plugx | 59c99ff6fe40a2d811eeebd5c63f5ddf96107a890cd6c4b41821adbcf97f9204

Analysis

max time kernel
150s
max time network
147s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16-03-2023 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

图片20233155168jpg.cmd.exe
Size

602KB
MD5

50e0dc8b208f29699d895388d2441cc0
SHA1

be4376a162f4f1a00da2124645e55301e641c440
SHA256

59c99ff6fe40a2d811eeebd5c63f5ddf96107a890cd6c4b41821adbcf97f9204
SHA512

8c29774e16686417fe6a552dfecb9ce2ee8d138c916f7f13b78dd974a10847b68f6fbb2452ab6a579e621ef66a47dda16b4ff8cc6d6a96bfcb1eff27bef4e1aa
SSDEEP

12288:DGHCnaomAEg3uPdkgOX+tZdxJsq1al2NyCGtN/NazPT46om5vGq:DGHCm8uPdJFdzakYBNazxoq

Score

10^/10

plugx trojan

Malware Config

Signatures

Detects PlugX payload 23 IoCs

Processes:

resource	yara_rule
behavioral1/memory/756-77-0x0000000000220000-0x000000000024D000-memory.dmp	family_plugx
behavioral1/memory/756-78-0x0000000000220000-0x000000000024D000-memory.dmp	family_plugx
behavioral1/memory/788-97-0x00000000001B0000-0x00000000001DD000-memory.dmp	family_plugx
behavioral1/memory/1456-101-0x00000000008D0000-0x00000000008FD000-memory.dmp	family_plugx
behavioral1/memory/1448-106-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/1456-107-0x00000000008D0000-0x00000000008FD000-memory.dmp	family_plugx
behavioral1/memory/1448-108-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/1448-116-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/1448-117-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/1448-118-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/1448-119-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/788-121-0x00000000001B0000-0x00000000001DD000-memory.dmp	family_plugx
behavioral1/memory/1448-122-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/1448-123-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/1448-126-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/612-132-0x0000000000720000-0x000000000074D000-memory.dmp	family_plugx
behavioral1/memory/612-133-0x0000000000720000-0x000000000074D000-memory.dmp	family_plugx
behavioral1/memory/612-135-0x0000000000720000-0x000000000074D000-memory.dmp	family_plugx
behavioral1/memory/612-136-0x0000000000720000-0x000000000074D000-memory.dmp	family_plugx
behavioral1/memory/612-137-0x0000000000720000-0x000000000074D000-memory.dmp	family_plugx
behavioral1/memory/612-138-0x0000000000720000-0x000000000074D000-memory.dmp	family_plugx
behavioral1/memory/1448-139-0x00000000003F0000-0x000000000041D000-memory.dmp	family_plugx
behavioral1/memory/612-140-0x0000000000720000-0x000000000074D000-memory.dmp	family_plugx

PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
trojan plugx
Blocklisted process makes network request 2 IoCs

Processes:

msiexec.exe

flow pid process

1 1448 msiexec.exe
2 1448 msiexec.exe
Deletes itself 1 IoCs

Processes:

TraceIndexer.exe

pid process

756 TraceIndexer.exe
Executes dropped EXE 3 IoCs

Processes:

TraceIndexer.exeTraceIndexer.exeTraceIndexer.exe

pid process

756 TraceIndexer.exe
788 TraceIndexer.exe
1456 TraceIndexer.exe

flow	pid	process
1	1448	msiexec.exe
2	1448	msiexec.exe

Loads dropped DLL 7 IoCs

Processes:

图片20233155168jpg.cmd.exeTraceIndexer.exeTraceIndexer.exeTraceIndexer.exe

pid	process
1084	图片20233155168jpg.cmd.exe
1084	图片20233155168jpg.cmd.exe
1084	图片20233155168jpg.cmd.exe
1084	图片20233155168jpg.cmd.exe
756	TraceIndexer.exe
788	TraceIndexer.exe
1456	TraceIndexer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CENTRALPROCESSOR\0\~MHZ	msiexec.exe

Modifies registry class 2 IoCs

Processes:

msiexec.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\CLASSES\FAST	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\FAST\CLSID = 44003300390035003700420042003800320034003000410030003700310042000000	msiexec.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

msiexec.exemsiexec.exe

pid process

1448 msiexec.exe
612 msiexec.exe

pid	process
1448	msiexec.exe
612	msiexec.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

