plugx | 5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-02-2023 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
Size

484KB
MD5

709303e2cf9511139fbb950538bac769
SHA1

56653a3433982b35f5c2506adaf4412dd4f34925
SHA256

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6
SHA512

8e8243a6d6c8a703bdab7e2c2a3d6439de6ae72fc3de1ba9f90a8081143c81220c8ec01b36d02eb86fb5f04334bc5d5b1080b504f70a3cf72f766c5d4079d136
SSDEEP

12288:DGHCnaomAEg3uPdkgOX+tZdxRvPlrbKu+E1Kur1tsPTtEn:DGHCm8uPdJFd7PBbKutvr1ts7o

Score

10^/10

plugx trojan

Malware Config

Signatures

Detects PlugX payload 22 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1320-80-0x00000000003C0000-0x00000000003FC000-memory.dmp	family_plugx
behavioral1/memory/1536-99-0x00000000007E0000-0x000000000081C000-memory.dmp	family_plugx
behavioral1/memory/1320-100-0x00000000003C0000-0x00000000003FC000-memory.dmp	family_plugx
behavioral1/memory/1536-101-0x00000000007E0000-0x000000000081C000-memory.dmp	family_plugx
behavioral1/memory/824-105-0x0000000000450000-0x000000000048C000-memory.dmp	family_plugx
behavioral1/memory/1628-110-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1628-112-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/824-111-0x0000000000450000-0x000000000048C000-memory.dmp	family_plugx
behavioral1/memory/1628-120-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1628-121-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1628-122-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1628-123-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1628-124-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1628-125-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1628-129-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/1536-130-0x00000000007E0000-0x000000000081C000-memory.dmp	family_plugx
behavioral1/memory/2028-135-0x0000000000400000-0x000000000043C000-memory.dmp	family_plugx
behavioral1/memory/2028-139-0x0000000000400000-0x000000000043C000-memory.dmp	family_plugx
behavioral1/memory/2028-137-0x0000000000400000-0x000000000043C000-memory.dmp	family_plugx
behavioral1/memory/2028-140-0x0000000000400000-0x000000000043C000-memory.dmp	family_plugx
behavioral1/memory/1628-141-0x0000000001BA0000-0x0000000001BDC000-memory.dmp	family_plugx
behavioral1/memory/2028-142-0x0000000000400000-0x000000000043C000-memory.dmp	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx
Executes dropped EXE 3 IoCs

Processes:

esetservice.exeesetservice.exeesetservice.exe

pid process

1320 esetservice.exe
1536 esetservice.exe
824 esetservice.exe

pid	process
1320	esetservice.exe
1536	esetservice.exe
824	esetservice.exe

Loads dropped DLL 8 IoCs

Processes:

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exeesetservice.exeesetservice.exeesetservice.exe

pid	process
1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
1320	esetservice.exe
1536	esetservice.exe
824	esetservice.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

runonce.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CENTRALPROCESSOR\0\~MHZ	runonce.exe

Modifies registry class 2 IoCs

Processes:

runonce.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\CLASSES\FASU	runonce.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\FASU\CLSID = 32004400320041003300440039003800360032003100460031004200330046000000	runonce.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

runonce.exemsiexec.exe

pid	process
1628	runonce.exe
1628	runonce.exe
1628	runonce.exe
1628	runonce.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
1628	runonce.exe
1628	runonce.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
1628	runonce.exe
1628	runonce.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
1628	runonce.exe
1628	runonce.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
1628	runonce.exe
1628	runonce.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
1628	runonce.exe
1628	runonce.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
1628	runonce.exe
2028	msiexec.exe
1628	runonce.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msiexec.exe

pid process

2028 msiexec.exe

pid	process
2028	msiexec.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

esetservice.exeesetservice.exeesetservice.exerunonce.exemsiexec.exe

description	pid	process
Token: SeDebugPrivilege	1320	esetservice.exe
Token: SeTcbPrivilege	1320	esetservice.exe
Token: SeDebugPrivilege	1536	esetservice.exe
Token: SeTcbPrivilege	1536	esetservice.exe
Token: SeDebugPrivilege	824	esetservice.exe
Token: SeTcbPrivilege	824	esetservice.exe
Token: SeDebugPrivilege	1628	runonce.exe
Token: SeTcbPrivilege	1628	runonce.exe
Token: SeDebugPrivilege	2028	msiexec.exe
Token: SeTcbPrivilege	2028	msiexec.exe

Suspicious use of WriteProcessMemory 25 IoCs

Processes:

