modiloader | 5d9a2939956911726070916ac704888b2bdfdd7c739813d6bd3860e7b2c8c647

Analysis

max time kernel
90s
max time network
95s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lx_Speed 1.5 Beta1.exe
Size

2.2MB
MD5

d5fdd0a32bc734cc4abb7c39921c0051
SHA1

cca76e39f9c9e7a9dbb4544b275669e297edc522
SHA256

b3e4ec4f0233a46af22a024643deae26f6b1455b45dba5f5a3d6d59019a4b172
SHA512

e354883e69d7d538a7c37042d1b1ebf7499b987dba4d0464da492f9f9963c646689b394c069abfeaabc2ced9818511dd51e5685e29adace962c969b43f03a7cf
SSDEEP

49152:HeZ6epYyulT8r+d/PJOwKkfbPqm9QpDHfjuWULBtmQqvzUHe:HeseyvPJh9f2m9Q9HftULTmvvzUHe

Score

10^/10

modiloader discovery trojan upx vmprotect

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/2880-32-0x0000000000400000-0x00000000004BE000-memory.dmp	modiloader_stage2
behavioral1/memory/2880-37-0x0000000000400000-0x00000000004BE000-memory.dmp	modiloader_stage2

Executes dropped EXE 2 IoCs

pid	Process
2328	LianXue_WPE.exe
2880	LianXue_WPE.exe

Loads dropped DLL 3 IoCs

pid	Process
3060	Lx_Speed 1.5 Beta1.exe
3060	Lx_Speed 1.5 Beta1.exe
2328	LianXue_WPE.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000012233-17.dat	upx
behavioral1/memory/2328-24-0x0000000000400000-0x0000000000565000-memory.dmp	upx
behavioral1/memory/2328-27-0x0000000001F90000-0x00000000020F5000-memory.dmp	upx
behavioral1/memory/2328-33-0x0000000000400000-0x0000000000565000-memory.dmp	upx
behavioral1/memory/2776-35-0x00000000001F0000-0x0000000000355000-memory.dmp	upx

VMProtect packed file 7 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/3060-0-0x0000000000400000-0x00000000008EB000-memory.dmp	vmprotect
behavioral1/memory/3060-10-0x0000000000400000-0x00000000008EB000-memory.dmp	vmprotect
behavioral1/memory/3060-13-0x0000000000400000-0x00000000008EB000-memory.dmp	vmprotect
behavioral1/memory/3060-14-0x0000000000400000-0x00000000008EB000-memory.dmp	vmprotect
behavioral1/memory/3060-38-0x0000000000400000-0x00000000008EB000-memory.dmp	vmprotect
behavioral1/memory/3060-39-0x0000000000400000-0x00000000008EB000-memory.dmp	vmprotect
behavioral1/memory/3060-40-0x0000000000400000-0x00000000008EB000-memory.dmp	vmprotect

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\2010.txt	LianXue_WPE.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2328 set thread context of 2880	2328	LianXue_WPE.exe	30
PID 2880 set thread context of 2776	2880	LianXue_WPE.exe	31

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lx_Speed 1.5 Beta1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LianXue_WPE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LianXue_WPE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B952781-6E53-11EF-9218-EAF933E40231} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432010730"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3060	Lx_Speed 1.5 Beta1.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2776	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3060	Lx_Speed 1.5 Beta1.exe
3060	Lx_Speed 1.5 Beta1.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2328	3060	Lx_Speed 1.5 Beta1.exe	29
PID 3060 wrote to memory of 2328	3060	Lx_Speed 1.5 Beta1.exe	29
PID 3060 wrote to memory of 2328	3060	Lx_Speed 1.5 Beta1.exe	29
PID 3060 wrote to memory of 2328	3060	Lx_Speed 1.5 Beta1.exe	29
PID 2328 wrote to memory of 2880	2328	LianXue_WPE.exe	30
PID 2328 wrote to memory of 2880	2328	LianXue_WPE.exe	30
PID 2328 wrote to memory of 2880	2328	LianXue_WPE.exe	30
PID 2328 wrote to memory of 2880	2328	LianXue_WPE.exe	30
PID 2328 wrote to memory of 2880	2328	LianXue_WPE.exe	30
PID 2328 wrote to memory of 2880	2328	LianXue_WPE.exe	30
PID 2880 wrote to memory of 2776	2880	LianXue_WPE.exe	31
PID 2880 wrote to memory of 2776	2880	LianXue_WPE.exe	31
PID 2880 wrote to memory of 2776	2880	LianXue_WPE.exe	31
PID 2880 wrote to memory of 2776	2880	LianXue_WPE.exe	31
PID 2880 wrote to memory of 2776	2880	LianXue_WPE.exe	31
PID 2776 wrote to memory of 2916	2776	IEXPLORE.EXE	32
PID 2776 wrote to memory of 2916	2776	IEXPLORE.EXE	32
PID 2776 wrote to memory of 2916	2776	IEXPLORE.EXE	32
PID 2776 wrote to memory of 2916	2776	IEXPLORE.EXE	32

