Overview

overview

10

Static

static

10

5d01d8b0d3...06.exe

windows7-x64

10

5d01d8b0d3...06.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    158s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2022 21:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106.exe

  • Size

    445KB

  • MD5

    0ce08fd4c7c5add13722bb1e5bb4d781

  • SHA1

    5a8eb705f97906d2cbda68d01b6627a8ac695278

  • SHA256

    5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

  • SHA512

    0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

  • SSDEEP

    6144:FxJsGLnl8StLmLeoxDNT/xQphU+jrlgzfuzt91C9NDyWId98HhqbxtHGZ:XJsG/mLe4h/xQp6+tqOYy9zo0

Score
10/10
cybergatehackpersistencestealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

v1.02.1

Botnet

Hack

C2

downsppp.no-ip.org:81

downsppp.no-ip.org:82

downsppp.no-ip.org:1117
Mutex

Pluguin

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Microsoft

  • install_file

    Pluguin.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Arquivo incompleto.

  • message_box_title

    Erro

  • password

    123

  • regkey_hkcu

    Avirnt

  • regkey_hklm

    Avgnt

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • Adds policy Run key to start application 2 TTPs 16 IoCs
    persistence
  • Executes dropped EXE 7 IoCs
  • Modifies Installed Components in the registry 2 TTPs 8 IoCs
    persistence
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 12 IoCs
  • Adds Run key to start application 2 TTPs 16 IoCs
    persistence
  • Drops file in System32 directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1412
      • C:\Users\Admin\AppData\Local\Temp\5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106.exe
        "C:\Users\Admin\AppData\Local\Temp\5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106.exe"
        2⤵
        • Adds policy Run key to start application
        • Modifies Installed Components in the registry
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:964
        • C:\Windows\SysWOW64\explorer.exe
          explorer.exe
          3⤵
          • Adds policy Run key to start application
          • Modifies Installed Components in the registry
          • Loads dropped DLL
          • Adds Run key to start application
          PID:1612
          • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
            "C:\Windows\system32\Microsoft\Pluguin.exe"
            4⤵
            • Adds policy Run key to start application
            • Executes dropped EXE
            • Modifies Installed Components in the registry
            • Adds Run key to start application
            • Drops file in System32 directory
            PID:1476
            • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
              "C:\Windows\SysWOW64\Microsoft\Pluguin.exe"
              5⤵
              • Executes dropped EXE
              PID:676
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 504
                6⤵
                • Loads dropped DLL
                • Program crash
                PID:1368
          • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
            "C:\Windows\system32\Microsoft\Pluguin.exe"
            4⤵
            • Executes dropped EXE
            PID:1956
        • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
          "C:\Windows\system32\Microsoft\Pluguin.exe"
          3⤵
          • Adds policy Run key to start application
          • Executes dropped EXE
          • Modifies Installed Components in the registry
          • Loads dropped DLL
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious use of FindShellTrayWindow
          PID:1740
          • C:\Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe
            "C:\Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe"
            4⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:1516
            • C:\Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe
              "C:\Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              PID:1968
              • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
                "C:\Windows\SysWOW64\Microsoft\Pluguin.exe"
                6⤵
                • Executes dropped EXE
                PID:1608

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Registry Run Keys / Startup Folder

    3
    T1060

    Privilege Escalation

    Defense Evasion

    Modify Registry

    3
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
      Filesize

      221KB

      MD5

      2c58e3513dc9febc651d44e345afabb4

      SHA1

      65531ad35cfbdbeb8555a1ce10139b4953c48e4d

      SHA256

      8555125d7f03d4d64c069bc2afa74b651a6e878d1245bb5cea7c38eaa16f3535

      SHA512

      b5a16876e22893324391f1f1ba672dc559d8a6192955ab6fe9c6e767cae0e4218cecc53105437c93a4e9ea4acac1ce537de712c891135c8b0b56fcf32e30c922

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
      Filesize

      221KB

      MD5

      dda45d55e01ddcc69f5aefdd7d8091e9

      SHA1

      e23d1a63c7fe5e6d37ef4929f1c751d0791e65f6

      SHA256

      b856b810bbc054547d12bfb67948bb0744fb11ffef3a107fbbb29f4788934546

      SHA512

      a052f6c07335a13100708bbe9ff61e485fa8abb629f8305e3cd940053ad8480ce2bdb8de9854cf867e0fc04c60fd80278d417c1a0a9570d128ecce625a4fb799

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
      Filesize

      221KB

      MD5

      2c58e3513dc9febc651d44e345afabb4

      SHA1

      65531ad35cfbdbeb8555a1ce10139b4953c48e4d

      SHA256

      8555125d7f03d4d64c069bc2afa74b651a6e878d1245bb5cea7c38eaa16f3535

      SHA512

      b5a16876e22893324391f1f1ba672dc559d8a6192955ab6fe9c6e767cae0e4218cecc53105437c93a4e9ea4acac1ce537de712c891135c8b0b56fcf32e30c922

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • C:\Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Users\Admin\AppData\Roaming\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • \Windows\SysWOW64\Microsoft\Pluguin.exe
      Filesize

      445KB

      MD5

      0ce08fd4c7c5add13722bb1e5bb4d781

      SHA1

      5a8eb705f97906d2cbda68d01b6627a8ac695278

      SHA256

      5d01d8b0d36d9be36ec82b72d05d46a248011549a600eb48fad92059d7993106

      SHA512

      0c667851c2e9d985979a24ed2f44afd8c6229b22636cd524ad61961f3fb672ca3fb46c882db4384c3dfce7663205ef9ba7cd85ac7f24ba3faf1c13d2d4b1289e

      Download Submit
    • memory/676-103-0x0000000000000000-mapping.dmp
      Download
    • memory/676-120-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/676-118-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/964-65-0x0000000024070000-0x00000000240D0000-memory.dmp
      Filesize

      384KB

      Download
    • memory/964-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/964-56-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1368-121-0x0000000000000000-mapping.dmp
      Download
    • memory/1412-59-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1476-86-0x0000000000000000-mapping.dmp
      Download
    • memory/1476-113-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1516-96-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1516-81-0x0000000000000000-mapping.dmp
      Download
    • memory/1608-126-0x0000000000000000-mapping.dmp
      Download
    • memory/1612-64-0x0000000074721000-0x0000000074723000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1612-119-0x0000000024070000-0x00000000240D0000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1612-62-0x0000000000000000-mapping.dmp
      Download
    • memory/1612-70-0x0000000024070000-0x00000000240D0000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1612-71-0x0000000024070000-0x00000000240D0000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1740-74-0x0000000000000000-mapping.dmp
      Download
    • memory/1956-109-0x0000000000000000-mapping.dmp
      Download
    • memory/1968-101-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1968-106-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download
    • memory/1968-92-0x0000000000000000-mapping.dmp
      Download
    • memory/1968-129-0x0000000024010000-0x0000000024070000-memory.dmp
      Filesize

      384KB

      Download