cybergate | 08e33ca1108f4a66114b8f0efd4eb39fbabe2a43cf1df3e2618ca355efd65bb3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Size

239KB
MD5

2c7041f11b160b644a5bb87f8bcfb259
SHA1

34a636782939d2f9f522f7a985b2935305ac887c
SHA256

08e33ca1108f4a66114b8f0efd4eb39fbabe2a43cf1df3e2618ca355efd65bb3
SHA512

1aa9ce1618bba611969b0f4344f31be97d00f8cf01cc5e02229cf23a1088c4a47efa221d01196664aaff857283937778dd849ad2b352f8e2415da319408399eb
SSDEEP

6144:n7gtn549qNj0k0UqLxZDjf7De6HA3UQ/bjbsJ:n01549q3Ojf7De+/Q/72

Score

10^/10

cybergate facebook persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

2.2.3

Botnet

FACEBOOK

antraxdj02.no-ip.biz:81

antraxdj.no-ip.biz:81

zzzenemigoszzz.no-ip.biz:81

antraxdj02.no-ip.biz:80

antraxdj.no-ip.biz:80

zzzenemigoszzz.no-ip.biz:80

zzzenemigoszzz.no-ip.biz:82

antraxdj02.no-ip.biz:82

antraxdj.no-ip.biz:82

Mutex

545DFAW

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_file
Sytem32.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Traducción Realizada
message_box_title
Cool Edit
password
HPTAS123
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\System\\Sytem32.exe"	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\System\\Sytem32.exe"	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe

Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEB065QM-J872-7LM4-M18K-0TS0C0Y0H363}	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEB065QM-J872-7LM4-M18K-0TS0C0Y0H363}\StubPath = "c:\\System\\Sytem32.exe Restart"	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEB065QM-J872-7LM4-M18K-0TS0C0Y0H363}	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEB065QM-J872-7LM4-M18K-0TS0C0Y0H363}\StubPath = "c:\\System\\Sytem32.exe"	explorer.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2448-20-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2448-22-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2448-24-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2448-26-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/2448-28-0x0000000024010000-0x000000002404E000-memory.dmp	upx
behavioral2/memory/2448-32-0x0000000024050000-0x000000002408E000-memory.dmp	upx
behavioral2/memory/4384-82-0x0000000024050000-0x000000002408E000-memory.dmp	upx
behavioral2/memory/2448-141-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral2/memory/3900-142-0x00000000240D0000-0x000000002410E000-memory.dmp	upx
behavioral2/memory/4384-177-0x0000000024050000-0x000000002408E000-memory.dmp	upx
behavioral2/memory/3900-187-0x00000000240D0000-0x000000002410E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "c:\\System\\Sytem32.exe"	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "c:\\System\\Sytem32.exe"	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 864 set thread context of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3900	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3900	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
Token: SeDebugPrivilege	3900	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
3900	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 864 wrote to memory of 2448	864	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	83
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56
PID 2448 wrote to memory of 3396	2448	2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3396
- C:\Users\Admin\AppData\Local\Temp\2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:864
- - C:\Users\Admin\AppData\Local\Temp\2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
    3⤵
    - Adds policy Run key to start application
    - Boot or Logon Autostart Execution: Active Setup
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      PID:4384
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\2c7041f11b160b644a5bb87f8bcfb259_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\UuU.uUu

Filesize
8B

MD5
bef72afb1d94e414d1920660149b65ef

SHA1
131a11973dc344ac474ce4872cbb822661669bb8

SHA256
976e88f7c982892f982d3a92d873d19d64b48427f58018098d47fbb19a1a6666

SHA512
a8ff8d015f8d5d783e42f2cf8b591d6425822a8cc5adae7566d7cc9dff3ae892935d248c07ea36d4dd4cf108145eb614bf2ef4bb31ecc837e072113f9bca2a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt

Filesize
141KB

MD5
62cdd57a66a15a6a518f0c81ad917e2f

SHA1
9cc22028e9ac38e4c63aa312ffc1d9fe6322cb21

SHA256
afe5c0e1fba5910697653df73e14c119d1e57b6971706a35955b45c69eaa6c1f

SHA512
8f95143fbbce30fe6a95b8163fb11d5de650ff37a1e4869ce51c7d3d2815b1d468d0de3df4946972765efba33ce82b3e79f9484cabf46de794d648fa7e38b30f