C:\Users\Admin\AppData\Local\Temp\Lx_Speed 1.5 Beta1.exe
"C:\Users\Admin\AppData\Local\Temp\Lx_Speed 1.5 Beta1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Users\Admin\AppData\Local\Temp\LianXue_WPE.exe
  C:\Users\Admin\AppData\Local\Temp\LianXue_WPE.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\LianXue_WPE.exe
    C:\Users\Admin\AppData\Local\Temp\LianXue_WPE.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\program files\internet explorer\IEXPLORE.EXE
      "C:\program files\internet explorer\IEXPLORE.EXE"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b370534597241dd2586bb4969ac8be5

SHA1
1fd0e120a846378356b83d33bf249bd929d436c0

SHA256
7c07c2c6d4a8cb8e83e5c6998692402254bf9bdf4af0e21c3d762aa5098fb026

SHA512
13459f91c331a97da612c1206ea8a907373758ecc7d56dec2337c3ae9f43c2aa8227e75de7498ffc47defc95d0c6c8013bf91472fdc3cc398a4904c389bd37ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0890aca048fe1d89a090f60da2663c7

SHA1
56c7a201df2ce7cc173b51c56a88356ffb67656d

SHA256
a4e191cea7eb99b28d9ee7596f654882effd2533b99e6f640f2c4ac9198f96a9

SHA512
f19e08bb16b1b1ba4f7d17b61e93fc4c9b921b6fd2b4ee67830f9a972a470afda678024caaecbea49b1e592a498b036e0e9a7558a5ac4d119f731683c72fe053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74fd7ce8518caffcab0cb08493b50f26

SHA1
0e5eb5435ce6e00c9f5a2dc9399308dff7b90eee

SHA256
b5dc855428af9523f7019cef53342426c844004c828f48a95ef73f94d50e1328

SHA512
785cdf4e932dabc791a940bb4888a1216c53713d06df9f3b40d4afdfc6fdc416a47e0a3ccaebfa0c6bc9a459b6d79804536d0d29c80944bfecedcaa12bd40492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a31aa3327193bf57e4b32e966097b8a7

SHA1
42d07a0e50cfcdcfd6fb919f3ef158398ea2e2f8

SHA256
c4e287b48691cd8e979fdaa169c0bbc3f4c56c7268cca6eeb53a60c9897023aa

SHA512
c9e3417936632e577ef2f3b84a4667c93bd15f32658b50996ebbbd4b8cbb6fe38022082a7691f474c0d256fc5f740828b8d3afc198fcaf019622853951a3cb99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec6da2eba1ac60be0d41cd699de74052

SHA1
c40fd01dc75ecce6cabd87d76db02032b3732e5a

SHA256
f8026df93a7131373f1e903d4dd86f6ac0c543df4c8aca65641323413a5ebea7

SHA512
94f57a6b5a9ccb0e3add1ddf62de4ddc572f659f1e04fe17736e9ed86323b6bf77098c0d90ddfbf9bda8c7dfdd707f5faa5b5eded7e22997defc3fa33ec03148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce70c3269079d123ef72180c213e85cb

SHA1
8f5048999d3263a1579928813b0dbfe3beb83e03

SHA256
54f52d134e0b1168ab8f28f8f1daf802d87dc1196dd6ae2c7bb980e33f25029b

SHA512
e7e5adbc69edf3526d34dcf25595f4799b5c0138d319ecdd5fc6a7749d0208356843213ea16347cd38b008a20bf61e2c90638330ce36df9fa3479d73af9c9cc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3df5bb36fc6aac6e718fff4c1e677e

