Overview

overview

10

Static

static

Microsoft.exe

windows7-x64

10

Microsoft.exe

windows10-1703-x64

8

Microsoft.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2022 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Microsoft.exe

  • Size

    4.0MB

  • MD5

    083f54e1891baeb8783adc6ee775fc41

  • SHA1

    9f7b44476da46086e38f89f4eb2b9900629082a4

  • SHA256

    b55abbc07b02308c5315aa31de307ca62665d340806114a1992536584a5895d1

  • SHA512

    4c0ab2a86af49ed0fd129095962e11baa9fa9a9e0276473832be6c47bb8918c5c39a2f228a06e6f7d2aaa8d791c75645102ee5674ba44a9e3b9dc079c936d8ab

  • SSDEEP

    98304:Zwa9JkoXTaSRr+aV1uHIx5gjSTBvq+TYIMV3hMAo:Zr9UY5g0v0g

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX payload 4 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 9 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 10 IoCs
  • Drops file in Windows directory 15 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 25 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Microsoft.exe
    "C:\Users\Admin\AppData\Local\Temp\Microsoft.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3560
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\Microsoft.msi AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\Microsoft.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1661178649 "
      2⤵
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      PID:1808
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CE5C1C581C1ED9E529D12477AD61B648 C
      2⤵
      • Loads dropped DLL
      PID:5116
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:3684
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding FB0A5D258DE7C15F1AB8900D470E7372
        2⤵
        • Loads dropped DLL
        PID:3188
      • C:\Windows\Installer\MSI2E6A.tmp
        "C:\Windows\Installer\MSI2E6A.tmp" "C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:4136
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:3768
    • C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe
      "C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:3056
    • C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe
      "C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe" 600 0
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe 601 0
        2⤵
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:5092
        • C:\Windows\SysWOW64\userinit.exe
          C:\Windows\system32\userinit.exe 609 5092
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5084

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    2
    T1012

    Peripheral Device Discovery

    2
    T1120

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe
      Filesize

      192KB

      MD5

      8a8db1e20dc508af5a81fc00b1929468

      SHA1

      32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

      SHA256

      386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

      SHA512

      9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

      Download Submit
    • C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe
      Filesize

      192KB

      MD5

      8a8db1e20dc508af5a81fc00b1929468

      SHA1

      32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

      SHA256

      386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

      SHA512

      9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

      Download Submit
    • C:\Program Files (x86)\BitDefender\Handler\log.dat
      Filesize

      199KB

      MD5

      4d46b087b62183d86c53bf05ce4e2c8d

      SHA1

      174bd3886bd598f621eb758f469f69e85532f5c0

      SHA256

      49686cbde9535055fa48a0742bbe765f9d6ec1104e7efa8f71d1894f2d7d7873

      SHA512

      cf87b40dd69306285adff88de6050c1d456c34b2056e8f98ca7cf046459b6839afe67f4b13e25e5162ab311f1033a004b7e1bdc2955a10e8490eaef0f882a117

      Download Submit
    • C:\Program Files (x86)\BitDefender\Handler\log.dll
      Filesize

      139KB

      MD5

      c55b6938f885c07d627c15165c21390a

      SHA1

      9d2e460fd11791e78eb7fbc1357c973493293572

      SHA256

      f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

      SHA512

      9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

      Download Submit
    • C:\Program Files (x86)\BitDefender\Handler\log.dll
      Filesize

      139KB

      MD5

      c55b6938f885c07d627c15165c21390a

      SHA1

      9d2e460fd11791e78eb7fbc1357c973493293572

      SHA256

      f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

      SHA512

      9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

      Download Submit
    • C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe
      Filesize

      192KB

      MD5

      8a8db1e20dc508af5a81fc00b1929468

      SHA1

      32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

      SHA256

      386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

      SHA512

      9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

      Download Submit
    • C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe
      Filesize

      192KB

      MD5

      8a8db1e20dc508af5a81fc00b1929468

      SHA1

      32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

      SHA256

      386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

      SHA512

      9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

      Download Submit
    • C:\Program Files (x86)\Microsoft Office\Microsoft\log.dat
      Filesize

      199KB

      MD5

      4d46b087b62183d86c53bf05ce4e2c8d

      SHA1

      174bd3886bd598f621eb758f469f69e85532f5c0

      SHA256

      49686cbde9535055fa48a0742bbe765f9d6ec1104e7efa8f71d1894f2d7d7873

      SHA512

      cf87b40dd69306285adff88de6050c1d456c34b2056e8f98ca7cf046459b6839afe67f4b13e25e5162ab311f1033a004b7e1bdc2955a10e8490eaef0f882a117

      Download Submit
    • C:\Program Files (x86)\Microsoft Office\Microsoft\log.dll
      Filesize

      139KB

      MD5

      c55b6938f885c07d627c15165c21390a

      SHA1

      9d2e460fd11791e78eb7fbc1357c973493293572

      SHA256

      f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

      SHA512

      9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

      Download Submit
    • C:\Program Files (x86)\Microsoft Office\Microsoft\log.dll
      Filesize

      139KB

      MD5

      c55b6938f885c07d627c15165c21390a

      SHA1

      9d2e460fd11791e78eb7fbc1357c973493293572

      SHA256

      f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

      SHA512

      9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\MSI6DF2.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\MSI6DF2.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Microsoft.msi
      Filesize

