cybergate | 93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe
Size

1007KB
MD5

aecd043c13b2581b4604fdde90f87fae
SHA1

a73ceb9f653903fff8fc01c9a8a6ef15e1cbee21
SHA256

93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc
SHA512

8aeb5988fe2a1ae30b1e891193fe142f3a164d05426bb1445821cc088bf73fb10b718a25fa69bf4135de86c0a69237bd6a3531e9603e28272e3d4d1981c46cae
SSDEEP

24576:Bt245+7ErHtRJcDwNHa5m8RnYTUtzFtRR+OSgLphaZ3etWrV:d1TJcDwNOmH+bRC8hm3vV

Score

10^/10

cybergate maymacro persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

MayMacro

curtis1145.no-ip.org:1145

Mutex

P1RA63K1N04P7J

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
System32
install_file
process
install_flag
true
keylogger_enable_ftp
false
message_box_caption
The application failed to initialize properly (0xc000007b). Click on OK to terminate the application.
message_box_title
Adobe Reader Error
password
omolabi

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate
Executes dropped EXE 2 IoCs

Processes:

UWBCE.cmdUWBCE.cmd

pid process

4328 UWBCE.cmd
2024 UWBCE.cmd

pid	process
4328	UWBCE.cmd
2024	UWBCE.cmd

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3948-148-0x0000000010410000-0x0000000010475000-memory.dmp	upx
behavioral2/memory/3948-153-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/544-156-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/544-159-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/3948-161-0x00000000104F0000-0x0000000010555000-memory.dmp	upx
behavioral2/memory/3948-166-0x0000000010560000-0x00000000105C5000-memory.dmp	upx
behavioral2/memory/1948-169-0x0000000010560000-0x00000000105C5000-memory.dmp	upx
behavioral2/memory/1948-170-0x0000000010560000-0x00000000105C5000-memory.dmp	upx
behavioral2/memory/1948-172-0x0000000010560000-0x00000000105C5000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

UWBCE.cmd

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	UWBCE.cmd
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate = "C:\\Users\\Admin\\AppData\\Roaming\\KGZNY\\UWBCE.cmd C:\\Users\\Admin\\AppData\\Roaming\\KGZNY\\BDGHM-~1"	UWBCE.cmd

Drops file in System32 directory 2 IoCs

Processes:

RegSvcs.exe

description	ioc	process
File created	C:\Windows\SysWOW64\System32\process	RegSvcs.exe
File opened for modification	C:\Windows\SysWOW64\System32\process	RegSvcs.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

UWBCE.cmd

description pid process target process

PID 2024 set thread context of 3948 2024 UWBCE.cmd RegSvcs.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	pid	process	target process
PID 2024 set thread context of 3948	2024	UWBCE.cmd	RegSvcs.exe

Modifies registry class 4 IoCs

Processes:

RegSvcs.exeOpenWith.exeOpenWith.exeRegSvcs.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	RegSvcs.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	RegSvcs.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

UWBCE.cmdRegSvcs.exe

pid process

2024 UWBCE.cmd
2024 UWBCE.cmd
3948 RegSvcs.exe
3948 RegSvcs.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

RegSvcs.exe

pid process

1948 RegSvcs.exe

pid	process
2024	UWBCE.cmd
2024	UWBCE.cmd
3948	RegSvcs.exe
3948	RegSvcs.exe

pid	process
1948	RegSvcs.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

explorer.exeRegSvcs.exe

description	pid	process
Token: SeBackupPrivilege	544	explorer.exe
Token: SeRestorePrivilege	544	explorer.exe
Token: SeBackupPrivilege	1948	RegSvcs.exe
Token: SeRestorePrivilege	1948	RegSvcs.exe
Token: SeDebugPrivilege	1948	RegSvcs.exe
Token: SeDebugPrivilege	1948	RegSvcs.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

