cybergate | 88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97

Analysis

max time kernel
196s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
Size

389KB
MD5

259c082d3faf1ec1dcf11662db235bab
SHA1

43b7e114e166f2c37f21cf8856def17b3a0e3614
SHA256

88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97
SHA512

4302726460e44e58d020caa3b4ba7070134db0115999eebfbf8bb7ce9f40886dbd3bfe5f21b473fccdbb56364d62ea8f131a84f60ec393a0471368c3f10bf09f
SSDEEP

12288:rtqVpuxTaVs1xaBch9vCer1/OtddFAwR33XY:rtqVoxTaigSh9Jr12tddFAwe

Score

10^/10

cybergate remote persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

remote

monsieur663.no-ip.biz:1223

Mutex

RT736G78UQG121

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WinSys
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
yoyo0603

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

Executes dropped EXE 1 IoCs

pid	Process
5032	svchost.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/316-150-0x0000000010410000-0x0000000010471000-memory.dmp	upx
behavioral2/memory/3440-160-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral2/memory/316-162-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral2/memory/380-167-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral2/memory/4076-166-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral2/memory/4076-171-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral2/memory/380-172-0x0000000010480000-0x00000000104E1000-memory.dmp	upx
behavioral2/memory/4076-178-0x0000000010480000-0x00000000104E1000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Control Panel\International\Geo\Nation	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Magicfile = "C:\\Users\\Admin\\AppData\\Roaming\\inid.exe"	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe
File created	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe
File created	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe
File opened for modification	C:\Windows\SysWOW64\WinSys\svchost.exe	vbc.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4376 set thread context of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 3912 set thread context of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
Token: SeDebugPrivilege	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
Token: SeDebugPrivilege	4076	vbc.exe
Token: SeDebugPrivilege	4076	vbc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 316	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	85
PID 4376 wrote to memory of 3912	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	86
PID 4376 wrote to memory of 3912	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	86
PID 4376 wrote to memory of 3912	4376	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	86
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 3912 wrote to memory of 3440	3912	88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe	87
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 3440 wrote to memory of 5112	3440	vbc.exe	88
PID 3440 wrote to memory of 5112	3440	vbc.exe	88
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89
PID 316 wrote to memory of 5092	316	vbc.exe	89

C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
"C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:5092
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
    3⤵
    PID:380
- C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe
  "C:\Users\Admin\AppData\Local\Temp\88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3912
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    3⤵
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:3440
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:5112
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4076
    - - C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe
        
        "C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe"
        5⤵
        Executes dropped EXE
        
        PID:5032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt

Filesize
222KB

MD5
764be22bdb4cb28a5728918589cfd389

SHA1
386ba88d042851efe28c19ddacc8c7977077a7e6

SHA256
8d7497523a2b47fb71db4949195b3a5a88fefdcc586a793ec95f9649dbcf5ffd

SHA512
7f1ad086380fb763db47934ce14141bff38e44f3abcfa748f005f983236bafe3027b2c93954352ac2b5846aec37281c4161a3b6712bb135940ab2ea5836b9abf

Download Submit
C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe

Filesize
1.1MB

MD5
d881de17aa8f2e2c08cbb7b265f928f9

SHA1
08936aebc87decf0af6e8eada191062b5e65ac2a

SHA256
b3a37093609f9a20ad60b85a9fa9de2ba674cba9b5bd687729440c70ba619ca0

SHA512
5f23bfb1b8740247b36ed0ab741738c7d4c949736129e767213e321607d1ccd3e3a8428e4ba44bd28a275b5e3f6206285b1a522514b7ef7ea5e698d90a713d34

Download Submit
C:\Users\Admin\AppData\Roaming\WinSys\svchost.exe

Filesize
1.1MB

MD5
d881de17aa8f2e2c08cbb7b265f928f9

SHA1
08936aebc87decf0af6e8eada191062b5e65ac2a

SHA256
b3a37093609f9a20ad60b85a9fa9de2ba674cba9b5bd687729440c70ba619ca0

SHA512
5f23bfb1b8740247b36ed0ab741738c7d4c949736129e767213e321607d1ccd3e3a8428e4ba44bd28a275b5e3f6206285b1a522514b7ef7ea5e698d90a713d34

Download Submit
C:\Users\Admin\AppData\Roaming\inid.exe

Filesize
389KB

MD5
259c082d3faf1ec1dcf11662db235bab

SHA1
43b7e114e166f2c37f21cf8856def17b3a0e3614

SHA256
88ea04994abb3d6da877191f4994cd671435238201d8183bee47109118721f97

SHA512
4302726460e44e58d020caa3b4ba7070134db0115999eebfbf8bb7ce9f40886dbd3bfe5f21b473fccdbb56364d62ea8f131a84f60ec393a0471368c3f10bf09f

Download Submit
C:\Windows\SysWOW64\WinSys\svchost.exe

Filesize
1.1MB

MD5
d881de17aa8f2e2c08cbb7b265f928f9

SHA1
08936aebc87decf0af6e8eada191062b5e65ac2a

SHA256
b3a37093609f9a20ad60b85a9fa9de2ba674cba9b5bd687729440c70ba619ca0

SHA512
5f23bfb1b8740247b36ed0ab741738c7d4c949736129e767213e321607d1ccd3e3a8428e4ba44bd28a275b5e3f6206285b1a522514b7ef7ea5e698d90a713d34

Download Submit
memory/316-134-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/316-143-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/316-162-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/316-135-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/316-133-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/316-150-0x0000000010410000-0x0000000010471000-memory.dmp

Filesize
388KB

Download
memory/316-169-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/380-172-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/380-167-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/3440-168-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/3440-160-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/3440-145-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/3912-144-0x00000000752C0000-0x0000000075871000-memory.dmp

Filesize
5.7MB

Download
memory/3912-177-0x00000000752C0000-0x0000000075871000-memory.dmp

Filesize
5.7MB

Download
memory/4076-171-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/4076-166-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/4076-178-0x0000000010480000-0x00000000104E1000-memory.dmp

Filesize
388KB

Download
memory/4376-136-0x00000000752C0000-0x0000000075871000-memory.dmp

Filesize
5.7MB

Download
memory/4376-176-0x00000000752C0000-0x0000000075871000-memory.dmp

Filesize
5.7MB

Download