      1.5MB

      MD5

      df26d42194e934122c73559987f3ab84

      SHA1

      c526f8e1f8f4b22c0b62f76af448c63a7e5f2073

      SHA256

      eec36f5b2d28bb8076648f96899def8e297347322dd7d13368234680eaaee01d

      SHA512

      e62bd5773649251dfaa4870b2e5f6ebff6e69dd18ac4ecdeb296d0826b02b4a76d878037ea183a2653044afe5b807cee15c9fd1d7032bb6e75e761609e8f30b1

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Microsoft1.cab
      Filesize

      351KB

      MD5

      a66bc9849ba7d090a983e1aa64275e9a

      SHA1

      86f35c1a29cde722c2c822c46e4c4eac0b360f4a

      SHA256

      1b1a6809886af74850a817d23854ada702af6e6f094ac477049faa46c317d9cc

      SHA512

      e1a5f7b65bbca6a6eba9bcfaa278882961e3d0ad3b03a18a6fdda91558372d9a902d6ebe2f203d5b1174145eb84b3b5ebfe9fc78bb1d081f34d72b9b03993f90

      Download Submit
    • C:\Windows\Installer\MSI2AD9.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2AD9.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2BB4.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2BB4.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2BF4.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2BF4.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2C24.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2C24.tmp
      Filesize

      377KB

      MD5

      316ed83688978925aa47a0c4d5662d2c

      SHA1

      96aaa52977cbd62ba865b35f9730c7c2861e5c2b

      SHA256

      da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

      SHA512

      14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

      Download Submit
    • C:\Windows\Installer\MSI2D5E.tmp
      Filesize

      529KB

      MD5

      aab600da7532150b6fd984f3c6e6d781

      SHA1

      30c95ec5f80d8595221c9f37c0f172ea2ce7b917

      SHA256

      c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

      SHA512

      70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

      Download Submit
    • C:\Windows\Installer\MSI2D5E.tmp
      Filesize

      529KB

      MD5

      aab600da7532150b6fd984f3c6e6d781

      SHA1

      30c95ec5f80d8595221c9f37c0f172ea2ce7b917

      SHA256

      c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

      SHA512

      70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

      Download Submit
    • C:\Windows\Installer\MSI2DCD.tmp
      Filesize

      529KB

      MD5

      aab600da7532150b6fd984f3c6e6d781

      SHA1

      30c95ec5f80d8595221c9f37c0f172ea2ce7b917

      SHA256

      c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

      SHA512

      70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

      Download Submit
    • C:\Windows\Installer\MSI2DCD.tmp
      Filesize

      529KB

      MD5

      aab600da7532150b6fd984f3c6e6d781

      SHA1

      30c95ec5f80d8595221c9f37c0f172ea2ce7b917

      SHA256

      c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

      SHA512

      70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

      Download Submit
    • C:\Windows\Installer\MSI2E6A.tmp
      Filesize

      401KB

      MD5

      8c7085c86a4b14296f6e76525f20c828

      SHA1

      6113087876f86c9247bc4080c08ce1ae578d9a99

      SHA256

      beeaa8bfc97d87c1739611a88d3f4fa9a561cecbc5379309543dd850cc3f956c

      SHA512

      97dcbe469ec14114b90c0c52c289af173c6078b8aad3f9bb78c212278f1980d2750ce8bfba6b1ac0aaf72aa956f4c0be0c471ffbc7e811d4affa5896d36367e0

      Download Submit
    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      23.0MB

      MD5

      ad2fa6eeabe3c08750b7262d72eef9b9

      SHA1

      4817af3534704471354ca09f135d595067bad890

      SHA256

      77fdb8bababc08a357d4b3a5dea90554dac9f5a412f92842b2311253f99c1215

      SHA512

      ca29db5d9b7b6d091983ccb0de245cb9fe11bbc6fcb339e84333b791438944f77cbf024e72f802e70cf1b1592f50af90e1ed563cf40a4e012d1431316004affd

      Download Submit
    • \??\Volume{2fb4ccdc-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{f3cca708-c7f3-49ba-8519-33c0ceab290a}_OnDiskSnapshotProp
      Filesize

      5KB

      MD5

      db7dfbe67b1e3a1acfd0619f68ef828b

      SHA1

      fecb23e986d53841963363ff270ca3d808b14215

      SHA256

      e12998cac58b727721d4909597c84e324c7f3486df94ff112418f44b42abbc4b

      SHA512

      bb7219299756bbdc52f987179798d4bca283bda13c66261ed2c9662b3ec985d372dccf7c7b4d8fd6224e0eebcf4af2d57654501ab1defede4eaf9a06ed12f07b

      Download Submit
    • memory/1808-135-0x0000000000000000-mapping.dmp
      Download
    • memory/2164-168-0x0000000000970000-0x00000000009A2000-memory.dmp
      Filesize

      200KB

      Download
    • memory/2164-165-0x0000000000EE0000-0x0000000001EE0000-memory.dmp
      Filesize

      16.0MB

      Download
    • memory/3056-159-0x0000000002A30000-0x0000000003A30000-memory.dmp
      Filesize

      16.0MB

      Download
    • memory/3188-138-0x0000000000000000-mapping.dmp
      Download
    • memory/3684-137-0x0000000000000000-mapping.dmp
      Download
    • memory/4136-152-0x0000000000000000-mapping.dmp
      Download
    • memory/5084-169-0x0000000000000000-mapping.dmp
      Download
    • memory/5084-170-0x0000000000FF0000-0x0000000001FF0000-memory.dmp
      Filesize

      16.0MB

      Download
    • memory/5092-166-0x0000000000000000-mapping.dmp
      Download
    • memory/5092-167-0x0000000000E80000-0x0000000001E80000-memory.dmp
      Filesize

      16.0MB

      Download
    • memory/5116-132-0x0000000000000000-mapping.dmp
      Download