TraceIndexer.exeTraceIndexer.exemsiexec.exemsiexec.exe

pid	process
756	TraceIndexer.exe
756	TraceIndexer.exe
788	TraceIndexer.exe
1448	msiexec.exe
1448	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
1448	msiexec.exe
1448	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
1448	msiexec.exe
1448	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
1448	msiexec.exe
1448	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
1448	msiexec.exe
1448	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
1448	msiexec.exe
1448	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
1448	msiexec.exe
1448	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe
612	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msiexec.exe

pid process

612 msiexec.exe

pid	process
612	msiexec.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

TraceIndexer.exeTraceIndexer.exeTraceIndexer.exemsiexec.exemsiexec.exe

description	pid	process
Token: SeDebugPrivilege	756	TraceIndexer.exe
Token: SeTcbPrivilege	756	TraceIndexer.exe
Token: SeDebugPrivilege	788	TraceIndexer.exe
Token: SeTcbPrivilege	788	TraceIndexer.exe
Token: SeDebugPrivilege	1456	TraceIndexer.exe
Token: SeTcbPrivilege	1456	TraceIndexer.exe
Token: SeDebugPrivilege	1448	msiexec.exe
Token: SeTcbPrivilege	1448	msiexec.exe
Token: SeDebugPrivilege	612	msiexec.exe
Token: SeTcbPrivilege	612	msiexec.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

图片20233155168jpg.cmd.exeTraceIndexer.exemsiexec.exe

description	pid	process	target process
PID 1084 wrote to memory of 756	1084	图片20233155168jpg.cmd.exe	TraceIndexer.exe
PID 1084 wrote to memory of 756	1084	图片20233155168jpg.cmd.exe	TraceIndexer.exe
PID 1084 wrote to memory of 756	1084	图片20233155168jpg.cmd.exe	TraceIndexer.exe
PID 1084 wrote to memory of 756	1084	图片20233155168jpg.cmd.exe	TraceIndexer.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1456 wrote to memory of 1448	1456	TraceIndexer.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe
PID 1448 wrote to memory of 612	1448	msiexec.exe	msiexec.exe

C:\Users\Admin\AppData\Local\Temp\图片20233155168jpg.cmd.exe
"C:\Users\Admin\AppData\Local\Temp\图片20233155168jpg.cmd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1084

C:\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe"
2⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:756

C:\ProgramData\googleupdate\TraceIndexer.exe
"C:\ProgramData\googleupdate\TraceIndexer.exe" 100 756
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:788

C:\ProgramData\googleupdate\TraceIndexer.exe
"C:\ProgramData\googleupdate\TraceIndexer.exe" 200 0
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1456

C:\Windows\SysWOW64\msiexec.exe
C:\Windows\system32\msiexec.exe 201 0
2⤵
- Blocklisted process makes network request
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1448

C:\Windows\SysWOW64\msiexec.exe
C:\Windows\system32\msiexec.exe 209 1448
3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\googleupdate\ATKEX.dll
Filesize
33KB

MD5
ae8091b6a252a2c34033eaac7e1001d6

SHA1
f2de8d84d51a1cbb9f0100f94361c13a341f7163

SHA256
ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542

SHA512
616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed

Download Submit
C:\ProgramData\googleupdate\ATKEX.dll
Filesize
33KB

MD5
ae8091b6a252a2c34033eaac7e1001d6

SHA1
f2de8d84d51a1cbb9f0100f94361c13a341f7163

SHA256
ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542

SHA512
616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed

Download Submit
C:\ProgramData\googleupdate\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
C:\ProgramData\googleupdate\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
C:\ProgramData\googleupdate\debug.dump
Filesize
113KB

MD5
96237e8adaff3cb27fc02b5cc2a817b7

SHA1
6c5a43e26a30b401e5657c56eb8a0fbfe9916859

SHA256
ab112d5d3b66116293eb4205fdf778d34f90b1e27b020c2cad65e551d16b483f

SHA512
b53346c08e45d75bbae5ef863c5ecc4a340073a9c550122792fd407708534201a7aefd2366b9c825bdff6ed105953371729bf0903a8152093403165ff9098c8c

Download Submit
C:\ProgramData\googleupdate\debug.dump
Filesize
113KB

MD5
96237e8adaff3cb27fc02b5cc2a817b7

SHA1
6c5a43e26a30b401e5657c56eb8a0fbfe9916859

SHA256
ab112d5d3b66116293eb4205fdf778d34f90b1e27b020c2cad65e551d16b483f

SHA512
b53346c08e45d75bbae5ef863c5ecc4a340073a9c550122792fd407708534201a7aefd2366b9c825bdff6ed105953371729bf0903a8152093403165ff9098c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ATKEX.dll
Filesize
33KB

