Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

f4b3b7bbb1...d3.exe

windows7-x64

10

f4b3b7bbb1...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3.exe

  • Size

    284KB

  • MD5

    971142f4e5dd21bba14beab50a8325d0

  • SHA1

    c853ec77f626109a56118ae1b1d029d5105a1b90

  • SHA256

    f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3

  • SHA512

    c5dd87738b1957a602793f7602552f573e73f2d2811729e1c69e5b7a2d2821e72816bca80c6fe8941e5cbd884f8013bf006beaf6cedb5aa7368a8876f49007f8

  • SSDEEP

    6144:ak4qmNLtDfU3Ny5zEVwM4HCvVUAb2bKQ7kTpYdDh8:F9CfIN0tMXV4KC

Score
10/10
cybergateöííépersistencestealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

tebib1984.no-ip.biz:288

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_file

    Win_Xp.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Please try again later.

  • message_box_title

    Error

  • password

    123456

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • UPX packed file 30 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
      PID:680
    • C:\Windows\system32\winlogon.exe
      winlogon.exe
      1⤵
        PID:624
        • C:\Windows\system32\fontdrvhost.exe
          "fontdrvhost.exe"
          2⤵
            PID:804
          • C:\Windows\system32\dwm.exe
            "dwm.exe"
            2⤵
              PID:60
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
            1⤵
              PID:960
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
              1⤵
                PID:664
              • C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                1⤵
                  PID:876
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                  1⤵
                    PID:1200
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                    1⤵
                      PID:1432
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                      1⤵
                        PID:1876
                      • C:\Windows\System32\spoolsv.exe
                        C:\Windows\System32\spoolsv.exe
                        1⤵
                          PID:1892
                        • C:\Windows\System32\svchost.exe
                          C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                          1⤵
                            PID:2184
                          • C:\Windows\System32\svchost.exe
                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                            1⤵
                              PID:2516
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                              1⤵
                                PID:2524
                              • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                1⤵
                                  PID:2592
                                • C:\Windows\System32\RuntimeBroker.exe
                                  C:\Windows\System32\RuntimeBroker.exe -Embedding
                                  1⤵
                                    PID:3464
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                    1⤵
                                      PID:3200
                                    • C:\Windows\System32\RuntimeBroker.exe
                                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                                      1⤵
                                        PID:776
                                      • C:\Windows\system32\SppExtComObj.exe
                                        C:\Windows\system32\SppExtComObj.exe -Embedding
                                        1⤵
                                          PID:4584
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k LocalService -s W32Time
                                          1⤵
                                            PID:1280
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                            1⤵
                                              PID:1916
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                              1⤵
                                                PID:1932
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k netsvcs -p
                                                1⤵
                                                  PID:1460
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                  1⤵
                                                    PID:4532
                                                  • C:\Windows\System32\svchost.exe
                                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                    1⤵
                                                      PID:4680
                                                    • C:\Windows\System32\RuntimeBroker.exe
                                                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                      1⤵
                                                        PID:4800
                                                      • C:\Windows\system32\DllHost.exe
                                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                        1⤵
                                                          PID:2816
                                                        • C:\Windows\System32\RuntimeBroker.exe
                                                          C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                          1⤵
                                                            PID:3780
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3548
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:3400
                                                              • C:\Windows\system32\DllHost.exe
                                                                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                1⤵
                                                                  PID:3308
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                  1⤵
                                                                    PID:3092
                                                                  • C:\Windows\Explorer.EXE
                                                                    C:\Windows\Explorer.EXE
                                                                    1⤵
                                                                      PID:760
                                                                      • C:\Users\Admin\AppData\Local\Temp\f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3.exe"
                                                                        2⤵
                                                                        • Modifies Installed Components in the registry
                                                                        • Drops file in System32 directory
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of FindShellTrayWindow
                                                                        • Suspicious use of WriteProcessMemory
                                                                        PID:2888
                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                          explorer.exe
                                                                          3⤵
                                                                          • Drops file in System32 directory
                                                                          • Modifies registry class
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4564
                                                                          • C:\windows\SysWOW64\microsoft\Win_Xp.exe
                                                                            "C:\windows\system32\microsoft\Win_Xp.exe"
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            PID:872
                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 564
                                                                              5⤵
                                                                              • Program crash
                                                                              PID:312
                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 624
                                                                                6⤵
                                                                                • Program crash
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:3564
                                                                        • C:\Users\Admin\AppData\Local\Temp\f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3.exe
                                                                          "C:\Users\Admin\AppData\Local\Temp\f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3.exe"
                                                                          3⤵
                                                                          • Modifies Installed Components in the registry
                                                                          PID:3968
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                      1⤵
                                                                        PID:2668
                                                                      • C:\Windows\system32\taskhostw.exe
                                                                        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                                                                        1⤵
                                                                          PID:2580
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                          1⤵
                                                                            PID:2540
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                            1⤵
                                                                              PID:2532
                                                                            • C:\Windows\system32\svchost.exe
                                                                              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                              1⤵
                                                                                PID:2380
                                                                              • C:\Windows\system32\svchost.exe
                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                                1⤵
                                                                                  PID:2368
                                                                                • C:\Windows\system32\sihost.exe
                                                                                  sihost.exe
                                                                                  1⤵
                                                                                    PID:2300
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                                    1⤵
                                                                                      PID:2284
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
                                                                                      1⤵
                                                                                        PID:2120
                                                                                      • C:\Windows\System32\svchost.exe
                                                                                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                                        1⤵
                                                                                          PID:1444
                                                                                        • C:\Windows\System32\svchost.exe
                                                                                          C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                                                          1⤵
                                                                                            PID:2008
