xworm | 9d4e6b0fe6db752c0bab9fd0c9d2041f3304880010cfa271486f2288c80fd4f7

Analysis

max time kernel
1s
max time network
177s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.6MB
MD5

c655d958dac296c3e6b0667e5f00dada
SHA1

678c76f62274a01a98ddd70082589c4a283c5a5a
SHA256

9d4e6b0fe6db752c0bab9fd0c9d2041f3304880010cfa271486f2288c80fd4f7
SHA512

98c4595eccf9fa67f99e16d36347739932fdbebe29bd95d65e397e60a34002d3724f9221fcf0514631f8cf05808c320cdf4c22eee28e77b06c01993b1079d7a0
SSDEEP

98304:9sNuDeuRqghwVZpsCzTB0saQZ2pT46vyQUiGNcX84I3UjpFU473BJ9kQEuyh2:Qu1ElzTB0saGhkGs84I3U1/JQh2

Score

10^/10

xworm execution rat trojan

Malware Config

Extracted

Family

xworm

allows-welfare.gl.at.ply.gg:49180

Attributes

Install_directory
%AppData%
install_file
System32pdfc.exe

Signatures

Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

behavioral1/memory/2336-331-0x000000001AD90000-0x000000001AD9E000-memory.dmp disable_win_def
Detect Xworm Payload 2 IoCs

Processes:

resource yara_rule

C:\Users\Admin\AppData\Local\Temp\RarSFX0\system32transmitter.exe family_xworm
behavioral1/memory/2336-13-0x0000000000310000-0x0000000000328000-memory.dmp family_xworm
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid process

2724 powershell.exe
2532 powershell.exe
2264 powershell.exe
592 powershell.exe
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

6 ip-api.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

resource	yara_rule
behavioral1/memory/2336-331-0x000000001AD90000-0x000000001AD9E000-memory.dmp	disable_win_def

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\RarSFX0\system32transmitter.exe	family_xworm
behavioral1/memory/2336-13-0x0000000000310000-0x0000000000328000-memory.dmp	family_xworm

pid	process
2724	powershell.exe
2532	powershell.exe
2264	powershell.exe
592	powershell.exe

flow	ioc
6	ip-api.com

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
PID:1752

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c start "" "system32transmitter.exe" & start "" "AnyDesk.exe"
2⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\RarSFX0\system32transmitter.exe
"system32transmitter.exe"
3⤵
PID:2336

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\RarSFX0\system32transmitter.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:2264

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'system32transmitter.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:592

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System32pdfc.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:2724

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System32pdfc.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:2532

C:\Users\Admin\AppData\Local\Temp\RarSFX0\AnyDesk.exe
"AnyDesk.exe"
3⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\RarSFX0\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\AnyDesk.exe" --local-service
4⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\RarSFX0\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\AnyDesk.exe" --local-control
4⤵
PID:2224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x58c
1⤵
PID:1584

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\AnyDesk.exe
Filesize
5.1MB

MD5
aee6801792d67607f228be8cec8291f9

SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066

SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\system32transmitter.exe
Filesize
73KB

MD5
864c37423bb1332bb4ae49b13da56cbc

SHA1
6a710197408e7e50e78b529e85499a364447fbd3

SHA256
d61cc856e397eccad395768e0046e54a1b2b32b580c358195206dcf3cd08da3c

SHA512
4dae0ee5c4dc08ca295e557a3aef27187a7b1db9bc9ec27445f83f06937c9c81ddd0974219df34d6556c0646685287997a97ec2702a3eaac433c985c7e976c34

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll
Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
Filesize
7KB

MD5
fa1b2ab80899669cc36950fc4c0e9d3b

SHA1
8e3e7e37f028280f38ab9c4c21ee61eee06fc1bc

SHA256
3affe77aac46f62ebda72590eee97ab8731f0cf57a8667c1f0156d5e0e7090d3

SHA512
7d45a8ae105ee50f780a5892dd21f7921230cb58dc5bd52e98017cb5577edcccf4f6493aa5af67619aa3c8709e112323a18329eae4e5b12d9a2ce65ab0322bf4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
Filesize
9KB

MD5
b71f46ce308fc4a61278ed7e4333fc14

SHA1
8ed1c8d8b5ad70ca551003277bd24e8fdfbd85a3

SHA256
5be38e0a02e0b5e4047b7b4ce7307cef3a97025293245f81cb430591c5ec916d

SHA512
8f916c0f1ad79cebd0e1d71fb691de0852c534baf76d2753f1e5850df53a83f196de7c4dd1dbba6aa139d54d8269c496a7b0d29f7ffbe9cba8c0dea586170708

