Overview

overview

10

Static

static

Sandra

windows10_x64

10

Eternity

windows7_x64

10

Resubmissions

05-02-2021 13:55

210205-lmm8e3abda 10

05-02-2021 13:42

210205-serhwbtcf2 10

Analysis

  • max time kernel
    573s
  • max time network
    561s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    05-02-2021 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32b2d32af004b6039b73f4ccd73df2bafe7a0343.dll

  • Size

    539KB

  • MD5

    d31c0491f522d6b9f2102109bd2420af

  • SHA1

    dc1cccf0e43ec5a68326ae4faf1a8cbc5ac00708

  • SHA256

    f7c79c0c3feb7c0032424f5f6a9bcdf78d1815ee53f807cc192c2c1f8f21270f

  • SHA512

    48d659660654800da4eb3909a06572dfcf5f05ebdfb8629fafdfeab601673e3377d9a3a241f4bd36c3f4f912ac838dbc73926f734bfa8a76ec43fa726b28c3bd

Score
10/10
gozi_rm3201193207bankertrojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

201193207

C2

https://topitophug.xyz

Attributes
  • build

    300932

  • exe_type

    loader

  • non_target_locale

    RU

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.base64
serpent.plain

Signatures

  • Gozi RM3

    A heavily modified version of Gozi using RM3 loader.

    bankertrojangozi_rm3
  • Blocklisted process makes network request 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 23 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\32b2d32af004b6039b73f4ccd73df2bafe7a0343.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\32b2d32af004b6039b73f4ccd73df2bafe7a0343.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:2024
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1512
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1504
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1000
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1196
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1544
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2020
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1636
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1180
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:292
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:292 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1232
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1992
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1744
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1708
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1092
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1496
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:908
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:848
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1864
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:740
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    PID:1900
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:2
      2⤵
        PID:1896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      PID:628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:275457 /prefetch:2
        2⤵
          PID:1432
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        PID:1960
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
          2⤵
            PID:2036
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          PID:1940
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
            2⤵
              PID:1292
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            1⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            PID:1716
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
              2⤵
                PID:1644
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
              1⤵
              • Suspicious use of FindShellTrayWindow
              PID:1160
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:2
                2⤵
                  PID:1420
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:1192975 /prefetch:2
                  2⤵
                    PID:1204

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\61F95D72644321B3AD7A1D512B8D6E8B
                  MD5

                  9bc7c66842ce55fb615785434a1e4ae2

                  SHA1

                  0841bba8f45cc927201dab1668d7de43c808f3a8

                  SHA256

                  cdf81a744d87fcc80a9593edceb9103d9eb19ee8023da16b26c17844ffa88eaa

                  SHA512

                  e85136f1da80428111ce2f626f6e90dff88d11f2de62f461d292104f2807b08ae2c625397d6c889544566c15cd772e1ed45b2fa18d89489140d59b6bb7fc9eba

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
                  MD5

                  0cb6aff7f00ffdce23877e0fd80f88d5

                  SHA1

                  7cb46bde95f4e57c108100dff3786dc9d6169389

                  SHA256

                  fb6bd4558196dad5d2767534f435159f7ce7d69f8e0bb21d73af02b8778f5ad0

                  SHA512

                  04bfc5e5430709750613273778c7fc3a5d9eedc618fc60b6db2a55247c3a30609fbb0758f8923e3a84984ecae4903e68ee165f3c8515b8e922b70dceb9f402b2

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
                  MD5

                  a266bb7dcc38a562631361bbf61dd11b

                  SHA1

                  3b1efd3a66ea28b16697394703a72ca340a05bd5

                  SHA256

                  df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                  SHA512

                  0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\61F95D72644321B3AD7A1D512B8D6E8B
                  MD5

                  2052cd3e7ca49ea9032439565ef540f0

                  SHA1

                  b42b387d5842441ebe4d38fd015cfb449d162665

                  SHA256

                  11a4a0446e741e0ce520e157649c7b6e1890eac5f747d2caba76e19f1b2cb81b

                  SHA512

                  29e6aa83a7c0ea2842f18222657308500f494bcce879bcdb0bef63b912f4d83b319050aeb6e43c4f3dbcbdf604f9015ae25f3c13530e25839516e2c2d36b01f0

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
                  MD5

                  20af76ae940966fb0fa04dc44d5fe7f6

                  SHA1

                  19fd23f665fa6619bd28224baaf5d22c6ec5f9a3

                  SHA256

                  80371e7ddd9479e67984e403c369e5da9b05f678c7fe374763fefff05d3dd770

                  SHA512

                  f3e7e30c6691460193f0dcb6e7994a2d5271d9479ca241fe1517489c352df04af5d9495ef8e1b57629da4a46a31009ce7406d2b90c8d2f0b42d64db8fe40e9ed