                                                                                          • C:\Windows\system32\svchost.exe
                                                                                            C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                                                            1⤵
                                                                                              PID:1940
                                                                                            • C:\Windows\System32\svchost.exe
                                                                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                              1⤵
                                                                                                PID:1908
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                                                                1⤵
                                                                                                  PID:1900
                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                                  1⤵
                                                                                                    PID:1760
                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                    C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                                                                                    1⤵
                                                                                                      PID:1680
                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                      C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
                                                                                                      1⤵
                                                                                                        PID:1652
                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                                                                                        1⤵
                                                                                                          PID:1632
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                                                                          1⤵
                                                                                                            PID:1588
                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                                                                            1⤵
                                                                                                              PID:1524
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                                                                              1⤵
                                                                                                                PID:1416
                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                                                                                1⤵
                                                                                                                  PID:1396
                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                                                                                  1⤵
                                                                                                                    PID:1344
                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                                                                                    1⤵
                                                                                                                      PID:1244
                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                      C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                                                                                                                      1⤵
                                                                                                                        PID:1236
                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                                                                                                        1⤵
                                                                                                                          PID:1160
                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                                                                                          1⤵
                                                                                                                            PID:1056
                                                                                                                          • C:\Windows\System32\svchost.exe
                                                                                                                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                                            1⤵
                                                                                                                              PID:1044
                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                                                                                                              1⤵
                                                                                                                                PID:444
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k RPCSS -p
                                                                                                                                1⤵
                                                                                                                                  PID:912
                                                                                                                                • C:\Windows\system32\fontdrvhost.exe
                                                                                                                                  "fontdrvhost.exe"
                                                                                                                                  1⤵
                                                                                                                                    PID:800
                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                    C:\Windows\system32\svchost.exe -k DcomLaunch -p
                                                                                                                                    1⤵
                                                                                                                                      PID:788
                                                                                                                                      • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                                                        C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                        2⤵
                                                                                                                                          PID:3140
                                                                                                                                        • C:\Windows\System32\mousocoreworker.exe
                                                                                                                                          C:\Windows\System32\mousocoreworker.exe -Embedding
                                                                                                                                          2⤵
                                                                                                                                            PID:1744
                                                                                                                                        • C:\Windows\System32\svchost.exe
                                                                                                                                          C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                          1⤵
                                                                                                                                            PID:488
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 872 -ip 872
                                                                                                                                              2⤵
                                                                                                                                              • Suspicious use of NtCreateProcessExOtherParentProcess
                                                                                                                                              PID:4956
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 312 -ip 312
                                                                                                                                              2⤵
                                                                                                                                                PID:748
                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3564 -ip 3564
                                                                                                                                                2⤵
                                                                                                                                                  PID:1480
                                                                                                                                              • C:\Windows\System32\Conhost.exe
                                                                                                                                                \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                1⤵
                                                                                                                                                  PID:1104
                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
                                                                                                                                                  1⤵
                                                                                                                                                    PID:2660
                                                                                                                                                  • C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                                                    C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                                                    1⤵
                                                                                                                                                      PID:2824
                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
                                                                                                                                                      1⤵
                                                                                                                                                        PID:4252

                                                                                                                                                      Network

                                                                                                                                                      MITRE ATT&CK Enterprise v6

                                                                                                                                                      Replay Monitor

                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                      Downloads