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
Filesize
2KB

MD5
4c2964e2c857e7f358e7608a33900678

SHA1
68e1468b9b8759d050f9080097c6f91f289b67fc

SHA256
916dce43c3b24bc6a7067e56bce945010875dfd5c59ad62208ae588ca980604f

SHA512
adce11aba59010765289dd2007740affafe71131099b1fdd447ea3c7c2820954eac375d953e52a745c1827dacff87ebfbff74c42a2443ec0028fe8121f6ed2b4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
Filesize
2KB

MD5
8cb65651038d68be3fb36338313ff899

SHA1
e552983956655cede471a5dcd2dcb22750953daf

SHA256
d4042df4fdf3d9f8432dc928e9018ff130b3d1809c8de576ed6acd24d8e2707a

SHA512
3b3c4a901287352e0c96e67566084e8b9aff3f4bb775e6c638ecc89f8b7bd1068e6136fe657fbab324298551aef61aefee6d240809dbb3b2fc98dda5d14d3c3f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
701B

MD5
13916e95bd05e55016fa3d6261a020e1

SHA1
a4baadb9376bc188bc64b689d6ebfe3ae4d8e357

SHA256
fb914af8200b5a417b5f3c85f025ac8333405e603d46c4cd008629d925de38f4

SHA512
ca41ad166d42209d633f2f53a7553c4fb0ed59cb2b315b757c1987c5eaddcc7bf06c37490d072f1dd04d8fe8adb51570ac3447db305f8b55f2ee7244f1c7a1b2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
758B

MD5
4ea9fa0e244115d5a969e9eb76c84ade

SHA1
d6850c34474626e7496210224c02cfed4ca90482

SHA256
ed2f8d924e823b7a9701b6b95feb1c23693709fdf723237e9b1deb5a73f7adf9

SHA512
4c571d5c9ab4066c527582588660190a9809bea712083ad4cf4d5e41b92e2cf42faf7df6f31512e634a899b25a5cf8244c60dd59f032f464e64868eeb456e575

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
424B

MD5
1bcf750b9b0a13258306ae31561a6886

SHA1
e30b5531d6316ec64cbd124c36105b375031713b

SHA256
e14d90613a138762e905e9847053e0df61784187877a61bf2097ec5448969d44

SHA512
e4c72554695f8e571a2bd5c4997dc5689ea04febc712e25de17f5fc3b57096d59eda38552a6298f1c3f03c3e6160ba13981936ef6cefc9f4dab037d223d11cf9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
Filesize
424B

MD5
80b0d4846716aac92c2b094d7b714dfd

SHA1
836d1c782b3cb0a24ffb3b1960bb247f8736a96e

SHA256
61ed649df528357958670fafba165be89088203f96e5dff05db86a6f9366c107

SHA512
ec3a8cc010a8d0cd98f47649fbb1be75afd771bad666d7c78b4462a0093003fa71e9eae37030f7acc32cfd08ad808c4fe8242dd41b8543fdd41bb99bb5325069

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
2206ec81a726c8df39f87a012adbb343

SHA1
436f83dfbee64e50c0f9bf995b1c3c5a9730983a

SHA256
9b350abd90b10d7867bdbedc7769e4288fb5564f9f7368aa014a7c547af6fc48

SHA512
983e47a402366fc9b96fe84dd95838489568717ded607f3184a8c15696311fa86ffad507c7ecc51b631e7f02db215f71e48639defd821083b7674df1b263a710

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
cb5edecfe46058e5de8cbad1d7a3c806

SHA1
beed078048875a02a706036362c41245bcc941ac

SHA256
bff70b59e0a220cc766b7f14ac088f19b56ee7d72fb9f0b347b3888fddc0c214

SHA512
53bf6ae50781677915748bb80f528f72301c0ff0cac0fb3cd367e5bd8f57b66fc4c3201f68fdf1dc83711b5fc39b0b140082b76640792d6d32a310da3f3862a9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
f7410bf376da6f4586490836aa957141

SHA1
ab4d85c308d6983a1a53f3060059b5c757e9788c

SHA256
00b7a1cb9ae6affac8610147ef03fabfd29fd00d1ed52eef503d5e88d13cd1e2

SHA512
ff4c3a1193279023407b241a3fd38874de85a262408e1586b89d170b1d164c24aaad16e3819f18d0a7cffc121560db0b440ec9ba1b864fc72cb8c4276c149740

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
f55503931ecb1ba4415d7d2a52051fad

