plugx | 5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2023 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
Size

484KB
MD5

709303e2cf9511139fbb950538bac769
SHA1

56653a3433982b35f5c2506adaf4412dd4f34925
SHA256

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6
SHA512

8e8243a6d6c8a703bdab7e2c2a3d6439de6ae72fc3de1ba9f90a8081143c81220c8ec01b36d02eb86fb5f04334bc5d5b1080b504f70a3cf72f766c5d4079d136
SSDEEP

12288:DGHCnaomAEg3uPdkgOX+tZdxRvPlrbKu+E1Kur1tsPTtEn:DGHCm8uPdJFd7PBbKutvr1ts7o

Score

10^/10

plugx trojan

Malware Config

Signatures

Detects PlugX payload 23 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3432-156-0x00000000020A0000-0x00000000020DC000-memory.dmp	family_plugx
behavioral2/memory/3432-169-0x00000000020A0000-0x00000000020DC000-memory.dmp	family_plugx
behavioral2/memory/4204-176-0x0000000001FD0000-0x000000000200C000-memory.dmp	family_plugx
behavioral2/memory/4400-180-0x0000000000E90000-0x0000000000ECC000-memory.dmp	family_plugx
behavioral2/memory/3452-181-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3452-183-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/4400-182-0x0000000000E90000-0x0000000000ECC000-memory.dmp	family_plugx
behavioral2/memory/3452-191-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3452-192-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3452-194-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3452-193-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3452-195-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3452-196-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3452-199-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/4204-200-0x0000000001FD0000-0x000000000200C000-memory.dmp	family_plugx
behavioral2/memory/3452-201-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3796-203-0x0000000001240000-0x000000000127C000-memory.dmp	family_plugx
behavioral2/memory/3796-205-0x0000000001240000-0x000000000127C000-memory.dmp	family_plugx
behavioral2/memory/3796-207-0x0000000001240000-0x000000000127C000-memory.dmp	family_plugx
behavioral2/memory/3796-206-0x0000000001240000-0x000000000127C000-memory.dmp	family_plugx
behavioral2/memory/3796-209-0x0000000001240000-0x000000000127C000-memory.dmp	family_plugx
behavioral2/memory/3452-210-0x0000000001300000-0x000000000133C000-memory.dmp	family_plugx
behavioral2/memory/3796-212-0x0000000001240000-0x000000000127C000-memory.dmp	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe

Executes dropped EXE 3 IoCs

Processes:

esetservice.exeesetservice.exeesetservice.exe

pid process

3432 esetservice.exe
4204 esetservice.exe
4400 esetservice.exe
Loads dropped DLL 3 IoCs

Processes:

esetservice.exeesetservice.exeesetservice.exe

pid process

3432 esetservice.exe
4204 esetservice.exe
4400 esetservice.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
3432	esetservice.exe
4204	esetservice.exe
4400	esetservice.exe

pid	process
3432	esetservice.exe
4204	esetservice.exe
4400	esetservice.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

runonce.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHZ	runonce.exe

Modifies registry class 2 IoCs

Processes:

runonce.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\CLASSES\FASU	runonce.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\FASU\CLSID = 38003700370042004600390037003200350032003800360037003600330042000000	runonce.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

runonce.exemsiexec.exe

pid	process
3452	runonce.exe
3452	runonce.exe
3452	runonce.exe
3452	runonce.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3452	runonce.exe
3452	runonce.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3452	runonce.exe
3452	runonce.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3452	runonce.exe
3452	runonce.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3452	runonce.exe
3452	runonce.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3796	msiexec.exe
3452	runonce.exe
3452	runonce.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

runonce.exemsiexec.exe

pid process

3452 runonce.exe
3796 msiexec.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

esetservice.exeesetservice.exeesetservice.exerunonce.exemsiexec.exe

description	pid	process
Token: SeDebugPrivilege	3432	esetservice.exe
Token: SeTcbPrivilege	3432	esetservice.exe
Token: SeDebugPrivilege	4204	esetservice.exe
Token: SeTcbPrivilege	4204	esetservice.exe
Token: SeDebugPrivilege	4400	esetservice.exe
Token: SeTcbPrivilege	4400	esetservice.exe
Token: SeDebugPrivilege	3452	runonce.exe
Token: SeTcbPrivilege	3452	runonce.exe
Token: SeDebugPrivilege	3796	msiexec.exe
Token: SeTcbPrivilege	3796	msiexec.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exeesetservice.exerunonce.exe

description	pid	process	target process
PID 5104 wrote to memory of 3432	5104	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe	esetservice.exe
PID 5104 wrote to memory of 3432	5104	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe	esetservice.exe
PID 5104 wrote to memory of 3432	5104	5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe	esetservice.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 4400 wrote to memory of 3452	4400	esetservice.exe	runonce.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe
PID 3452 wrote to memory of 3796	3452	runonce.exe	msiexec.exe

C:\Users\Admin\AppData\Local\Temp\5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe
"C:\Users\Admin\AppData\Local\Temp\5307dac6f70b86c669c46741e5953a13db6920542fd81ce37650971511367ee6.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Users\Public\Downloads\esetservice.exe
  "C:\Users\Public\Downloads\esetservice.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3432

C:\ProgramData\Windows NT\Windows eset service\esetservice.exe
"C:\ProgramData\\Windows NT\\Windows eset service\esetservice.exe" 100 3432
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4204

