modiloader | 4e28ee862341cc547ed747d3b33502f28c7fc6f59a076519345e419807d733a8

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2022 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Potvrda narudzbe. RS0324452672.exe
Size

943KB
MD5

0ecdae9fca6925995ec4a3db95462410
SHA1

821b698a5ff5285cab17f8a139307cd30ad183a1
SHA256

9a6b3814d1571fd30961206eb15d3affec6486b2ce1aa144d6f3a7854cecad60
SHA512

cf26e3de21e6a495bb6bad1862739b3cfc48b080d7fffa5932d2274ff995d19fc6e649221a0f02986f40c5828cc48d1b73509c3600eca423b16230f9a4a4ff07

Score

10^/10

modiloader xloader euv4 loader rat trojan

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Xloader
Xloader is a rebranded version of Formbook malware.
loader xloader

ModiLoader Second Stage 62 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4964-150-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-163-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-164-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-165-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-166-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-167-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-168-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-169-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-170-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-171-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-172-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-173-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-174-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-175-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-176-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-177-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-178-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-179-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-180-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-181-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-182-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-183-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-184-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-185-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-186-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-187-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-188-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-189-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-190-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-191-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-192-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-193-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-194-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-195-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-196-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-197-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-198-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-199-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-200-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-201-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-203-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-204-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-205-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-202-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-210-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-209-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-211-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-212-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-213-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-214-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-215-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-216-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-217-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-218-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-220-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-221-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-222-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-223-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-224-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-225-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-226-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-227-0x0000000003EC0000-0x0000000003F59000-memory.dmp	modiloader_stage2

Xloader payload 4 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/4964-208-0x0000000050410000-0x0000000050439000-memory.dmp	xloader
behavioral2/memory/564-228-0x0000000050410000-0x0000000050439000-memory.dmp	xloader
behavioral2/memory/4980-244-0x0000000001010000-0x0000000001039000-memory.dmp	xloader
behavioral2/memory/4980-249-0x0000000001010000-0x0000000001039000-memory.dmp	xloader

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Potvrda narudzbe. RS0324452672.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Control Panel\International\Geo\Nation	Potvrda narudzbe. RS0324452672.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

cmd.exesystray.exe

description	pid	process	target process
PID 564 set thread context of 3052	564	cmd.exe	Explorer.EXE
PID 4980 set thread context of 3052	4980	systray.exe	Explorer.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 54 IoCs

Processes:

Potvrda narudzbe. RS0324452672.execmd.exesystray.exe

pid	process
4964	Potvrda narudzbe. RS0324452672.exe
4964	Potvrda narudzbe. RS0324452672.exe
564	cmd.exe
564	cmd.exe
564	cmd.exe
564	cmd.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe
4980	systray.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid process

3052 Explorer.EXE
Suspicious behavior: MapViewOfSection 5 IoCs

Processes:

cmd.exesystray.exe

pid process

564 cmd.exe
564 cmd.exe
564 cmd.exe
4980 systray.exe
4980 systray.exe

pid	process
3052	Explorer.EXE

pid	process
564	cmd.exe
564	cmd.exe
564	cmd.exe
4980	systray.exe
4980	systray.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

cmd.exeExplorer.EXEsystray.exe

description	pid	process
Token: SeDebugPrivilege	564	cmd.exe
Token: SeShutdownPrivilege	3052	Explorer.EXE
Token: SeCreatePagefilePrivilege	3052	Explorer.EXE
Token: SeShutdownPrivilege	3052	Explorer.EXE
Token: SeCreatePagefilePrivilege	3052	Explorer.EXE
Token: SeDebugPrivilege	4980	systray.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

Potvrda narudzbe. RS0324452672.exeExplorer.EXEsystray.exe

description	pid	process	target process
PID 4964 wrote to memory of 564	4964	Potvrda narudzbe. RS0324452672.exe	cmd.exe
PID 4964 wrote to memory of 564	4964	Potvrda narudzbe. RS0324452672.exe	cmd.exe
PID 4964 wrote to memory of 564	4964	Potvrda narudzbe. RS0324452672.exe	cmd.exe
PID 4964 wrote to memory of 564	4964	Potvrda narudzbe. RS0324452672.exe	cmd.exe
PID 4964 wrote to memory of 564	4964	Potvrda narudzbe. RS0324452672.exe	cmd.exe
PID 4964 wrote to memory of 564	4964	Potvrda narudzbe. RS0324452672.exe	cmd.exe
PID 3052 wrote to memory of 4980	3052	Explorer.EXE	systray.exe
PID 3052 wrote to memory of 4980	3052	Explorer.EXE	systray.exe
PID 3052 wrote to memory of 4980	3052	Explorer.EXE	systray.exe
PID 4980 wrote to memory of 3988	4980	systray.exe	cmd.exe
PID 4980 wrote to memory of 3988	4980	systray.exe	cmd.exe
PID 4980 wrote to memory of 3988	4980	systray.exe	cmd.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Local\Temp\Potvrda narudzbe. RS0324452672.exe
"C:\Users\Admin\AppData\Local\Temp\Potvrda narudzbe. RS0324452672.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4964

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:564

C:\Windows\SysWOW64\systray.exe
"C:\Windows\SysWOW64\systray.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4980

C:\Windows\SysWOW64\cmd.exe
/c del "C:\Windows\SysWOW64\cmd.exe"
3⤵
PID:3988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/564-206-0x0000000000000000-mapping.dmp

Download
memory/564-228-0x0000000050410000-0x0000000050439000-memory.dmp

Filesize
164KB

Download
memory/564-230-0x00000000019C0000-0x0000000001D0A000-memory.dmp

Filesize
3.3MB

Download
memory/564-232-0x00000000018C0000-0x00000000018D1000-memory.dmp

Filesize
68KB

Download
memory/3052-234-0x0000000008790000-0x0000000008885000-memory.dmp

Filesize
980KB

Download
memory/3052-250-0x0000000008A40000-0x0000000008B66000-memory.dmp

Filesize
1.1MB

Download
memory/3052-248-0x0000000008A40000-0x0000000008B66000-memory.dmp

Filesize
1.1MB

Download
memory/3988-245-0x0000000000000000-mapping.dmp

Download
memory/4964-195-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-174-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-167-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-168-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-169-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-200-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-171-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-172-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-173-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-201-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-175-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-176-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-177-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-178-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-179-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-180-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-181-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-182-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-183-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-184-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-185-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-186-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-187-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-188-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-189-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-190-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-191-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-192-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-193-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-194-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-165-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-196-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-197-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-198-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-150-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-170-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-166-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-203-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-204-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-205-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-202-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-208-0x0000000050410000-0x0000000050439000-memory.dmp

Filesize
164KB

Download
memory/4964-210-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-209-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-211-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-212-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-213-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-214-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-215-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-216-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-217-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-218-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-220-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-221-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-222-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-223-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-224-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-225-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-226-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-227-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-163-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-199-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4964-164-0x0000000003EC0000-0x0000000003F59000-memory.dmp

Filesize
612KB

Download
memory/4980-244-0x0000000001010000-0x0000000001039000-memory.dmp

Filesize
164KB

Download
memory/4980-246-0x0000000002FA0000-0x00000000032EA000-memory.dmp

Filesize
3.3MB

Download
memory/4980-243-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/4980-242-0x0000000000000000-mapping.dmp

Download
memory/4980-249-0x0000000001010000-0x0000000001039000-memory.dmp

Filesize
164KB

Download
memory/4980-247-0x0000000002D40000-0x0000000002DD0000-memory.dmp

Filesize
576KB

Download