Download Submit
C:\Users\Admin\AppData\Roaming\logs.dat

Filesize
15B

MD5
86f3c87caff4d7973404ff22c664505b

SHA1
245bc19c345bc8e73645cd35f5af640bc489da19

SHA256
e8ab966478c22925527b58b0a7c3d89e430690cbdabb44d501744e0ad0ac9ddb

SHA512
0940c4b339640f60f1a21fc9e4e958bf84f0e668f33a9b24d483d1e6bfcf35eca45335afee1d3b7ff6fd091b2e395c151af8af3300e154d3ea3fdb2b73872024

Download Submit
\??\c:\System\Sytem32.exe

Filesize
239KB

MD5
2c7041f11b160b644a5bb87f8bcfb259

SHA1
34a636782939d2f9f522f7a985b2935305ac887c

SHA256
08e33ca1108f4a66114b8f0efd4eb39fbabe2a43cf1df3e2618ca355efd65bb3

SHA512
1aa9ce1618bba611969b0f4344f31be97d00f8cf01cc5e02229cf23a1088c4a47efa221d01196664aaff857283937778dd849ad2b352f8e2415da319408399eb

Download Submit
memory/864-6-0x0000000002270000-0x0000000002280000-memory.dmp

Filesize
64KB

Download
memory/864-16-0x0000000002320000-0x0000000002330000-memory.dmp

Filesize
64KB

Download
memory/864-10-0x00000000022B0000-0x00000000022C0000-memory.dmp

Filesize
64KB

Download
memory/864-9-0x00000000022A0000-0x00000000022B0000-memory.dmp

Filesize
64KB

Download
memory/864-8-0x0000000002290000-0x00000000022A0000-memory.dmp

Filesize
64KB

Download
memory/864-7-0x0000000002280000-0x0000000002290000-memory.dmp

Filesize
64KB

Download
memory/864-11-0x00000000022C0000-0x00000000022D0000-memory.dmp

Filesize
64KB

Download
memory/864-5-0x0000000002260000-0x0000000002270000-memory.dmp

Filesize
64KB

Download
memory/864-15-0x0000000002300000-0x0000000002310000-memory.dmp

Filesize
64KB

Download
memory/864-13-0x00000000022E0000-0x00000000022F0000-memory.dmp

Filesize
64KB

Download
memory/864-17-0x0000000002330000-0x0000000002340000-memory.dmp

Filesize
64KB

Download
memory/864-14-0x00000000022F0000-0x0000000002300000-memory.dmp

Filesize
64KB

Download
memory/864-3-0x0000000002230000-0x0000000002240000-memory.dmp

Filesize
64KB

Download
memory/864-1-0x0000000002210000-0x0000000002220000-memory.dmp

Filesize
64KB

Download
memory/864-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/864-12-0x00000000022D0000-0x00000000022E0000-memory.dmp

Filesize
64KB

Download
memory/864-23-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/864-4-0x0000000002240000-0x0000000002250000-memory.dmp

Filesize
64KB

Download
memory/864-2-0x0000000002220000-0x0000000002230000-memory.dmp

Filesize
64KB

Download
memory/2448-20-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2448-22-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2448-24-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2448-32-0x0000000024050000-0x000000002408E000-memory.dmp

Filesize
248KB

Download
memory/2448-141-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2448-28-0x0000000024010000-0x000000002404E000-memory.dmp

Filesize
248KB

Download
memory/2448-26-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3900-142-0x00000000240D0000-0x000000002410E000-memory.dmp

Filesize
248KB

Download
memory/3900-178-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3900-187-0x00000000240D0000-0x000000002410E000-memory.dmp

Filesize
248KB

Download
memory/4384-82-0x0000000024050000-0x000000002408E000-memory.dmp

Filesize
248KB

Download
memory/4384-33-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/4384-34-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/4384-177-0x0000000024050000-0x000000002408E000-memory.dmp

Filesize
248KB

Download