cybergate | f9eb9d20c57e0f7120e5053946258b8ce700747b67046e6ca8f08ce4a0001b95

Analysis

max time kernel
144s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

600c978a326eedd85cc46e4b8bb526b9[1].exe
Size

412KB
MD5

7b04fe26c3db90ee0bf31085cea3e15d
SHA1

c53b19524d0ee20d0f24ab1d64a7c2d65f9f2f10
SHA256

efc9fc31da98762132013536a8947248d4ed97474e32af1943e38a0f18853bf2
SHA512

848d439ed9ec61eb34ce388f58b540ecc864a15f3667a9bc3209cd6e9a819b30a4a7fd7118d49581749e70c892e7308b649bbcf0189b9268684ccf1838c1e01f
SSDEEP

6144:UM576qEk6Gtc03ruSotlvASBIwA7YxRjtECDJfZ8TawpYg:ztE/GJotlvASr4YDREDTawD

Score

10^/10

cybergate lloyd discovery persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Lloyd

serveur9.no-ip.org:82

Mutex

I41T87P4T4S7H2

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_file
winsec.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123789456
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate
Cybergate family
cybergate

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	600c978a326eedd85cc46e4b8bb526b9[1].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\winsec.exe"	600c978a326eedd85cc46e4b8bb526b9[1].exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	600c978a326eedd85cc46e4b8bb526b9[1].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\winsec.exe"	600c978a326eedd85cc46e4b8bb526b9[1].exe

Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4UEK5VX-RLAI-8303-TV48-KE12F06HJF2G}	600c978a326eedd85cc46e4b8bb526b9[1].exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4UEK5VX-RLAI-8303-TV48-KE12F06HJF2G}\StubPath = "C:\\Windows\\system32\\winsec.exe Restart"	600c978a326eedd85cc46e4b8bb526b9[1].exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4UEK5VX-RLAI-8303-TV48-KE12F06HJF2G}	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E4UEK5VX-RLAI-8303-TV48-KE12F06HJF2G}\StubPath = "C:\\Windows\\system32\\winsec.exe"	explorer.exe

Executes dropped EXE 2 IoCs

pid	Process
300	winsec.exe
2912	winsec.exe

Loads dropped DLL 3 IoCs

pid	Process
2780	600c978a326eedd85cc46e4b8bb526b9[1].exe
2780	600c978a326eedd85cc46e4b8bb526b9[1].exe
300	winsec.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\winsec.exe"	600c978a326eedd85cc46e4b8bb526b9[1].exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\winsec.exe"	600c978a326eedd85cc46e4b8bb526b9[1].exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winsec.exe	600c978a326eedd85cc46e4b8bb526b9[1].exe
File opened for modification	C:\Windows\SysWOW64\winsec.exe	600c978a326eedd85cc46e4b8bb526b9[1].exe
File opened for modification	C:\Windows\SysWOW64\winsec.exe	600c978a326eedd85cc46e4b8bb526b9[1].exe
File opened for modification	C:\Windows\SysWOW64\	600c978a326eedd85cc46e4b8bb526b9[1].exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1196 set thread context of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 300 set thread context of 2912	300	winsec.exe	34

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1248-22-0x0000000010410000-0x0000000010475000-memory.dmp	upx
behavioral1/memory/2076-546-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral1/memory/2076-921-0x0000000010480000-0x00000000104E5000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	600c978a326eedd85cc46e4b8bb526b9[1].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	600c978a326eedd85cc46e4b8bb526b9[1].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	600c978a326eedd85cc46e4b8bb526b9[1].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winsec.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1248	600c978a326eedd85cc46e4b8bb526b9[1].exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2780	600c978a326eedd85cc46e4b8bb526b9[1].exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeBackupPrivilege	2076	explorer.exe
Token: SeRestorePrivilege	2076	explorer.exe
Token: SeBackupPrivilege	2780	600c978a326eedd85cc46e4b8bb526b9[1].exe
Token: SeRestorePrivilege	2780	600c978a326eedd85cc46e4b8bb526b9[1].exe
Token: SeDebugPrivilege	2780	600c978a326eedd85cc46e4b8bb526b9[1].exe
Token: SeDebugPrivilege	2780	600c978a326eedd85cc46e4b8bb526b9[1].exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1248	600c978a326eedd85cc46e4b8bb526b9[1].exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1196 wrote to memory of 1248	1196	600c978a326eedd85cc46e4b8bb526b9[1].exe	30
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21
PID 1248 wrote to memory of 1200	1248	600c978a326eedd85cc46e4b8bb526b9[1].exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\600c978a326eedd85cc46e4b8bb526b9[1].exe
  "C:\Users\Admin\AppData\Local\Temp\600c978a326eedd85cc46e4b8bb526b9[1].exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1196
- - C:\Users\Admin\AppData\Local\Temp\600c978a326eedd85cc46e4b8bb526b9[1].exe
    "C:\Users\Admin\AppData\Local\Temp\600c978a326eedd85cc46e4b8bb526b9[1].exe"
    3⤵
    - Adds policy Run key to start application
    - Boot or Logon Autostart Execution: Active Setup
    - Adds Run key to start application
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1248
  - - C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\600c978a326eedd85cc46e4b8bb526b9[1].exe
      "C:\Users\Admin\AppData\Local\Temp\600c978a326eedd85cc46e4b8bb526b9[1].exe"
      4⤵
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      PID:2780
    - - C:\Windows\SysWOW64\winsec.exe
        
