gozi | 98b3160c553c229cb9be77de3791398aed3cce79e7935d96db9e32bf353b9624

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dokument9055.vbs
Size

1.6MB
MD5

bd22583a3b419a9acb7db67008e77a3c
SHA1

eed1bcd586d3b830fdd27d5cf76927db629bf1c0
SHA256

98b3160c553c229cb9be77de3791398aed3cce79e7935d96db9e32bf353b9624
SHA512

20a1b73be43366be9d58786ecc94025cb6ec4944c6d72c830cfebb37d9dc0de48841020dca3aff4d021de03fb557ef7b1be044b99101529e7a46f1e5ed60c0d2
SSDEEP

24576:pv52a7mOdpmQZ4b89zDO27CN1EqR/8mRlwRlHXufAkj9UNgEBSx53q:pv52umQz627KEcIN2Ac90BI53q

Score

10^/10

gozi 1000 banker isfb persistence trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1000

http://ey7kuuklgieop2pq.onion

http://news-deck.at

http://taslks.at

http://living-start.at

http://ali-express1.at

Attributes

build
217107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\Control Panel\International\Geo\Nation	WScript.exe

Loads dropped DLL 1 IoCs

pid	Process
1240	rundll32.exe

Unexpected DNS network traffic destination 3 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\blb_ider = "rundll32 \"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Analsext\\CHxRLSys.dll\",DllRegisterServer"	Explorer.EXE

Suspicious use of SetThreadContext 8 IoCs

description	pid	Process	procid_target
PID 1240 set thread context of 4404	1240	rundll32.exe	95
PID 4404 set thread context of 3320	4404	control.exe	43
PID 3320 set thread context of 3908	3320	Explorer.EXE	39
PID 4404 set thread context of 4144	4404	control.exe	96
PID 3320 set thread context of 3568	3320	Explorer.EXE	36
PID 3320 set thread context of 4868	3320	Explorer.EXE	34
PID 3320 set thread context of 4660	3320	Explorer.EXE	14
PID 3320 set thread context of 4500	3320	Explorer.EXE	102

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1240	rundll32.exe
1240	rundll32.exe
3320	Explorer.EXE
3320	Explorer.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3320	Explorer.EXE

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
1240	rundll32.exe
4404	control.exe
3320	Explorer.EXE
4404	control.exe
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3320	Explorer.EXE

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3320	Explorer.EXE
3908	RuntimeBroker.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 5012	3816	WScript.exe	87
PID 3816 wrote to memory of 5012	3816	WScript.exe	87
PID 5012 wrote to memory of 828	5012	cmd.exe	89
PID 5012 wrote to memory of 828	5012	cmd.exe	89
PID 828 wrote to memory of 1240	828	rundll32.exe	91
PID 828 wrote to memory of 1240	828	rundll32.exe	91
PID 828 wrote to memory of 1240	828	rundll32.exe	91
PID 1240 wrote to memory of 4404	1240	rundll32.exe	95
PID 1240 wrote to memory of 4404	1240	rundll32.exe	95
PID 1240 wrote to memory of 4404	1240	rundll32.exe	95
PID 1240 wrote to memory of 4404	1240	rundll32.exe	95
PID 1240 wrote to memory of 4404	1240	rundll32.exe	95
PID 4404 wrote to memory of 3320	4404	control.exe	43
PID 4404 wrote to memory of 3320	4404	control.exe	43
PID 4404 wrote to memory of 3320	4404	control.exe	43
PID 3320 wrote to memory of 3908	3320	Explorer.EXE	39
PID 4404 wrote to memory of 4144	4404	control.exe	96
PID 4404 wrote to memory of 4144	4404	control.exe	96
PID 4404 wrote to memory of 4144	4404	control.exe	96
PID 3320 wrote to memory of 3908	3320	Explorer.EXE	39
PID 3320 wrote to memory of 3908	3320	Explorer.EXE	39
PID 3320 wrote to memory of 3568	3320	Explorer.EXE	36
PID 4404 wrote to memory of 4144	4404	control.exe	96
PID 4404 wrote to memory of 4144	4404	control.exe	96
PID 3320 wrote to memory of 3568	3320	Explorer.EXE	36
PID 3320 wrote to memory of 3568	3320	Explorer.EXE	36
PID 3320 wrote to memory of 4868	3320	Explorer.EXE	34
PID 3320 wrote to memory of 4868	3320	Explorer.EXE	34
PID 3320 wrote to memory of 4868	3320	Explorer.EXE	34
PID 3320 wrote to memory of 4660	3320	Explorer.EXE	14
PID 3320 wrote to memory of 4660	3320	Explorer.EXE	14
PID 3320 wrote to memory of 4660	3320	Explorer.EXE	14
PID 3320 wrote to memory of 3524	3320	Explorer.EXE	97
PID 3320 wrote to memory of 3524	3320	Explorer.EXE	97
PID 3524 wrote to memory of 2364	3524	cmd.exe	99
PID 3524 wrote to memory of 2364	3524	cmd.exe	99
PID 3320 wrote to memory of 2968	3320	Explorer.EXE	100
PID 3320 wrote to memory of 2968	3320	Explorer.EXE	100
PID 3320 wrote to memory of 4500	3320	Explorer.EXE	102
PID 3320 wrote to memory of 4500	3320	Explorer.EXE	102
PID 3320 wrote to memory of 4500	3320	Explorer.EXE	102
PID 3320 wrote to memory of 4500	3320	Explorer.EXE	102
PID 3320 wrote to memory of 4500	3320	Explorer.EXE	102
PID 3320 wrote to memory of 4500	3320	Explorer.EXE	102

