cybergate | 88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97

Analysis

max time kernel
151s
max time network
55s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
Size

389KB
MD5

259c082d3faf1ec1dcf11662db235bab
SHA1

43b7e114e166f2c37f21cf8856def17b3a0e3614
SHA256

88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97
SHA512

4302726460e44e58d020caa3b4ba7070134db0115999eebfbf8bb7ce9f40886dbd3bfe5f21b473fccdbb56364d62ea8f131a84f60ec393a0471368c3f10bf09f
SSDEEP

12288:rtqVpuxTaVs1xaBch9vCer1/OtddFAwR33XY:rtqVoxTaigSh9Jr12tddFAwe

Score

10^/10

cybergate remote persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

remote

monsieur663.no-ip.biz:1223

Mutex

RT736G78UQG121

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WinSys
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
yoyo0603

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

Executes dropped EXE 1 IoCs

pid	Process
908	svchost.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/944-71-0x0000000010410000-0x0000000010471000-memory.dmp	upx
behavioral1/memory/944-87-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral1/memory/1788-93-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral1/memory/1788-94-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral1/memory/1504-96-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral1/memory/792-102-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral1/memory/792-108-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral1/memory/1788-111-0x0000000010480000-0x00000000104E1000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
1788	vbc.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Windows\CurrentVersion\Run\Magicfile = "C:\\Users\\Admin\\AppData\\Roaming\\inid.exe"	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe
File opened for modification	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe
File opened for modification	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe
File created	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 844 set thread context of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 588 set thread context of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
Token: SeDebugPrivilege	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
Token: SeDebugPrivilege	1788	vbc.exe
Token: SeDebugPrivilege	1788	vbc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 944	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	28
PID 844 wrote to memory of 588	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	29
PID 844 wrote to memory of 588	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	29
PID 844 wrote to memory of 588	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	29
PID 844 wrote to memory of 588	844	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	29
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 588 wrote to memory of 1504	588	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	30
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31
PID 944 wrote to memory of 1924	944	vbc.exe	31

C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
"C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:944
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1924
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1788
  - - C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe
      "C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe"
      4⤵
      Executes dropped EXE
      PID:908
- C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
  "C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:588
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    3⤵
    - Drops file in System32 directory
    PID:1504
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1960
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
      4⤵
      PID:792

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt

Filesize
222KB

MD5
764be22bdb4cb28a5728918589cfd389

SHA1
386ba88d042851efe28c19ddacc8c7977077a7e6

SHA256
8d7497523a2b47fb71db4949195b3a5a88fefdcc586a793ec95f9649dbcf5ffd

SHA512
7f1ad086380fb763db47934ce14141bff38e44f3abcfa748f005f983236bafe3027b2c93954352ac2b5846aec37281c4161a3b6712bb135940ab2ea5836b9abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt

Filesize
222KB

MD5
764be22bdb4cb28a5728918589cfd389

SHA1
386ba88d042851efe28c19ddacc8c7977077a7e6

SHA256
8d7497523a2b47fb71db4949195b3a5a88fefdcc586a793ec95f9649dbcf5ffd

SHA512
7f1ad086380fb763db47934ce14141bff38e44f3abcfa748f005f983236bafe3027b2c93954352ac2b5846aec37281c4161a3b6712bb135940ab2ea5836b9abf

Download Submit
C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
C:\Windows\SysWOW64\WinSys\svchost.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
\Users\Admin\AppData\Roaming\WinSys\svchost.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
memory/588-74-0x00000000747F0000-0x0000000074D9B000-memory.dmp

Filesize
5.7MB

Download
memory/588-110-0x00000000747F0000-0x0000000074D9B000-memory.dmp

Filesize
5.7MB

Download
memory/588-61-0x0000000000000000-mapping.dmp

Download
memory/792-102-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/792-86-0x0000000000000000-mapping.dmp

Download
memory/792-108-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/844-60-0x00000000747F0000-0x0000000074D9B000-memory.dmp

Filesize
5.7MB

Download
memory/844-54-0x0000000075651000-0x0000000075653000-memory.dmp

Filesize
8KB

Download
memory/844-109-0x00000000747F0000-0x0000000074D9B000-memory.dmp

Filesize
5.7MB

Download
memory/908-106-0x0000000000000000-mapping.dmp

Download
memory/944-56-0x000000000040BBCC-mapping.dmp

Download
memory/944-59-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/944-55-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/944-92-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/944-71-0x0000000010410000-0x0000000010471000-memory.dmp

Filesize
388KB

Download
memory/944-57-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/944-70-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/944-87-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/1504-96-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/1504-101-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1504-76-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1504-65-0x000000000040BBCC-mapping.dmp

Download
memory/1788-90-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/1788-77-0x0000000000000000-mapping.dmp

Download
memory/1788-94-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/1788-93-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/1788-111-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download