                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
                                                                                                                                                        Filesize

                                                                                                                                                        240KB

                                                                                                                                                        MD5

                                                                                                                                                        a0b35ea56bffbdce3b73023ee432d11a

                                                                                                                                                        SHA1

                                                                                                                                                        2ae46f988d489e5ce40194be20ddd63377014e3b

                                                                                                                                                        SHA256

                                                                                                                                                        63723bf41e62be10d779690b2214b442ef8c4adb1c5e1ca4608f802e835f7275

                                                                                                                                                        SHA512

                                                                                                                                                        82b5a6ecdc76244c53df1059a3b82e98ad874a44c1b5927ddd24a834e5b0430ce67138ebaa1e40304e83f2ddcc6303da2cb9595a4eee70117bd0a0fa4a26ff70

                                                                                                                                                        Download Submit

                                                                                                                                                      • C:\Windows\SysWOW64\microsoft\Win_Xp.exe
                                                                                                                                                        Filesize

                                                                                                                                                        284KB

                                                                                                                                                        MD5

                                                                                                                                                        971142f4e5dd21bba14beab50a8325d0

                                                                                                                                                        SHA1

                                                                                                                                                        c853ec77f626109a56118ae1b1d029d5105a1b90

                                                                                                                                                        SHA256

                                                                                                                                                        f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3

                                                                                                                                                        SHA512

                                                                                                                                                        c5dd87738b1957a602793f7602552f573e73f2d2811729e1c69e5b7a2d2821e72816bca80c6fe8941e5cbd884f8013bf006beaf6cedb5aa7368a8876f49007f8

                                                                                                                                                        Download Submit

                                                                                                                                                      • \??\c:\windows\SysWOW64\microsoft\Win_Xp.exe
                                                                                                                                                        Filesize

                                                                                                                                                        284KB

                                                                                                                                                        MD5

                                                                                                                                                        971142f4e5dd21bba14beab50a8325d0

                                                                                                                                                        SHA1

                                                                                                                                                        c853ec77f626109a56118ae1b1d029d5105a1b90

                                                                                                                                                        SHA256

                                                                                                                                                        f4b3b7bbb1b9cbeb037cf4b48f32ee23d09c023d65ff03ac6edd118c562a92d3

                                                                                                                                                        SHA512

                                                                                                                                                        c5dd87738b1957a602793f7602552f573e73f2d2811729e1c69e5b7a2d2821e72816bca80c6fe8941e5cbd884f8013bf006beaf6cedb5aa7368a8876f49007f8

                                                                                                                                                        Download Submit

                                                                                                                                                      • memory/312-171-0x0000000031BD0000-0x0000000031BDD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/312-169-0x0000000031BD0000-0x0000000031BDD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/872-165-0x0000000000400000-0x0000000000459000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        356KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/872-163-0x0000000031B90000-0x0000000031B9D000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/872-175-0x0000000031B90000-0x0000000031B9D000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/872-166-0x0000000031B90000-0x0000000031B9D000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/2888-152-0x00000000240F0000-0x0000000024152000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/2888-156-0x0000000000400000-0x0000000000459000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        356KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/2888-146-0x0000000002410000-0x0000000002472000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/2888-132-0x0000000000400000-0x0000000000459000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        356KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/2888-140-0x0000000024080000-0x00000000240E2000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/2888-139-0x0000000000400000-0x0000000000459000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        356KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/2888-134-0x0000000024010000-0x0000000024072000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3564-170-0x0000000031BF0000-0x0000000031BFD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3564-172-0x0000000031BF0000-0x0000000031BFD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3564-174-0x0000000031BF0000-0x0000000031BFD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3968-160-0x0000000031B80000-0x0000000031B8D000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3968-157-0x00000000240F0000-0x0000000024152000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3968-177-0x0000000031B80000-0x0000000031B8D000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3968-176-0x00000000240F0000-0x0000000024152000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3968-155-0x00000000240F0000-0x0000000024152000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/3968-151-0x0000000000400000-0x0000000000459000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        356KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/4564-143-0x0000000024080000-0x00000000240E2000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/4564-144-0x0000000024080000-0x00000000240E2000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/4564-173-0x0000000024080000-0x00000000240E2000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        392KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/4956-164-0x0000000031BB0000-0x0000000031BBD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/4956-168-0x0000000031BB0000-0x0000000031BBD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download

                                                                                                                                                      • memory/4956-167-0x0000000031BB0000-0x0000000031BBD000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        52KB

                                                                                                                                                        Download