SHA1
cddf0096607b320cd9d89fb250f93e43c69aa296

SHA256
e892a9868cdcf6f78436094f80a3504bf6aa803c0405d33411bb4068daa57e24

SHA512
7cb2b55e9ff707526e15f0975ad1f165f6f4a22d698b5da3e710241313fd419d43ae33aa5ac413cb466a55b92f57fef2868e34b6b4bf7c68848611a13ce3dff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1108f44a8d8285a18b9ed73acd011685

SHA1
f54959b0c8787bb2ee27947e3435948bd85449bc

SHA256
8b421d18e528357158c03351e8ffada475c07eb1807de3bcb4c1bb06fda7e280

SHA512
aa864db004f5279908e7c77a6bab80f86640db7e2a9f76005370e9eba8edf026dc749c5360798d30a1d8b67ff4f6f515d23fb4c63396e562d63b303befe2bbf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf11bcaaa9fb8dfeac2e52adc4b4870a

SHA1
d5e6d72ff58b45f0cdfd72a6886bf0b1567872cf

SHA256
0d0cf79c6557a46793fcea3bd9bc63ba54e4d352b799ea25969c1e37cc70111f

SHA512
d513bc53c3240e51faec1885df6291555396fc438ed4ab1ca8b12f56fea79c9796d9ec7ebf2fcf0fb3befac6b8954b2d8143fd42895a5eefa23ced2c40e77719

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2186.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar283F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\LianXue_WPE.exe

Filesize
702KB

MD5
c7734ebabc26a1989a0f151abe699a18

SHA1
4bfc5c8f96d220b0b768b266f0ad9a6020644938

SHA256
2e6a28f71058d8641fa251a1327ff4f9a7891cb1a7079f1aa3da1713cfcf585b

SHA512
e4e6fe6ec0c64ef4357921ed551f7436128e9ce3f86d8a939217023db78351080c09b78d6b0e9d7d6874d807e63ac62a0bc97d2782c673d3ef42a1323c4eb4bf

Download Submit
memory/2328-27-0x0000000001F90000-0x00000000020F5000-memory.dmp

Filesize
1.4MB

Download
memory/2328-33-0x0000000000400000-0x0000000000565000-memory.dmp

Filesize
1.4MB

Download
memory/2328-24-0x0000000000400000-0x0000000000565000-memory.dmp

Filesize
1.4MB

Download
memory/2776-35-0x00000000001F0000-0x0000000000355000-memory.dmp

Filesize
1.4MB

Download
memory/2880-28-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2880-32-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2880-37-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3060-22-0x0000000003470000-0x00000000035D5000-memory.dmp

Filesize
1.4MB

Download
memory/3060-14-0x0000000000400000-0x00000000008EB000-memory.dmp

Filesize
4.9MB

Download
memory/3060-41-0x0000000003470000-0x00000000035D5000-memory.dmp

Filesize
1.4MB

Download
memory/3060-39-0x0000000000400000-0x00000000008EB000-memory.dmp

Filesize
4.9MB

Download
memory/3060-23-0x0000000003470000-0x00000000035D5000-memory.dmp

Filesize
1.4MB

Download
memory/3060-38-0x0000000000400000-0x00000000008EB000-memory.dmp

Filesize
4.9MB

Download
memory/3060-0-0x0000000000400000-0x00000000008EB000-memory.dmp

Filesize
4.9MB

Download
memory/3060-40-0x0000000000400000-0x00000000008EB000-memory.dmp

Filesize
4.9MB

Download
memory/3060-13-0x0000000000400000-0x00000000008EB000-memory.dmp

Filesize
4.9MB

Download
memory/3060-4-0x0000000077E40000-0x0000000077E41000-memory.dmp

Filesize
4KB

Download
memory/3060-8-0x0000000077000000-0x0000000077001000-memory.dmp

Filesize
4KB

Download
memory/3060-10-0x0000000000400000-0x00000000008EB000-memory.dmp

Filesize
4.9MB

Download
memory/3060-2-0x0000000077E40000-0x0000000077E41000-memory.dmp

Filesize
4KB

Download
memory/3060-1-0x0000000000401000-0x0000000000484000-memory.dmp

Filesize
524KB

Download