gozi | dcdd775ccbbe54e21464fe274f737694641875f63157f043a7285acfdec17e2a

Analysis

max time kernel
104s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6ba2e834e4429f7e13406cf5897a71f.exe
Size

1.8MB
MD5

a6ba2e834e4429f7e13406cf5897a71f
SHA1

14143fc6cc6e2b6afba16e02bbf010ce93561436
SHA256

dcdd775ccbbe54e21464fe274f737694641875f63157f043a7285acfdec17e2a
SHA512

d04c1feae157d43b2c2e165de5f66760bdd025076e4d7c2a5527def529739479916ef0c580d5299a0c5fbdd1616a68a7b2d90ac71b5a52a27319bd6a01b95327
SSDEEP

49152:4SuE32trqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3qqPKIOson6Cslny8WR6wOHstehsC7

Score

10^/10

gozi 3184 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3184

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Modifies Internet Explorer settings 1 TTPs 62 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40d40155ccbeda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000092879b20bf700e4c81ff82d1ae3b8366000000000200000000001066000000010000200000004ce977d00cf7836aa0372f273cd919189a443a362a002a77c7386fe871163e6a000000000e80000000020000200000000a87029ccbf7962c79457f5378ce32f32e2281b7e93817aa5ba90655056d460220000000f0ec98e88403725ad91f6437898a7bee06ea7aa96c372a98d05bf4b46b8cb21840000000026ad09d395119888f2d30868cfd2076389b367799338fabe93cbe28275509d2a8ec37ecc70770aa29f3fea6fca76149f1d8b0d07f46e37a1b79d18492cc6878	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112908"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{990F937E-2ABF-11EF-9D11-56B9F69516EA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30000955ccbeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000092879b20bf700e4c81ff82d1ae3b836600000000020000000000106600000001000020000000d4b802280334e34b4ae0f9caeb866ea0700aaa32775c298b617339827bd168a2000000000e8000000002000020000000c93404e1a2af9a49ca8d90297e95c8774cd9757eeb9406afd610396b5dbe6c4a20000000c3dd3e1a1bebae718d2f6040b85fc2156e9b29375249d71392e1aeb724732b8d40000000f5e22633eefdf4bb6c6bb075a767b174d7cae5af21c559c81da0ef9489253d8a135b17a694b570bd921e728a08a19e685723428fc95aa4747dd7f44dd251c21f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000092879b20bf700e4c81ff82d1ae3b8366000000000200000000001066000000010000200000007b41a42691ad0fb71e2d2d148b07ed9a328ce70e11d1d0446ac3f77671286e25000000000e8000000002000020000000bde5fa50cabade4f5a3a622352854e65921677683cb245ce98df3ca9f2418b8120000000dd29d9d24d8d6598c6a3b143980cb148b35d668d4a56bd9f23f8e3a5d63f960c40000000857c8b887fb3f440aacc7afbaa0de8c6e677f0da988c26443f660d438d93f06738b8946336afd8a078f5a7076f43c39435118e18233be089422ca24d0ad77240	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31112908"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7DB7992A-2ABF-11EF-9D11-56B9F69516EA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1377591171"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70cf155cccbeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000092879b20bf700e4c81ff82d1ae3b836600000000020000000000106600000001000020000000428a30590008edfadd57b854e2c14b7b7ca2db558d5a951fc3bd003567ffc035000000000e800000000200002000000049f793383cab542cefb40305f339ea121611734ec351e033d0ac4e21d4fc35db200000000dc9c9845079041f1ae3b0d28ff001ec55d3cbfa3b7a6d6f705bbfd4c7759da740000000f90e2df4c8889ea48ca7f18a97cfc3e9c74b781cbd9b4d5e821e0ec787056287ad004ed6b30fcfd26237387f809c3a3d4f27ddb47381fa904074fa45843d5484	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9093556accbeda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1377591171"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A614AA6C-2ABF-11EF-9D11-56B9F69516EA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exe

pid process

3988 iexplore.exe
928 iexplore.exe
404 iexplore.exe
Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid process

3988 iexplore.exe
3988 iexplore.exe
2756 IEXPLORE.EXE
2756 IEXPLORE.EXE
928 iexplore.exe
928 iexplore.exe
2296 IEXPLORE.EXE
2296 IEXPLORE.EXE
404 iexplore.exe
404 iexplore.exe
3000 IEXPLORE.EXE
3000 IEXPLORE.EXE

pid	process
3988	iexplore.exe
928	iexplore.exe
404	iexplore.exe

pid	process
3988	iexplore.exe
3988	iexplore.exe
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
928	iexplore.exe
928	iexplore.exe
2296	IEXPLORE.EXE
2296	IEXPLORE.EXE
404	iexplore.exe
404	iexplore.exe
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3988 wrote to memory of 2756	3988	iexplore.exe	IEXPLORE.EXE
PID 3988 wrote to memory of 2756	3988	iexplore.exe	IEXPLORE.EXE
PID 3988 wrote to memory of 2756	3988	iexplore.exe	IEXPLORE.EXE
PID 928 wrote to memory of 2296	928	iexplore.exe	IEXPLORE.EXE
PID 928 wrote to memory of 2296	928	iexplore.exe	IEXPLORE.EXE
PID 928 wrote to memory of 2296	928	iexplore.exe	IEXPLORE.EXE
PID 404 wrote to memory of 3000	404	iexplore.exe	IEXPLORE.EXE
PID 404 wrote to memory of 3000	404	iexplore.exe	IEXPLORE.EXE
PID 404 wrote to memory of 3000	404	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\a6ba2e834e4429f7e13406cf5897a71f.exe
"C:\Users\Admin\AppData\Local\Temp\a6ba2e834e4429f7e13406cf5897a71f.exe"
1⤵
PID:3364

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:1508

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3988

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3988 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:928

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:928 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:404

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:404 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3000

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~DFBBCC0779C1A1816C.TMP
Filesize
16KB

MD5
a852ba1a643d61581552cf4a06b6b6b2

SHA1
c077e6720e3574161442cfc3d056d4e5394b7e49

SHA256
7ded00d4e859d1efcc61e774e79617b5e6f0d9865f67d76ad1f1f5162158a897

SHA512
83e2e491e95f9bc971fb8004c73382e5c698f17b7633931ee3a1f579bb39759bca7f9088378cca734b38335850ea9468b22b9977805c7655822f2a50e46ebe8d

Download Submit
memory/3364-0-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/3364-1-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/3364-3-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/3364-2-0x000000000058F000-0x0000000000594000-memory.dmp

Filesize
20KB

Download
memory/3364-4-0x00000000025A0000-0x00000000025BB000-memory.dmp

Filesize
108KB

Download
memory/3364-16-0x0000000000400000-0x00000000005E8000-memory.dmp

Filesize
1.9MB

Download
memory/3364-45-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download