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exeesetservice.exerunonce.exe

description	pid	process	target process
PID 1236 wrote to memory of 1320	1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe	esetservice.exe
PID 1236 wrote to memory of 1320	1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe	esetservice.exe
PID 1236 wrote to memory of 1320	1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe	esetservice.exe
PID 1236 wrote to memory of 1320	1236	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe	esetservice.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 824 wrote to memory of 1628	824	esetservice.exe	runonce.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe
PID 1628 wrote to memory of 2028	1628	runonce.exe	msiexec.exe

C:\Users\Admin\AppData\Local\Temp\5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
"C:\Users\Admin\AppData\Local\Temp\5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Users\Public\Downloads\esetservice.exe
  "C:\Users\Public\Downloads\esetservice.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1320

C:\ProgramData\Windows NT\Windows eset service\esetservice.exe
"C:\ProgramData\\Windows NT\\Windows eset service\esetservice.exe" 100 1320
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1536

C:\ProgramData\Windows NT\Windows eset service\esetservice.exe
"C:\ProgramData\Windows NT\Windows eset service\esetservice.exe" 200 0
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:824
- C:\Windows\SysWOW64\runonce.exe
  C:\Windows\system32\runonce.exe 201 0
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Windows\SysWOW64\msiexec.exe
    C:\Windows\system32\msiexec.exe 209 1628
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Windows NT\Windows eset service\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\ProgramData\Windows NT\Windows eset service\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\ProgramData\Windows NT\Windows eset service\lang.dat

Filesize
141KB

MD5
d973223b0329118de57055177d78817b

SHA1
953a3d81eaacf9cd3a4c0e2708ae33f12fb352ad

SHA256
edfb699cbf082db13c59fe2695c64287baa46e96721c8a82eba04d718778091e

SHA512
eead4c06792c825f21b5b0f99a95ed2c9be9e572e6f49ba00660bf756fb59beb96cc1cd5f3444b48b218bbf9e1f2fd549a36b9ab35e26c160b3675ac95db0bf5

Download Submit
C:\ProgramData\Windows NT\Windows eset service\lang.dat

Filesize
141KB

MD5
d973223b0329118de57055177d78817b

SHA1
953a3d81eaacf9cd3a4c0e2708ae33f12fb352ad

SHA256
edfb699cbf082db13c59fe2695c64287baa46e96721c8a82eba04d718778091e

SHA512
eead4c06792c825f21b5b0f99a95ed2c9be9e572e6f49ba00660bf756fb59beb96cc1cd5f3444b48b218bbf9e1f2fd549a36b9ab35e26c160b3675ac95db0bf5

Download Submit
C:\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\Users\Public\Downloads\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\Users\Public\Downloads\lang.dat

Filesize
141KB

MD5
d973223b0329118de57055177d78817b

SHA1
953a3d81eaacf9cd3a4c0e2708ae33f12fb352ad

SHA256
edfb699cbf082db13c59fe2695c64287baa46e96721c8a82eba04d718778091e

SHA512
eead4c06792c825f21b5b0f99a95ed2c9be9e572e6f49ba00660bf756fb59beb96cc1cd5f3444b48b218bbf9e1f2fd549a36b9ab35e26c160b3675ac95db0bf5

Download Submit
\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
\Users\Public\Downloads\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
memory/824-111-0x0000000000450000-0x000000000048C000-memory.dmp

Filesize
240KB

Download
memory/824-105-0x0000000000450000-0x000000000048C000-memory.dmp

Filesize
240KB

Download
memory/1320-80-0x00000000003C0000-0x00000000003FC000-memory.dmp

Filesize
240KB

Download
memory/1320-79-0x0000000001CF0000-0x0000000001DF0000-memory.dmp

Filesize
1024KB

Download
memory/1320-100-0x00000000003C0000-0x00000000003FC000-memory.dmp

Filesize
240KB

Download
memory/1536-99-0x00000000007E0000-0x000000000081C000-memory.dmp

Filesize
240KB

Download
memory/1536-130-0x00000000007E0000-0x000000000081C000-memory.dmp

Filesize
240KB

Download
memory/1536-101-0x00000000007E0000-0x000000000081C000-memory.dmp

Filesize
240KB

Download
memory/1628-122-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-124-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-112-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-109-0x00000000000D0000-0x00000000000D2000-memory.dmp

Filesize
8KB

Download
memory/1628-119-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/1628-120-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-121-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-108-0x00000000000A0000-0x00000000000C2000-memory.dmp

Filesize
136KB

Download
memory/1628-123-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-110-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-125-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-129-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/1628-106-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/1628-141-0x0000000001BA0000-0x0000000001BDC000-memory.dmp

Filesize
240KB

Download
memory/2028-136-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2028-139-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2028-137-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2028-140-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2028-135-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2028-142-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download