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4868

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3568

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\dokument9055.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c everybody shit fuck & runDl^l32 C:\Users\Admin\AppData\Local\Temp\SHCSdw.dll,Dl^lRegi^sterSe^rver
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Windows\system32\rundll32.exe
    runDll32 C:\Users\Admin\AppData\Local\Temp\SHCSdw.dll,DllRegisterServer
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:828
  - - C:\Windows\SysWOW64\rundll32.exe
      runDll32 C:\Users\Admin\AppData\Local\Temp\SHCSdw.dll,DllRegisterServer
      4⤵
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:1240
    - - C:\Windows\system32\control.exe
        
        C:\Windows\system32\control.exe /?
        5⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:4404
      - C:\Windows\system32\rundll32.exe
        
        "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL /?
        6⤵
        
        PID:4144

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
- Suspicious use of UnmapMainImage
PID:3908

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Windows\system32\cmd.exe
  cmd /C "nslookup myip.opendns.com resolver1.opendns.com > C:\Users\Admin\AppData\Local\Temp\D57D.bi1"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Windows\system32\nslookup.exe
    nslookup myip.opendns.com resolver1.opendns.com
    3⤵
    PID:2364
- C:\Windows\system32\cmd.exe
  cmd /C "echo -------- >> C:\Users\Admin\AppData\Local\Temp\D57D.bi1"
  2⤵
  PID:2968
- C:\Windows\syswow64\cmd.exe
  "C:\Windows\syswow64\cmd.exe" /C pause dll mail, ,
  2⤵
  PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\D57D.bi1

Filesize
118B

MD5
41a49d1a2a3a8713a12ccf89932d4bb7

SHA1
b324e8bbcd4ca71a35d0c00ac63c0255e8ec4287

SHA256
f210a8e30967b13dabe340c45ce4a97e9c94ad74975728eccdd0a27edf29b5fe

SHA512
1fc256f2068eb9ac32c04bad119e94ba006808fd2be48db397eecf69acd6d8972334f81f8439d6e153a9cb99db618a613f3b0adf2b5784c264b61d4d5c0669b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\D57D.bi1

Filesize
118B

MD5
41a49d1a2a3a8713a12ccf89932d4bb7

SHA1
b324e8bbcd4ca71a35d0c00ac63c0255e8ec4287

SHA256
f210a8e30967b13dabe340c45ce4a97e9c94ad74975728eccdd0a27edf29b5fe

SHA512
1fc256f2068eb9ac32c04bad119e94ba006808fd2be48db397eecf69acd6d8972334f81f8439d6e153a9cb99db618a613f3b0adf2b5784c264b61d4d5c0669b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SHCSdw.dll

Filesize
1.2MB

MD5
e1efcb20eb94e7efd89990c1d7d68370

SHA1
8d15a27d08de0ff196790c7ea375011454bc77b1

SHA256
bc8da5ad4010226376c376b2d164cfa4e073a0f6ef7761e9f4864a46a8cb9b32

SHA512
2f5659782b0a8de6b8f0c16ad619769822b6dc2a639a0d6c1f62559f61722c4aa41c787c6b94b2e0674fce772477dd2b6943b471841e9ac202cdcc6ee77e7f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SHCSdw.dll

Filesize
1.2MB

MD5
e1efcb20eb94e7efd89990c1d7d68370

SHA1
8d15a27d08de0ff196790c7ea375011454bc77b1

SHA256
bc8da5ad4010226376c376b2d164cfa4e073a0f6ef7761e9f4864a46a8cb9b32

SHA512
2f5659782b0a8de6b8f0c16ad619769822b6dc2a639a0d6c1f62559f61722c4aa41c787c6b94b2e0674fce772477dd2b6943b471841e9ac202cdcc6ee77e7f3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Analsext\CHxRLSys.dll

Filesize
1.2MB

MD5
e1efcb20eb94e7efd89990c1d7d68370

SHA1
8d15a27d08de0ff196790c7ea375011454bc77b1

SHA256
bc8da5ad4010226376c376b2d164cfa4e073a0f6ef7761e9f4864a46a8cb9b32

SHA512
2f5659782b0a8de6b8f0c16ad619769822b6dc2a639a0d6c1f62559f61722c4aa41c787c6b94b2e0674fce772477dd2b6943b471841e9ac202cdcc6ee77e7f3e