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                  MD5

                  e991738a0ab5abcf3ef4932f8848bde5

                  SHA1

                  50305153012f59692a8c76994a2a89429bf57cd2

                  SHA256

                  4f1f3997e3e1e53a1a3c0be288476aca445ca58c5a2e4ae4b8aaaa7203d42ad7

                  SHA512

                  ac44d16d11bbb86281fed2dfd6aa1dbb5d97caec116525be786c54e0ad33c81c5e48640d8d140f04410ee02ce33bddbce9babb61686212bc5bf123702340dec7

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
                  MD5

                  cde65eb978684d55642a7b61a98ba85c

                  SHA1

                  5d6b5ea2ed2e3a8ffaabc143b08ddc756fc77b74

                  SHA256

                  9da79b92275011659d4d6cc0ba72ce299c11211fc6f14eae617e3188b4f0d9c6

                  SHA512

                  23e886b42af0727cf5de446188762e16915a99450f5cbe90d59f4f30426ed7e9fe656b2ffa81756f04ed3276ccdadc54fd25870bd6f67953be4697f73928f56e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TSQTY526.txt
                  MD5

                  26540c997b6526bbd01950c067dc4e1c

                  SHA1

                  f5ac96bb2aad57f12ff1878eb8c9cdfd7c7c1296

                  SHA256

                  93fdcb4ddc8b9e6d58bc5c7029b09989d77ca130b52c1eacf1c413ad19ee1f3b

                  SHA512

                  2e88306e8afbafc9d89da3ca5890adcbe4549a238a7a55397880be97e4c042e0bcc624b482dd7e998515349d23e4ce1dc6e9d4d1f185c828932891277bbba0e9

                  Download Submit

                • memory/740-47-0x0000000000000000-mapping.dmp

                  Download

                • memory/848-45-0x0000000000000000-mapping.dmp

                  Download

                • memory/1000-20-0x0000000000000000-mapping.dmp

                  Download

                • memory/1088-8-0x000007FEF7BD0000-0x000007FEF7E4A000-memory.dmp

                  Filesize

                  2.5MB

                  Download

                • memory/1092-41-0x0000000000000000-mapping.dmp

                  Download

                • memory/1180-33-0x0000000000000000-mapping.dmp

                  Download

                • memory/1196-25-0x0000000000000000-mapping.dmp

                  Download

                • memory/1204-60-0x0000000000000000-mapping.dmp

                  Download

                • memory/1232-34-0x0000000000000000-mapping.dmp

                  Download

                • memory/1292-53-0x0000000000000000-mapping.dmp

                  Download

                • memory/1312-19-0x0000000002090000-0x00000000020A0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/1312-18-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/1420-58-0x0000000000000000-mapping.dmp

                  Download

                • memory/1432-49-0x0000000000000000-mapping.dmp

                  Download

                • memory/1496-42-0x0000000000000000-mapping.dmp

                  Download

                • memory/1504-11-0x0000000000000000-mapping.dmp

                  Download

                • memory/1512-9-0x0000000000000000-mapping.dmp

                  Download

                • memory/1544-26-0x0000000000000000-mapping.dmp

                  Download

                • memory/1636-30-0x0000000000000000-mapping.dmp

                  Download

                • memory/1644-55-0x0000000000000000-mapping.dmp

                  Download

                • memory/1708-39-0x0000000000000000-mapping.dmp

                  Download

                • memory/1744-38-0x0000000000000000-mapping.dmp

                  Download

                • memory/1896-48-0x0000000000000000-mapping.dmp

                  Download

                • memory/1992-37-0x0000000000000000-mapping.dmp

                  Download

                • memory/2020-28-0x0000000000000000-mapping.dmp

                  Download

                • memory/2024-6-0x0000000000170000-0x000000000017E000-memory.dmp

                  Filesize

                  56KB

                  Download

                • memory/2024-5-0x0000000000340000-0x0000000000352000-memory.dmp

                  Filesize

                  72KB

                  Download

                • memory/2024-4-0x0000000000120000-0x0000000000121000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2024-7-0x00000000001D0000-0x00000000001E0000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2024-2-0x0000000000000000-mapping.dmp

                  Download

                • memory/2024-3-0x00000000765A1000-0x00000000765A3000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2024-10-0x0000000000490000-0x0000000000492000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2036-52-0x0000000000000000-mapping.dmp

                  Download