RegSvcs.exe

pid process

3948 RegSvcs.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

OpenWith.exeOpenWith.exe

pid process

2396 OpenWith.exe
1248 OpenWith.exe

pid	process
3948	RegSvcs.exe

pid	process
2396	OpenWith.exe
1248	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exeUWBCE.cmdUWBCE.cmdRegSvcs.exe

description	pid	process	target process
PID 1608 wrote to memory of 4328	1608	93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe	UWBCE.cmd
PID 1608 wrote to memory of 4328	1608	93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe	UWBCE.cmd
PID 1608 wrote to memory of 4328	1608	93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe	UWBCE.cmd
PID 4328 wrote to memory of 2024	4328	UWBCE.cmd	UWBCE.cmd
PID 4328 wrote to memory of 2024	4328	UWBCE.cmd	UWBCE.cmd
PID 4328 wrote to memory of 2024	4328	UWBCE.cmd	UWBCE.cmd
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 2024 wrote to memory of 3948	2024	UWBCE.cmd	RegSvcs.exe
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE
PID 3948 wrote to memory of 2056	3948	RegSvcs.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe
"C:\Users\Admin\AppData\Local\Temp\93328a4aa25a41f35e203daebefa4f5e7b4eb33e0c3ec65d112c18c3ce1d15cc.exe"
2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1608

C:\Users\Admin\AppData\Roaming\KGZNY\UWBCE.cmd
"C:\Users\Admin\AppData\Roaming\KGZNY\UWBCE.cmd" "BDGHM-YSR"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4328

C:\Users\Admin\AppData\Roaming\KGZNY\UWBCE.cmd
C:\Users\Admin\AppData\Roaming\KGZNY\UWBCE.cmd C:\Users\Admin\AppData\Roaming\KGZNY\EKXVD
4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2024

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
5⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3948

C:\Windows\SysWOW64\explorer.exe
explorer.exe
6⤵
- Suspicious use of AdjustPrivilegeToken
PID:544

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
6⤵
PID:3768

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
6⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Admin2.txt

Filesize
224KB

MD5
238f5039dbb3c08a51a8a13b47649e43

SHA1
afa98c07bbc8b0c875dee332f6a6943313f434b4

SHA256
bfe709bb060250cf997846525a65caa955a7757a9b34ed21b396fb8abbf78d0b

SHA512
bdda5aa4e508ef30a8626499e1811377a43619422c206d9663b7a54229d800f8bb548eeeae8b66ded63f73fa4b096ceb55dbe5f580fb0090936fc5e823313b89

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\BDGHM-YSR

Filesize
5KB

MD5
a5869a817982cdeb4d0673514a2dd798

SHA1
e38ec6330dd340e656946db2c4af02f93bceee5d

SHA256
fb1abbcbd489b83dc0f7564d713c3362daa28c02ae1e643df7a8f82e6bb20ef3

SHA512
cb217d53dddcfbfe3722a025b2aad28c6d1f76bb431e2b388e8620f2bf4ff4f0e0f560723ad97d063d9314363039cf9e46802e5759cd8d831b511ea055bc2848

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\EKXVD

Filesize
118KB

MD5
c346f5cd7684d742e218dc717b47c027

SHA1
c1486531db25d3c7f86e6a0031342885bd8580b5

SHA256
f4277a31ceba382ca8de4d8771e9d12e67dac07c421edbb9dc38be4d843bcb63

SHA512
90548e009e967c0151b3330c5070352a5de2e227d61a0695044ebaddad492d2a95a05fbeddb7155b959320ffbfbb0866f091348f8e7927a5810aa8ec2344edaf

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\IUXSK.MRZ

Filesize
236KB

MD5
41b16d19b4354eb477fc86c232e91ce7

SHA1
776dba32f6b09d7ebd7484e6fac738482ffd3cdf

SHA256
ae6994c77a96eb0849e5dc0c8ba65755b5e38ca2c71e9ade530bb5d85558910e

SHA512
e0c62309573d8b6b6fef4bcf7e28bc9d0cf321e6645b3e13ff5b359683d6752b06d372a68eae6535e17389d171373e4de88fd4ee9b550aea997a0b807f6a0c9a