MD5
ae8091b6a252a2c34033eaac7e1001d6

SHA1
f2de8d84d51a1cbb9f0100f94361c13a341f7163

SHA256
ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542

SHA512
616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\debug.dump
Filesize
113KB

MD5
96237e8adaff3cb27fc02b5cc2a817b7

SHA1
6c5a43e26a30b401e5657c56eb8a0fbfe9916859

SHA256
ab112d5d3b66116293eb4205fdf778d34f90b1e27b020c2cad65e551d16b483f

SHA512
b53346c08e45d75bbae5ef863c5ecc4a340073a9c550122792fd407708534201a7aefd2366b9c825bdff6ed105953371729bf0903a8152093403165ff9098c8c

Download Submit
\ProgramData\googleupdate\ATKEX.dll
Filesize
33KB

MD5
ae8091b6a252a2c34033eaac7e1001d6

SHA1
f2de8d84d51a1cbb9f0100f94361c13a341f7163

SHA256
ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542

SHA512
616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed

Download Submit
\ProgramData\googleupdate\ATKEX.dll
Filesize
33KB

MD5
ae8091b6a252a2c34033eaac7e1001d6

SHA1
f2de8d84d51a1cbb9f0100f94361c13a341f7163

SHA256
ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542

SHA512
616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ATKEX.dll
Filesize
33KB

MD5
ae8091b6a252a2c34033eaac7e1001d6

SHA1
f2de8d84d51a1cbb9f0100f94361c13a341f7163

SHA256
ff6557980fac2ca2905eab34746eab8dde4aca4f8870e6c21a0d472969885542

SHA512
616c4880a638b2a3ac7c55f475e27f187e21a87d0cbfd4c244a09792c1ef79692db06d92236d6aab3f31c42922af897165dde1a2741de63ae686cced5277c8ed

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\TraceIndexer.exe
Filesize
457KB

MD5
07321f91bad9653b4fa737e5c993de90

SHA1
9b0e7f445739825816e970205fe92adf7d3e1fc8

SHA256
c81b31f8986cc40ff2d31c3bafd7abdf275826ccb5859eba8d927144e38bc7f3

SHA512
c065581716ac8158f657c231a48a8eff2eb215a008ca1d76215a17313b99888d9d14ccb73782d810cedaf5e8acc671deca28a9e2875a5668a03ece0e2cd8f5b6

Download Submit
memory/612-136-0x0000000000720000-0x000000000074D000-memory.dmp

Filesize
180KB

Download
memory/612-140-0x0000000000720000-0x000000000074D000-memory.dmp

Filesize
180KB

Download
memory/612-138-0x0000000000720000-0x000000000074D000-memory.dmp

Filesize
180KB

Download
memory/612-137-0x0000000000720000-0x000000000074D000-memory.dmp

Filesize
180KB

Download
memory/612-135-0x0000000000720000-0x000000000074D000-memory.dmp

Filesize
180KB

Download
memory/612-134-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/612-133-0x0000000000720000-0x000000000074D000-memory.dmp

Filesize
180KB

Download
memory/612-132-0x0000000000720000-0x000000000074D000-memory.dmp

Filesize
180KB

Download
memory/756-78-0x0000000000220000-0x000000000024D000-memory.dmp

Filesize
180KB

Download
memory/756-77-0x0000000000220000-0x000000000024D000-memory.dmp

Filesize
180KB

Download
memory/756-76-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/788-97-0x00000000001B0000-0x00000000001DD000-memory.dmp

Filesize
180KB

Download
memory/788-121-0x00000000001B0000-0x00000000001DD000-memory.dmp

Filesize
180KB

Download
memory/1448-119-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-115-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1448-117-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-116-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-122-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-123-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-126-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-118-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-108-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-139-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-106-0x00000000003F0000-0x000000000041D000-memory.dmp

Filesize
180KB

Download
memory/1448-105-0x00000000000D0000-0x00000000000D2000-memory.dmp

Filesize
8KB

Download
memory/1448-104-0x00000000000B0000-0x00000000000CB000-memory.dmp

Filesize
108KB

Download
memory/1448-102-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1456-107-0x00000000008D0000-0x00000000008FD000-memory.dmp

Filesize
180KB

Download
memory/1456-101-0x00000000008D0000-0x00000000008FD000-memory.dmp

Filesize
180KB

Download