SHA1
39f8b9fe5eb73e544579a755c3a84cfa5407efb3

SHA256
193fa0b3ec43f83bab129f3c1e9ce7eeeee6e762f5f1a142d55a5ddadf224587

SHA512
fb31ae42a2754c830c58632be2e8faf8fdefc19e56e62fc653f6517363e20e09e3abc45177ab553dbf0110b00f0ee5be11a9c5ff52eb1ce3c94be6d318f7d07f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
685a74cf87f7c6fd5b5a77095721aa24

SHA1
5a21ad22808d23fa10fac713746db307459cd24f

SHA256
9dfb72a3643e432e330c9100572c7ac16ed1096ddc74ab0bf917ec6f0637dec3

SHA512
4d4de61ed72f083d8f0c8d3168b1000e8ff46bc3862caaf3645c06a1665edd0b891962413ec652794ff33561aa24bdd6b34eec4a48ceddb67ef4de9966fd5a16

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
a1d9512a1e4a8e007bce7167b24a3e54

SHA1
d3d7eb004bd0af631657fab3eac3c7f31ae2274c

SHA256
9d23b39d8b56de36cfa9226d1b5e47f071336d38fad7a0dc2e4a9695e1870c5c

SHA512
9c7765617851e3dcb55780142b11ab657485129268c854c27116d9390e87cd457f58ee0528404c708d5c7f1d922774d90fa84e410d786fe8873a0657b91a4fac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
4b591b44d8bc042f762b8d9f04f10d60

SHA1
43333f44c4f7861f5cfd4f78337514b3d081fdbb

SHA256
0eaf00f9bb3c1e97e085851a002d5d61d442b9d7872054c88bfb2bf7d119768e

SHA512
531084aad40c99a205d22bce25fd99c5ebbc5bf9885a90c2d1bf4415cae8d02b708516885715fea9b64da57a173d179d373cf882899f1c7cbe445a063c64d9fe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
d262fa1a75d2b2151b0482d908273fe3

SHA1
6709e6c43e07717d1f32a56e4cb5b5e96213fc38

SHA256
aae7c7c632e0b44d0bdf4d605cf2099de58d7ee67315ac0befd010e121a2bc83

SHA512
9c694a9ea56bdae2728c7f28ed35090e5ecacdf82a17f9d602efdfe9dca44405e965e95da3fbb89fa751bff110e0f4db6f57b01b7e9065552af41e3380107712

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
abcdb6babacb3264c4b9fa79128a0cff

SHA1
3a4f876f4ef37cfe7b209b8a1a9320d831575d8a

SHA256
0b8e4c31699a1556139bd485395d18ab8d6f344da9246d2446a1a2510f896217

SHA512
bc90817f0537d8b48029abfb3e22349d091880da1b7c2389ccc46a01f5b56da020511ea4a335630983f02e4e05ca0b2878fc4cfcc93f2aeb337bfe8c2a6e590e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
5543a50d8b46fe9efb02b841b0d73ce2

SHA1
60ecc2a1aeba9c15bc6669be687b3e158276f293

SHA256
16466a5c00bd9834bf758c03d1c6168dbe2606598e98db7d7ec4b96ce2795c4d

SHA512
7944678a0464d58dd2289fad5121e288e257d1ddbad2f8cd1422c1c53e79d46cd8e579c81a384e689076427faaad3aed602e73309abdf184bd0e0a42c1262fa5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
3KB

MD5
f81715686b7a286cd350b0704396792a

SHA1
b489dd8bd0b5f6d10345d1a6663be22a50af244e

SHA256
e31e3bc0565eeac99a763edc46dbb08587d13779d8f94d04e6e3470b4d3bf8ea

SHA512
44676e996fb7d2c3aa08eff623ac51f0171d4b1a0530eb1e9e3bc47e086b47eb82f2b6917374a80cebdb804a80441c9c382a42b21e01add5eec8cef18501d605

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
368f6eea01facbd24db96540b591efa1

SHA1
220e912fb76eed3460f37c0be225c159322a8092

SHA256
d2e010732823d4d846b482e331c5330426ab93956ad93ed2cb694f8c42c0cda6

SHA512
52066600f8c84e1092249142cd7e1e00d06afacd7ab70f6d696364568cb7716e3c528eea06c3161011d7e3b537285cf37467fcfd7846ddbfd7ba559694353bac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
c99faac0548cf6a1a91a100ecb794bce

SHA1
1bcfe430ddaade0fee9f797ebdd5824b73f534ad

SHA256
0bbc30c4f20ee9d065b47f4bc734702ebeec95adc26ce93af68285370a9c903c

SHA512
ffe164a08b3909841d18efec1169e76762afe496588bcea1f7c36e15fca1f83a54022c506230bdf923f801c5001651f3a0069ea08a6b794f204eabc5387dd81f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
6KB

