gozi_rm3 | b4f98cb2d21258819d8678c29486a2e7854d576efc28b58d930551ca5aa24f20

Target

ewgr.png.dll
Size

646KB
MD5

cf24c392a94a9bd8f381f0de2926a4f2
SHA1

bf5ba2b5f9062b1a99797b593e378a1e59faa142
SHA256

b4f98cb2d21258819d8678c29486a2e7854d576efc28b58d930551ca5aa24f20
SHA512

ef2707615abb03cdda353d1ed081814fd77b0af78315d410736bb5e989d42f634c75f876c062254c25ec96e5b7fbb78bf41c7651cbd7d2efa68a49de61848ec0

Score

10^/10

gozi_rm3 201193209 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

201193209

https://binobin.xyz

Attributes

build
300932
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.base64

serpent.plain

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3

Blocklisted process makes network request 1 IoCs

flow	pid	Process
13	1488	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{346EEED1-7B5A-11EB-8853-EAC4A56BD8AE} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40314af5660fd701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000425806acd39120468f2776ac02fff63400000000020000000000106600000001000020000000614214abfaa65ed872848a156135ddef6f5053e9b89d86f243a1ea727a3d75c0000000000e800000000200002000000059ce624028682fc51913c16f093c1ceae2db3208207a865847390a4e756fd4ef90000000e216c9862982c70f735e5e29e426f6d8f0784bbbff40f837f907c46797f4f40205b1a76f45302f6c2cfd79da4c19e6d31dd90e455a4e814dad2d574221bdd6e25513b26109f104a0a5b491ba7a134a335d21f6fa212faedc85b4a1c38d493014c2fca887142541dc1eb13b4a0a26f987a7cbf7970ee33778e28ec94418491c0b8b7ebbd9ee42bca4e96a676084715952400000007d64d70b73c21ff37f0c141b1d73b337fc50b3cd78e2f506e3edfa3966a55b547d8e78f516dcfd2d30df7be2e0e1a1076f38c8e9378f135e712d0a8e6ea2234e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
280	iexplore.exe
1436	iexplore.exe
1956	iexplore.exe
592	iexplore.exe
956	iexplore.exe
1452	iexplore.exe
1752	iexplore.exe
956	iexplore.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
280	iexplore.exe
280	iexplore.exe
1924	IEXPLORE.EXE
1924	IEXPLORE.EXE
1436	iexplore.exe
1436	iexplore.exe
1624	IEXPLORE.EXE
1624	IEXPLORE.EXE
1956	iexplore.exe
1956	iexplore.exe
664	IEXPLORE.EXE
664	IEXPLORE.EXE
592	iexplore.exe
592	iexplore.exe
1576	IEXPLORE.EXE
1576	IEXPLORE.EXE
956	iexplore.exe
956	iexplore.exe
864	IEXPLORE.EXE
864	IEXPLORE.EXE
1452	iexplore.exe
1452	iexplore.exe
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1752	iexplore.exe
1752	iexplore.exe
912	IEXPLORE.EXE
912	IEXPLORE.EXE
956	iexplore.exe
956	iexplore.exe
740	IEXPLORE.EXE
740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1488	1888	rundll32.exe	25
PID 1888 wrote to memory of 1488	1888	rundll32.exe	25
PID 1888 wrote to memory of 1488	1888	rundll32.exe	25
PID 1888 wrote to memory of 1488	1888	rundll32.exe	25
PID 1888 wrote to memory of 1488	1888	rundll32.exe	25
PID 1888 wrote to memory of 1488	1888	rundll32.exe	25
PID 1888 wrote to memory of 1488	1888	rundll32.exe	25
PID 280 wrote to memory of 1924	280	iexplore.exe	35
PID 280 wrote to memory of 1924	280	iexplore.exe	35
PID 280 wrote to memory of 1924	280	iexplore.exe	35
PID 280 wrote to memory of 1924	280	iexplore.exe	35
PID 1436 wrote to memory of 1624	1436	iexplore.exe	38
PID 1436 wrote to memory of 1624	1436	iexplore.exe	38
PID 1436 wrote to memory of 1624	1436	iexplore.exe	38
PID 1436 wrote to memory of 1624	1436	iexplore.exe	38
PID 1956 wrote to memory of 664	1956	iexplore.exe	40
PID 1956 wrote to memory of 664	1956	iexplore.exe	40
PID 1956 wrote to memory of 664	1956	iexplore.exe	40
PID 1956 wrote to memory of 664	1956	iexplore.exe	40
PID 592 wrote to memory of 1576	592	iexplore.exe	42
PID 592 wrote to memory of 1576	592	iexplore.exe	42
PID 592 wrote to memory of 1576	592	iexplore.exe	42
PID 592 wrote to memory of 1576	592	iexplore.exe	42
PID 956 wrote to memory of 864	956	iexplore.exe	44
PID 956 wrote to memory of 864	956	iexplore.exe	44
PID 956 wrote to memory of 864	956	iexplore.exe	44
PID 956 wrote to memory of 864	956	iexplore.exe	44
PID 1452 wrote to memory of 1988	1452	iexplore.exe	46
PID 1452 wrote to memory of 1988	1452	iexplore.exe	46
PID 1452 wrote to memory of 1988	1452	iexplore.exe	46
PID 1452 wrote to memory of 1988	1452	iexplore.exe	46
PID 1752 wrote to memory of 912	1752	iexplore.exe	48
PID 1752 wrote to memory of 912	1752	iexplore.exe	48
PID 1752 wrote to memory of 912	1752	iexplore.exe	48
PID 1752 wrote to memory of 912	1752	iexplore.exe	48
PID 956 wrote to memory of 740	956	iexplore.exe	50
PID 956 wrote to memory of 740	956	iexplore.exe	50
PID 956 wrote to memory of 740	956	iexplore.exe	50
PID 956 wrote to memory of 740	956	iexplore.exe	50

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ewgr.png.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ewgr.png.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:1488

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:280
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:280 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1924

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1436 CREDAT:275457 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1624

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:664

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:592
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:592 CREDAT:275457 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1576

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:864

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:275457 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1988

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:912

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/612-8-0x000007FEF6080000-0x000007FEF62FA000-memory.dmp

Filesize
2.5MB

Download
memory/1436-10-0x000007FEFBA71000-0x000007FEFBA73000-memory.dmp

Filesize
8KB

Download
memory/1436-11-0x0000000000560000-0x0000000000570000-memory.dmp

Filesize
64KB

Download
memory/1488-7-0x00000000001D0000-0x00000000001E0000-memory.dmp

Filesize
64KB

Download
memory/1488-6-0x0000000000170000-0x000000000017E000-memory.dmp

Filesize
56KB

Download
memory/1488-5-0x00000000002E0000-0x00000000002F2000-memory.dmp

Filesize
72KB

Download
memory/1488-4-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1488-3-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General