gozi_rm3 | 631aa788235fd895c3e68c0be500596d1daecfc29cc1faa1ef4cd0f59eba43b6

Analysis

max time kernel
142s
max time network
142s
platform
windows10_x64
resource
win10v20201028
submitted
01-04-2021 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

631aa788235fd895c3e68c0be500596d1daecfc29cc1faa1ef4cd0f59eba43b6.exe
Size

271KB
MD5

18d22f87d6d2b149796ab187afe9efe9
SHA1

08ce312f4f0d94948271f7557ff9b6579631862b
SHA256

631aa788235fd895c3e68c0be500596d1daecfc29cc1faa1ef4cd0f59eba43b6
SHA512

b8a45829cc2db4959779ecf4fd5d188d7fbabf5270b998e1107e443cab73ab8314fc070b6c183cac630128f1cf1f914e33731bc3fb54136c22e0998ded4195d9

Score

10^/10

gozi_rm3 202004081 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

202004081

https://triomigratio.xyz

Attributes

build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dabed88ac5581447be98bf4d93cb4a35000000000200000000001066000000010000200000002d5a63aaeceb9daa59eb3ef6c0dc4dd8939cef4a78a3df7dffc3b8d6c7a7f931000000000e80000000020000200000009d5fe6a27c8ad2e3783aeceec3680525c6a2446a8959a9f294c234130af7aa0620000000f70895de69f7d0f4273e3c4c109ffb135714b97519898923a5f24f8f13f795da400000009561597c0d44aac602137c7c143ae4bfa19a74aeea9abb04d34c972bf471200c55c641904c76e9fb8dbb24703895949e2b4ca523b74e95ab85622ef0a7a88c3f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dabed88ac5581447be98bf4d93cb4a350000000002000000000010660000000100002000000002d24fc12193fc8087a33d135ce97b2f2745dbfa45e3c311c22810979dbea837000000000e8000000002000020000000e2a93dcde05e48bf5b4bdc218d15352fe60ab827f74048be96c1edc184200e1d200000007ac038263c8f3ec7fdf61670e61ac70546d9e1a34d7a4daba10abe7c3c5c26b240000000f6539111e211736146acaef62e93ebfd1b361738de73f9db3618c712bb34bda15b9f2f8efdc50217fb4244223ee9e76ca2c037522a03554451cfb406a7a53d5d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5AA12420-92AC-11EB-BEBD-CEBC74F2412D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40D75451-92AC-11EB-BEBD-CEBC74F2412D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{677DB396-92AC-11EB-BEBD-CEBC74F2412D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0322737b926d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{745F0B02-92AC-11EB-BEBD-CEBC74F2412D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f58710b926d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dabed88ac5581447be98bf4d93cb4a3500000000020000000000106600000001000020000000429eff7bf85b1921b5909f058e276a6a5623c65d0a2bea988c7091b705a8623f000000000e80000000020000200000008b5d036e773eb8117a4297f822bd5c9d11c0c274bfaf85ef525f966ab494978120000000fb1318913b722a51fd185213dfd1eae4a6b8cfae47b08107f77ad2389c498067400000004cb4e6d1e5387e5ad581168d403d911743bf0c626d9fd9e46d2b6f9376bebf21ad6510413945001f953cd0a3239284e7d81dc634390ddde0a947b21c42866dd7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4DBFD080-92AC-11EB-BEBD-CEBC74F2412D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b0a603b926d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
3652	iexplore.exe
3652	iexplore.exe
2964	iexplore.exe
2248	iexplore.exe
3056	iexplore.exe
1416	iexplore.exe
3636	iexplore.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
3652	iexplore.exe
3652	iexplore.exe
684	IEXPLORE.EXE
684	IEXPLORE.EXE
3652	iexplore.exe
3652	iexplore.exe
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2964	iexplore.exe
2964	iexplore.exe
3720	IEXPLORE.EXE
3720	IEXPLORE.EXE
2248	iexplore.exe
2248	iexplore.exe
3776	IEXPLORE.EXE
3776	IEXPLORE.EXE
3056	iexplore.exe
3056	iexplore.exe
3956	IEXPLORE.EXE
3956	IEXPLORE.EXE
1416	iexplore.exe
1416	iexplore.exe
3836	IEXPLORE.EXE
3836	IEXPLORE.EXE
3636	iexplore.exe
3636	iexplore.exe
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 684	3652	iexplore.exe	81
PID 3652 wrote to memory of 684	3652	iexplore.exe	81
PID 3652 wrote to memory of 684	3652	iexplore.exe	81
PID 3652 wrote to memory of 2416	3652	iexplore.exe	82
PID 3652 wrote to memory of 2416	3652	iexplore.exe	82
PID 3652 wrote to memory of 2416	3652	iexplore.exe	82
PID 2964 wrote to memory of 3720	2964	iexplore.exe	84
PID 2964 wrote to memory of 3720	2964	iexplore.exe	84
PID 2964 wrote to memory of 3720	2964	iexplore.exe	84
PID 2248 wrote to memory of 3776	2248	iexplore.exe	86
PID 2248 wrote to memory of 3776	2248	iexplore.exe	86
PID 2248 wrote to memory of 3776	2248	iexplore.exe	86
PID 3056 wrote to memory of 3956	3056	iexplore.exe	88
PID 3056 wrote to memory of 3956	3056	iexplore.exe	88
PID 3056 wrote to memory of 3956	3056	iexplore.exe	88
PID 1416 wrote to memory of 3836	1416	iexplore.exe	90
PID 1416 wrote to memory of 3836	1416	iexplore.exe	90
PID 1416 wrote to memory of 3836	1416	iexplore.exe	90
PID 3636 wrote to memory of 2792	3636	iexplore.exe	92
PID 3636 wrote to memory of 2792	3636	iexplore.exe	92
PID 3636 wrote to memory of 2792	3636	iexplore.exe	92

C:\Users\Admin\AppData\Local\Temp\631aa788235fd895c3e68c0be500596d1daecfc29cc1faa1ef4cd0f59eba43b6.exe
"C:\Users\Admin\AppData\Local\Temp\631aa788235fd895c3e68c0be500596d1daecfc29cc1faa1ef4cd0f59eba43b6.exe"
1⤵
PID:1144

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3652 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:684
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3652 CREDAT:82947 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2416

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3720

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3776

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3956

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1416 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3836

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3636 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2792

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-2-0x0000000002190000-0x00000000021A1000-memory.dmp

Filesize
68KB

Download
memory/1144-4-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1144-3-0x00000000001D0000-0x00000000001DC000-memory.dmp

Filesize
48KB

Download