MD5
24b2e68c41e70ec90e77ea056db7530c

SHA1
a722805c630a2152c0c604391ae1018b4bdf4a7b

SHA256
41755c0ede45db70697d969c741708430f93431e631d7c90969fc55d11953168

SHA512
3ca9bff6b0ffd5761b470b79f2c662fe778d44169a57729dafa96a0597f1b8ef66d06dc1070786b61522bcb9ef6e46b637ebd10926e223b923682454ba574a81

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
63648ad7fb9d7a81f636a2e1f7d041d7

SHA1
9eaedae2379c13edf9d19011ee41559b39ea1b2c

SHA256
56bae7856d30a046cc67e2a36f901db99cc39becfeaf1dfe739365c44442086a

SHA512
556948f14f5268be7c5f3c531d866d3b5674b0b37d84bfdc0ee8051516fb2f0a41a1f3548ccc4884d6926029e592cff69fb21788b5931ad6fbf89709aec89be4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
15e06b6cf083194cdb949a6301b9d773

SHA1
7f1d002083f673a4cb23c810d3bee788a7a8ccc4

SHA256
4d53a64d83fea25fb4588846981fb38dacc3d7b3aaadc0245290ba781ca88ddc

SHA512
98898cc111e6b09dbe7c566c9b9c798194dcace308cdee55b7dda882bffb5446ee054d3ef45f09adc25f0eda0d5643c545d38ec7555fc440e9dde633c4825f2f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
Filesize
1KB

MD5
ce7a924ce85ec130d1ac3e9f01aa384d

SHA1
b899a9a6e43d985447f090b4377176cfab0dcb3c

SHA256
777a0d1a189f63df86c0a7b68b15506bdaaecb396ec45e5b31e8a6bd23305fdc

SHA512
d62a27cb611de6916ff4b4348082336eb9d1a5fe8003727763357e0f15891bb9c4b60a70d4408329e398ff6c8a8f604e12d5ed53dfc3c22f02e82a04af1e240b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
Filesize
7KB

MD5
f5ddff99e388535e7d88a193fab74d55

SHA1
091be4421419769159b84b590ddd07adc0f213f7

SHA256
a6472e45853631cac8d06428e6ed329342a7d156974ffacec6f1307d0570fb5f

SHA512
601e3896911578d963474e48ea3c3875d76f034f5c3d5b6202579da746787a2d716fec6bf80ce5e59bae7d1bacbbc89c2f7f8c3e5888fbca41df227486f9f86d

Download Submit
memory/592-218-0x000000001B260000-0x000000001B542000-memory.dmp

Filesize
2.9MB

Download
memory/592-221-0x0000000002230000-0x0000000002238000-memory.dmp

Filesize
32KB

Download
memory/2224-290-0x0000000000D30000-0x0000000002479000-memory.dmp

Filesize
23.3MB

Download
memory/2224-34-0x0000000000D30000-0x0000000002479000-memory.dmp

Filesize
23.3MB

Download
memory/2264-209-0x0000000002050000-0x0000000002058000-memory.dmp

Filesize
32KB

Download
memory/2264-208-0x000000001B360000-0x000000001B642000-memory.dmp

Filesize
2.9MB

Download
memory/2336-13-0x0000000000310000-0x0000000000328000-memory.dmp

Filesize
96KB

Download
memory/2336-320-0x0000000002260000-0x000000000226C000-memory.dmp

Filesize
48KB

Download
memory/2336-328-0x000000001C0E0000-0x000000001C16E000-memory.dmp

Filesize
568KB

Download
memory/2336-331-0x000000001AD90000-0x000000001AD9E000-memory.dmp

Filesize
56KB

Download
memory/2532-283-0x0000000001DF0000-0x0000000001DF8000-memory.dmp

Filesize
32KB

Download
memory/2668-14-0x0000000000D30000-0x0000000002479000-memory.dmp

Filesize
23.3MB

Download
memory/2668-288-0x0000000000D30000-0x0000000002479000-memory.dmp

Filesize
23.3MB

Download
memory/2724-268-0x0000000002520000-0x0000000002528000-memory.dmp

Filesize
32KB

Download
memory/2724-266-0x000000001B180000-0x000000001B462000-memory.dmp

Filesize
2.9MB

Download
memory/2776-289-0x0000000000D30000-0x0000000002479000-memory.dmp

Filesize
23.3MB

Download
memory/2776-32-0x0000000000D30000-0x0000000002479000-memory.dmp

Filesize
23.3MB

Download