e8984e4dbd931af

SHA256
deb9e4d4f879d5aeeb8422be08a92464c5cd49725e83bf8e2342fa7a9580ded1

SHA512
63d74463f6d02e253cebea1ad6ac7d435a9545790332e8333b06ab731b8d1fd51eb7b6467bfe5f1eb92a6886adb361852fbe8aac288032692d8607ceda86dd63

Download Submit
C:\Users\Admin\Desktop\FindOpen.au3

Filesize
658KB

MD5
397cce30c66b01b4c871d42fe78a70bf

SHA1
13bce41815b880f4a66a9251b5be48bef47d7092

SHA256
3f7a9eda64b388e534f85229d615d2c0027ef1689f7e770d7bd3dae3521d75da

SHA512
1787d5ea8d4cc9d13ae6e127b6a5df0ea3861bb3a711cd986013d9d98c7d2773bfee802919db20aa70514957e95d774b04bb65609f118fe6bca760bca4a47d16

Download Submit
C:\Users\Admin\Desktop\ImportTest.dib

Filesize
403KB

MD5
93402e00f9131bc2827f6ff62d6c51ab

SHA1
30342e1be51f5a371894f6620b7eb50ca2466d4f

SHA256
393d94a6ac90c0fc7a19e86473c22e04b2da5d681797af40f8112304b7282ba2

SHA512
51172195dff4df0d9d7750684bdd08df28a2f28b6748b2729429adfbb5bef7932466fe068291ead3627c1fdccf088013004b44449d5325caa7302177a2673449

Download Submit
C:\Users\Admin\Desktop\InitializeUnlock.vstm

Filesize
678KB

MD5
0c3c6e7365923675340e6a1dfb3ad5a2

SHA1
160d6ef192685e69f24375d5679bb5860f04fd22

SHA256
0e6aad504e39cc5400fec7d7610a26b779b93c9c0f2ef163e54ee5d23834df79

SHA512
5a0840bac966b725b32a8b3e05ba99e4732f62113946467ed98ee893abbe7d4b81eb4879b2195393b09d98fc66664ca818d537f015e3add06c0be58352d11d7b

Download Submit
C:\Users\Admin\Desktop\MergeAdd.ini

Filesize
963KB

MD5
b60ccada5a25888f5d73e0308eaf5600

SHA1
a77b9453cb5d859079b0a443baacdbdabbd9e141

SHA256
02513f768e9b3fa3286cd16bf828e720908effd22db04097e5c82ef474d75374

SHA512
e498ca8c3c5bfee0700036e10386409a3c8b8f2e34a486720cf329e828b6edec8623c4a681df94fb0fed5fbded10472989c4818569c0243b3093f1fc3c0cd755

Download Submit
C:\Users\Admin\Desktop\RemoveImport.wm

Filesize
442KB

MD5
90b886d518f365d2d406fb1324b6d570

SHA1
cf838118acccb3eae9e29c796e19c8e4fb50b4a8

SHA256
6101abc2e58e80518f44282930831357b5aa9776b114a4ff0fc548d6ce6fc01d

SHA512
99fc9a89d0bfca8cea8bff4d806a4726772d55a420550c849b3f6c50d26f0573ff7e3792e560f2220945753fa44b6c6aa285cf6fad751590c0a98955a9fc80ad

Download Submit
C:\Users\Admin\Desktop\RestoreMove.ps1

Filesize
324KB

MD5
c4dedc1d2941d94102d65bfe89c3f8d1

SHA1
46d719a8884fe66b24fbdd032941ee2f30d296a0

SHA256
2f87c3857340fe4675c77847de73aaed97e88250608bc0e3783f4fee81c28e2a

SHA512
4a932343883a6683e296b31ddd1599b95c9cf121a25156113498ec5577eb19a6ed385842598c62c79de34d44f0a06525948112d8fdc33ca77d835c18f54113e7

Download Submit
C:\Users\Admin\Desktop\SearchMerge.ogg

Filesize
619KB

MD5
6129a81f5218dac6225e64892e218034

SHA1
e01e55a63ef0acb60e9866901dc6dd454fc481e9

SHA256
db3afcba3da26a24f31f7ac8ed09db91c84ee5f99adc6ad672fe3ddbf380e7aa

SHA512
5b5ba79b956baeee61c44c2faf21d3e43c044cc06b61293baeb8fb5e9dd559205a028f7f9b6a0fb4bb122dd1b793d670dacc6ee316a1f797bfb34f719145cf34

Download Submit
C:\Users\Admin\Desktop\ShowUnprotect.wav

Filesize
285KB

MD5
687c5f1f317e094a797aa8e25f518c6d

SHA1
ded7420581eacedec62a51550d07dcbeac8a8276

SHA256
c15ff15258dcf99b1465887a4ea26b9ed644af02d90fe2aad4a92a7016dc70b1

SHA512
f7908cfe6e2c4d8688014b1e14fab8f36e296078e7620486ecc862ffcca3eb6623eb7c159fadfe426de11b706059d29e4f386d01ae6530168e43383fa8aca7b1

Download Submit
C:\Users\Admin\Desktop\StartStop.txt

Filesize
501KB

MD5
a52ef8b9bb0e5d26e6bf28c613d71be0

SHA1
c774360d6d70a984690d118292d58c389014067e

SHA256
de694b9cdae4aff1cb799ecda251028bffdfd8d86e6c315fe7ed4b9fd5462dac

SHA512
417ceb9b9455ee020a8b0703acc42babd753de67e3efe72e9771f7c5e3286e177cdbdc0dc997b59b6931f6b9fda3ac476de4cbd487ba9b104b3853d92e4e7172