        "C:\Windows\system32\winsec.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:300
      - C:\Windows\SysWOW64\winsec.exe
        
        "C:\Windows\SysWOW64\winsec.exe"
        6⤵
        Executes dropped EXE
        
        PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Admin2.txt

Filesize
224KB

MD5
9b51e73d2b2a699e7c14b5de4539b95f

SHA1
87378811a7388371324b4bd7a7683a493948e597

SHA256
a5f4d93fe42bece1c8e5b98b434ae16c6f1909d6be587b8a2a83325965f05885

SHA512
ea080db82f6b4319b8e46313a0753e66902d6805d16bd85bad27555b921924710320139e8bd917f5294f700e6e1a5f94d47b7f2f68c636d36d47e6e8c9936f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
4e6a4bdf0231dc2b78f071ff3cffcd9b

SHA1
fdf332ad05c71b9b30ddd15e93418e845222248c

SHA256
452f4235e0a46eddb9ba2eda3e8c7b57017951894fe9643ea6a25d11ed18d528

SHA512
2560272ba03c8a84a67d7fbfd414a597c908f59f0f81279b70c409611b66d303fef1e6df242bf49446524b36c61023cbcf932927bee1f23eb7637781f9856766

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
5f4a38e1725591d6e59374878b93a9f1

SHA1
ae6bc44bc240b0538566fdfd0bc48f5e78f484a0

SHA256
f808db6e4ef4ac44cc4e6c5b0122795947fc329299bbec4d3baa66d6f0d27bfb

SHA512
2ba0794b8ef101492ffdbfd65947edc03c435464822300e482f56c256626dbd9cd7c60362ae69f1879052e997ef19990decba52b28655e54ab5c2314cc6127f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
860b6b4d01e00cd11f361c9882181d38

SHA1
708d66a9d0a1fcb38b6e5a0073bc114f6ea029a1

SHA256
0d34d544a4ef06e85dc609cd43f679d5d40a021d0803a1cc3a134b5e624f6f20

SHA512
a01e57f4f582ad2ec92e9763a96aa2764363f2309a59f0e3bc5bf1d4f4416c35ce0e4010f9d3f603b95a5c9d15440d15c1d3330338319e42ad13ecc65545e1e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
b2f668b2b430c1873c0eb9cba7d8b147

SHA1
69b5b2bde82a256739489b2cb946ff6c89091d73

SHA256
bf0ba98f07a3c80238defafca619aa39f4e809898aa0e3600b7e3db5e790fa28

SHA512
f062d9d0b6d84f36be0453fcddff7e5a4de7c2af3eeb9888db502db1ab4d20dbfba4fd39bef4237e40cb7331bab27b8b7c725a7c4eb289923bbb1a90bf8ff9d6

Download Submit
C:\Users\Admin\AppData\Roaming\Adminlog.dat

Filesize
15B

MD5
bf3dba41023802cf6d3f8c5fd683a0c7

SHA1
466530987a347b68ef28faad238d7b50db8656a5

SHA256
4a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d

SHA512
fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314

Download Submit
C:\Windows\SysWOW64\winsec.exe

Filesize
412KB

MD5
7b04fe26c3db90ee0bf31085cea3e15d

SHA1
c53b19524d0ee20d0f24ab1d64a7c2d65f9f2f10

SHA256
efc9fc31da98762132013536a8947248d4ed97474e32af1943e38a0f18853bf2

SHA512
848d439ed9ec61eb34ce388f58b540ecc864a15f3667a9bc3209cd6e9a819b30a4a7fd7118d49581749e70c892e7308b649bbcf0189b9268684ccf1838c1e01f

Download Submit
memory/1200-23-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/1248-330-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-12-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-18-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-19-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1248-22-0x0000000010410000-0x0000000010475000-memory.dmp

Filesize
404KB

Download
memory/1248-10-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-16-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-17-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-2-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-874-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1248-6-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2076-921-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/2076-268-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2076-266-0x00000000000A0000-0x00000000000A1000-memory.dmp

Filesize
4KB

Download
memory/2076-546-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download