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\OFKOM.BOS

Filesize
290KB

MD5
cf663a6978cfd3b26b717f9703cc3f1f

SHA1
126238976d2be8484c4a36b67267e01a50b8217d

SHA256
c7b86d01102590d6b34fd5d3baf64e34258b1d8e0e7dc1ec288c2d5ad808c80f

SHA512
94aab3d7dbd3bc735eb86d75920f08c6c5917f82841689bcb82044310b487c428ebbc8febd58bc1b81b2f6b397b969b9afdd620b5fcf5d4ee7fecc326c53bac3

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\UWBCE.cmd

Filesize
732KB

MD5
71d8f6d5dc35517275bc38ebcc815f9f

SHA1
cae4e8c730de5a01d30aabeb3e5cb2136090ed8d

SHA256
fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b

SHA512
4826f45000ea50d9044e3ef11e83426281fbd5f3f5a25f9786c2e487b4cf26b04f6f900ca6e70440644c9d75f700a4c908ab6f398f59c65ee1bff85dfef4ce59

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\UWBCE.cmd

Filesize
732KB

MD5
71d8f6d5dc35517275bc38ebcc815f9f

SHA1
cae4e8c730de5a01d30aabeb3e5cb2136090ed8d

SHA256
fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b

SHA512
4826f45000ea50d9044e3ef11e83426281fbd5f3f5a25f9786c2e487b4cf26b04f6f900ca6e70440644c9d75f700a4c908ab6f398f59c65ee1bff85dfef4ce59

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\UWBCE.cmd

Filesize
732KB

MD5
71d8f6d5dc35517275bc38ebcc815f9f

SHA1
cae4e8c730de5a01d30aabeb3e5cb2136090ed8d

SHA256
fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b

SHA512
4826f45000ea50d9044e3ef11e83426281fbd5f3f5a25f9786c2e487b4cf26b04f6f900ca6e70440644c9d75f700a4c908ab6f398f59c65ee1bff85dfef4ce59

Download Submit
C:\Users\Admin\AppData\Roaming\KGZNY\YMQGIX

Filesize
32KB

MD5
fbc0b5d2f40b268ac7addcf78122525a

SHA1
30df1420226005ca15039b719b72e72d99c3abd1

SHA256
651b8aeedd164bd19183c4a8c1710b613b713ac036154241940fb5a268a3e9b6

SHA512
cc67aa6addd4827c4589869d696fdac71206fe154c4aec37da027f9233c7603d4c45bd4373982d3bd62c33970d83504b70113bdfba0b210762d949e14eb55ff7

Download Submit
C:\Windows\SysWOW64\System32\process

Filesize
32KB

MD5
3a77a4f220612fa55118fb8d7ddae83c

SHA1
b96fa726fc84fd46d03dd3c32689f645e0422278

SHA256
2cd6aacd0ed0f477f62833b13b97c26135f436dc59b0b09d4515a6c13cfe6e1f

SHA512
33a9cfc23d49505d7f2e1af4299ea2e6ccbe36daccc81c3dafc9652b8259083da88ee67312035e88dcbc1a6d76ce2c13b6067b6dbcc2afd310b91d4ee737c94d

Download Submit
memory/544-159-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/544-156-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/544-152-0x0000000000000000-mapping.dmp

Download
memory/1948-172-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/1948-170-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/1948-169-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/1948-165-0x0000000000000000-mapping.dmp

Download
memory/2024-138-0x0000000000000000-mapping.dmp

Download
memory/3948-148-0x0000000010410000-0x0000000010475000-memory.dmp

Filesize
404KB

Download
memory/3948-142-0x0000000000000000-mapping.dmp

Download
memory/3948-153-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/3948-161-0x00000000104F0000-0x0000000010555000-memory.dmp

Filesize
404KB

Download
memory/3948-143-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3948-166-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/3948-146-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3948-145-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3948-171-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3948-144-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4328-132-0x0000000000000000-mapping.dmp

Download