Download Submit
C:\Users\Admin\Desktop\StopInitialize.cr2

Filesize
462KB

MD5
8837943fcda5d0fd2abb0ba632bcfd1f

SHA1
c9c83b4bc25abf580317741a2819290bdcd7dbbd

SHA256
a84bcb89b60fbedc6fdd6a8321c417c180e4df159dc4e39bdf966a7c8976fd86

SHA512
7c6039f306bdbcdcef58b8feb72bf92a2dcd5cbeadeaa9a0f5aadd4755ebe4bde45179ced89075400871f727dc41d99694872cd21230547bf03e122f55375e5d

Download Submit
C:\Users\Admin\Desktop\UndoLimit.crw

Filesize
383KB

MD5
572a4d4d4046544dd5593be4bb0f7f90

SHA1
972ff9c4643768e5a20e73317a42b9c9c8013493

SHA256
27377a789a9c6b71c7072ce8dd8457e94e73e312d99204a050be3ec3cc5ef5c6

SHA512
0fab272c6d3f22273a42e3d137e0dac82fa9d4c57ec0b4ff6b222bc00dde7b11548fd4b831e893f1701daf52f6b9b1881c01e0ea59cd77213388c43abc9278a7

Download Submit
C:\Users\Admin\Desktop\UninstallInstall.html

Filesize
265KB

MD5
504d7d91047437c1dad8092fb3431ff6

SHA1
151e4231ff33f262449d3d7e5c8c95578a65d49a

SHA256
5a4f2739a6367b4e451b246f4ebe7d6c642edad49c8dee09827608964022af85

SHA512
716e4fa92bfc2de40889a13d7760adaa9ba4d98ff3392584813b0863643566c5e4d3594950e70cf8d243e82a953c2fd82f6bcc54f2fe7155e4a13f892d78180e

Download Submit
C:\Users\Admin\Desktop\UnlockPop.tmp

Filesize
344KB

MD5
f1584dfdf954ff7f5fca06f9b7397cd8

SHA1
9e5579668f1710f2b3122050c3b1a16f90ebf3a7

SHA256
474299c17991b9d78af8340dc7d21f2fe57fe0ae9c10299613827e9e395c1a2e

SHA512
8c76bdc02bb20dc1418960c2edffe38152597b63f1354cabf1558bea22b34bdde4da07960d1d8d29e7e956c4792da2f0bd5475d521cd02b8b75fb73f3d223d26

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
ddb2a50fa31faeb708d8157e64c367a0

SHA1
66b61c86696dda2382add9c63dd38d6c41d86382

SHA256
68daeba1ad9a81e03ace685ed82f676d231816b3899a3554bfbd788c9b67e2aa

SHA512
74f6cc61b8c0dddd3cc7a8d1fa7dfe9ac88c1119ae2f0b6ee62f6f523b63e9a13eac610f928321482a6c9cf918c76ac236ff3f9306cbe49996b646fda7eb4875

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
cab94eade61bdbb7b9921deaf54a390a

SHA1
a1a18bfe6db86cef1e243dde796f80ffed8a2ae2

SHA256
70904713ebde3d2eb403a5f51300ef188f365d5dc4e52c13c4531c42be685ed2

SHA512
b4350a48085078a3a366f2c5ffe78e822dd6ca0524f59bff59034c42023e78517ac0ce201c6822a7706bc36f65915683ca0b9856b85da2cb67d0619bbf2df62e

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
88c5fcb6eebf68b1de3d557ea2948a34

SHA1
d7bc267e233fce38e395eeb5e3ed1e369beaacde

SHA256
c5a2c502d5c0a5e4afda9542baa6971664e86d1b53b04178e135b055baf7ce28

SHA512
c8c6276a5e251f88e69b5c8ca8670c641933c210e2b406d1a5980e5a99c6f07ad379433e1417746583d4f80d781a6bebca2dc0dc30c865ee038b20f7600e30e2

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
65673a0c53dcae1d42baa809831e5a52

SHA1
10e20ca22fde43c4b85c5aa77735581dd9c273fc

SHA256
8f6522f82c8f08771fd3c4725261241ce45b388778408f31a373f408ea5852a2

SHA512
a98c4f662e73fac162775f588243ff57cb20d6734dfe0087515a62cab2f20db698ca8857b3b24058786eb46cc48a32ba4484bfa93cf3eabf28c0bbf448f43b85

Download Submit
memory/2756-34-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-63-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-65-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-64-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-35-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-62-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-39-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-38-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-37-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-36-0x0000000001FE0000-0x0000000001FEA000-memory.dmp

Filesize
40KB

Download
memory/2756-40-0x0000000002050000-0x000000000205A000-memory.dmp

Filesize
40KB

Download
memory/2756-41-0x0000000002050000-0x000000000205A000-memory.dmp

Filesize
40KB

Download
memory/2848-0-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

Filesize
4KB

Download
memory/2848-3-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

Filesize
4KB

Download
memory/2848-2-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

Filesize
9.9MB

Download
memory/2848-4-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

Filesize
9.9MB

Download
memory/2848-1-0x0000000000840000-0x0000000000854000-memory.dmp

Filesize
80KB

Download
memory/2848-77-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download