C:\ProgramData\Windows NT\Windows eset service\esetservice.exe
"C:\ProgramData\Windows NT\Windows eset service\esetservice.exe" 200 0
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Windows\SysWOW64\runonce.exe
  C:\Windows\system32\runonce.exe 201 0
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3452
- - C:\Windows\SysWOW64\msiexec.exe
    C:\Windows\system32\msiexec.exe 209 3452
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    PID:3796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Windows NT\Windows eset service\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\ProgramData\Windows NT\Windows eset service\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\ProgramData\Windows NT\Windows eset service\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\ProgramData\Windows NT\Windows eset service\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\ProgramData\Windows NT\Windows eset service\lang.dat

Filesize
141KB

MD5
d973223b0329118de57055177d78817b

SHA1
953a3d81eaacf9cd3a4c0e2708ae33f12fb352ad

SHA256
edfb699cbf082db13c59fe2695c64287baa46e96721c8a82eba04d718778091e

SHA512
eead4c06792c825f21b5b0f99a95ed2c9be9e572e6f49ba00660bf756fb59beb96cc1cd5f3444b48b218bbf9e1f2fd549a36b9ab35e26c160b3675ac95db0bf5

Download Submit
C:\ProgramData\Windows NT\Windows eset service\lang.dat

Filesize
141KB

MD5
d973223b0329118de57055177d78817b

SHA1
953a3d81eaacf9cd3a4c0e2708ae33f12fb352ad

SHA256
edfb699cbf082db13c59fe2695c64287baa46e96721c8a82eba04d718778091e

SHA512
eead4c06792c825f21b5b0f99a95ed2c9be9e572e6f49ba00660bf756fb59beb96cc1cd5f3444b48b218bbf9e1f2fd549a36b9ab35e26c160b3675ac95db0bf5

Download Submit
C:\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\Users\Public\Downloads\esetservice.exe

Filesize
32KB

MD5
68d91a34ce51cf15c45dd68f7f1257e8

SHA1
5d076537f56ee7389410698d700cc4fd7d736453

SHA256
81698c9d6e69506637208ca564b14b7febbfe4efbc574c490332a985adcbb12d

SHA512
e4cec6a713537d51451752c06e69e98b8053c3d50a5628e30adc770a883e946573757b4e10689a3e40023a19f5ed2f9d4890d07ced71726d1c984bf9130bcb65

Download Submit
C:\Users\Public\Downloads\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\Users\Public\Downloads\http_dll.dll

Filesize
45KB

MD5
d1a06b95c1d7ceaa4dc4c8b85367d673

SHA1
766b56f2a91581a20d4e8c3b311007dac3c09177

SHA256
b700a48ba312c1b9deeac9fcf57ed426e79c8466327f1a4f5b1b057f2ca908e8

SHA512
6d7f1f3be71316afe7d10b1e474d3e599353411f70d79182f013f6e653fa9a1d7ff81070c639ff55486eaad4da9de8bc6005c80b31b29fbf3211047c163d14fa

Download Submit
C:\Users\Public\Downloads\lang.dat

Filesize
141KB

MD5
d973223b0329118de57055177d78817b

SHA1
953a3d81eaacf9cd3a4c0e2708ae33f12fb352ad

SHA256
edfb699cbf082db13c59fe2695c64287baa46e96721c8a82eba04d718778091e

SHA512
eead4c06792c825f21b5b0f99a95ed2c9be9e572e6f49ba00660bf756fb59beb96cc1cd5f3444b48b218bbf9e1f2fd549a36b9ab35e26c160b3675ac95db0bf5

Download Submit
memory/3432-156-0x00000000020A0000-0x00000000020DC000-memory.dmp

Filesize
240KB

Download
memory/3432-169-0x00000000020A0000-0x00000000020DC000-memory.dmp

Filesize
240KB

Download
memory/3432-155-0x00000000021A0000-0x00000000022A0000-memory.dmp

Filesize
1024KB

Download
memory/3452-181-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-199-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-210-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-183-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-201-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-190-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/3452-191-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-192-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-194-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-193-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-195-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3452-196-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3796-206-0x0000000001240000-0x000000000127C000-memory.dmp

Filesize
240KB

Download
memory/3796-203-0x0000000001240000-0x000000000127C000-memory.dmp

Filesize
240KB

Download
memory/3796-205-0x0000000001240000-0x000000000127C000-memory.dmp

Filesize
240KB

Download
memory/3796-204-0x0000000001050000-0x0000000001051000-memory.dmp

Filesize
4KB

Download
memory/3796-207-0x0000000001240000-0x000000000127C000-memory.dmp

Filesize
240KB

Download
memory/3796-208-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3796-209-0x0000000001240000-0x000000000127C000-memory.dmp

Filesize
240KB

Download
memory/3796-211-0x0000000001300000-0x000000000133C000-memory.dmp

Filesize
240KB

Download
memory/3796-212-0x0000000001240000-0x000000000127C000-memory.dmp

Filesize
240KB

Download
memory/4204-200-0x0000000001FD0000-0x000000000200C000-memory.dmp

Filesize
240KB

Download
memory/4204-176-0x0000000001FD0000-0x000000000200C000-memory.dmp

Filesize
240KB

Download
memory/4400-182-0x0000000000E90000-0x0000000000ECC000-memory.dmp

Filesize
240KB

Download
memory/4400-180-0x0000000000E90000-0x0000000000ECC000-memory.dmp

Filesize
240KB

Download