Download Submit
memory/1240-3-0x0000000075060000-0x0000000075290000-memory.dmp

Filesize
2.2MB

Download
memory/1240-4-0x0000000075060000-0x0000000075290000-memory.dmp

Filesize
2.2MB

Download
memory/1240-5-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/1240-8-0x0000000000C40000-0x0000000000C8B000-memory.dmp

Filesize
300KB

Download
memory/1240-15-0x0000000000C40000-0x0000000000C8B000-memory.dmp

Filesize
300KB

Download
memory/1240-17-0x0000000075060000-0x0000000075290000-memory.dmp

Filesize
2.2MB

Download
memory/1240-24-0x0000000075060000-0x0000000075290000-memory.dmp

Filesize
2.2MB

Download
memory/3320-122-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-96-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-155-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-154-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-149-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-151-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-147-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3320-146-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-145-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-143-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-140-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-141-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-138-0x0000000000EF0000-0x0000000000F00000-memory.dmp

Filesize
64KB

Download
memory/3320-135-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3320-67-0x0000000002FE0000-0x0000000003094000-memory.dmp

Filesize
720KB

Download
memory/3320-134-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-132-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3320-131-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-130-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-72-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-73-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-74-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-75-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-76-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-77-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-78-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-80-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-82-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-83-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-84-0x00000000030A0000-0x00000000030B0000-memory.dmp

Filesize
64KB

Download
memory/3320-87-0x00000000030A0000-0x00000000030B0000-memory.dmp

Filesize
64KB

Download
memory/3320-86-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-85-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-88-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-90-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-92-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-91-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-94-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-97-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-28-0x0000000002FE0000-0x0000000003094000-memory.dmp

Filesize
720KB

Download
memory/3320-98-0x00000000030A0000-0x00000000030B0000-memory.dmp

Filesize
64KB

Download
memory/3320-99-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-101-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-102-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-100-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-103-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-105-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-104-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-106-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-29-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/3320-128-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-125-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-126-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-124-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-121-0x0000000000EF0000-0x0000000000F00000-memory.dmp

Filesize
64KB

Download
memory/3320-119-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-120-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-123-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3568-43-0x000001753C0F0000-0x000001753C1A4000-memory.dmp

Filesize
720KB

Download
memory/3568-47-0x000001753C0B0000-0x000001753C0B1000-memory.dmp

Filesize
4KB

Download
memory/3568-69-0x000001753C0F0000-0x000001753C1A4000-memory.dmp

Filesize
720KB

Download
memory/3908-68-0x000002D1D61F0000-0x000002D1D62A4000-memory.dmp

Filesize
720KB

Download
memory/3908-36-0x000002D1D61F0000-0x000002D1D62A4000-memory.dmp

Filesize
720KB

Download
memory/3908-38-0x000002D1D4670000-0x000002D1D4671000-memory.dmp

Filesize
4KB

Download
memory/4144-40-0x000001EE7CAA0000-0x000001EE7CB54000-memory.dmp

Filesize
720KB

Download
memory/4144-42-0x000001EE7CB60000-0x000001EE7CB61000-memory.dmp

Filesize
4KB

Download
memory/4144-66-0x000001EE7CAA0000-0x000001EE7CB54000-memory.dmp

Filesize
720KB

Download
memory/4404-20-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/4404-60-0x00000000007D0000-0x0000000000884000-memory.dmp

Filesize
720KB

Download
memory/4404-21-0x00000000007D0000-0x0000000000884000-memory.dmp

Filesize
720KB

Download
memory/4500-112-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/4500-114-0x0000000000C80000-0x0000000000D27000-memory.dmp

Filesize
668KB

Download
memory/4500-113-0x0000000000C80000-0x0000000000D27000-memory.dmp

Filesize
668KB

Download
memory/4500-117-0x0000000000C80000-0x0000000000D27000-memory.dmp

Filesize
668KB

Download
memory/4660-71-0x0000022C10600000-0x0000022C106B4000-memory.dmp

Filesize
720KB

Download
memory/4660-63-0x0000022C10390000-0x0000022C10391000-memory.dmp

Filesize
4KB

Download
memory/4660-58-0x0000022C10600000-0x0000022C106B4000-memory.dmp

Filesize
720KB

Download
memory/4868-70-0x000001BFAD630000-0x000001BFAD6E4000-memory.dmp

Filesize
720KB

Download
memory/4868-54-0x000001BFACDD0000-0x000001BFACDD1000-memory.dmp

Filesize
4KB

Download
memory/4868-52-0x000001BFAD630000-0x000001BFAD6E4000-memory.dmp

Filesize
720KB

Download