modiloader | b10621fc52963f3018a5e9b084c37a837c3120f57ba33db6e246575cb1c0cfb2

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe
Size

543KB
MD5

d9d2c0b7e0a57368ba12cb8647dd6085
SHA1

d5fa1f46d5b5b1aafe260d66666b96d2c82f429f
SHA256

b10621fc52963f3018a5e9b084c37a837c3120f57ba33db6e246575cb1c0cfb2
SHA512

5a4b1e6ad677b1aab74681541de414ade3d3026f7b0c70b6fffab267176b63acf337fe8ae994140e8aa530712a73708ab00990e9a22651e11cad71d020ac60cc
SSDEEP

12288:KGrqNTd7xWlpdSFJcU+5Kys5ApySWrcRHI2N+GEdFSw3/7XREK/Du+s:KGqTdYcFmUmVs5Av8cRHI0EdRP7XzSR

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/2144-1-0x0000000000400000-0x000000000055D000-memory.dmp	modiloader_stage2
behavioral1/memory/2144-5-0x0000000000400000-0x000000000055D000-memory.dmp	modiloader_stage2

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2144	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2144 set thread context of 2244	2144	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe	31

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\2010.txt	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432199606"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D87605E1-700A-11EF-ABA3-46BBF83CD43C} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2244	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2244	2144	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe	31
PID 2144 wrote to memory of 2244	2144	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe	31
PID 2144 wrote to memory of 2244	2144	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe	31
PID 2144 wrote to memory of 2244	2144	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe	31
PID 2144 wrote to memory of 2244	2144	d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2520	2244	IEXPLORE.EXE	32
PID 2244 wrote to memory of 2520	2244	IEXPLORE.EXE	32
PID 2244 wrote to memory of 2520	2244	IEXPLORE.EXE	32
PID 2244 wrote to memory of 2520	2244	IEXPLORE.EXE	32

C:\Users\Admin\AppData\Local\Temp\d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d9d2c0b7e0a57368ba12cb8647dd6085_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2144
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3236ab16d4214f67513b48226db8233d

SHA1
ea6c21793304930eac64462ba2b16b6b2caaa745

SHA256
ec9e9d30ab37c81d8584577b91fbfa7a3d3989e345995a60dce8d3a42a35629d

SHA512
f6b632102e97c10c42121a11ecf3b66e4964aed1c162e338486ee87ce445398c822cef4f32176dc07759221d37a91805c7f3c670fcb368ac838d80d08703b158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
863534ba0075bef6aff7509acaab33e3

SHA1
f133d39c319073f29d67864407fb8426b5cdfcdb

SHA256
dc04cefb987358e42373921051234c9476972bbf05fc4b26095ae730e00886bb

SHA512
d0e06491a6997ecd682d9956557bab2f1c11a6da568bb7a838cf64781835e0c8d505d7f9f3a4e8d5fba17902347f2a57f66d69499f12e672170d79e9f11bfe89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fab244eb7ae84a00a5e84ed8c5a59ba

SHA1
6a319f6f7cef3095a6101aa158cc528fd112656f

SHA256
313fc2db4d05948e950bc11d3ba14033de3d209baea25544b31333ceee84adcb

SHA512
d4a2607ed055c420f9eed32704aa29fda9b175c8d31e618c0c8ad04ad27221d49f8aae2ecd6ae7f51b6043fda77a111f5b5d18e293b64a97a9eabbc0397f05bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc7b8af30f031b431c19ec896529e573

SHA1
dc263364af6fc54655762c8da251cfab31a1b5b6

SHA256
746e0e691817bac39ec4c19d94d4d2d1a8564554dc86f0bf1553b786d0e1cd99

SHA512
a4782468fa09ccd0fa198dfa2d23a9049a13930643c4f4c96a5a7ea169b76c43a6b4b42c7394922c70166fac593770d176e2efa2b28c01e994f5be8d9efaddd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f8de2c4744d2351c78dea54e1dbed28

SHA1
b7af07bc813ad94ba011e54afe7e9ba7dba7f590

SHA256
913424338f954acfe0e7f40bbebfa9ee526b5ef9e1a7d9b76488deb9ddb2e2d4

SHA512
01c5a97d6bd24b395e0f9980598afc7579287f97a2be8958f88311e6a75c90bc566dca13f4c3b34d337c5152581a6c35b4ed2a7712f0f833d1fcada25b66954a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4628a69606773012a2f672ae6900499c

SHA1
d46e0f8908ec62d27c2941cd94197ef8a4e1d3db

SHA256
644a2a4df247766b1604e9f51afd1aad2197885bf0af9d01f1a34ce066bfffdb

SHA512
ab7501c770be1f2e924c4d986b1f26d0cd45ac6eb15ae02e93a8acdcbb6234b347901ecd2f6ab56199921539d5b2289360f59c7d9a70254012637e7b440440d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72b2c3cb973d9d1961f4a303c8632be9

SHA1
ef39839558165958f3ea844d6cbd67d5c4efc378

SHA256
23a9780c0614d20bb76fe87dd0f29bb9c27dae71eac78568d635d3dc64a1c755

SHA512
f9d7eec9a37d2050cac55715c73646d4056b5e916e6f8c2f1db234df4fb8c9bd1c3c16946278f943b75e72b25284889d9338c5a8dfc9d462d5c0fae84d10a321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e050d6c2bbc2b056d85da0c4cee9ea8

SHA1
5ad7d3aed3e43736708e42b5fa0bc8b7261f7861

SHA256
96691df9e2b4b0fa0f9f56641e46fd890b12f6c0c38bf86ec5a2f249731af165

SHA512
71ff5cf25ece1d75e1777444652fa683b894f7499be0c5774d222af9df112639dc304409c306305f3d96fcc3702b9c50f3109998db16fa5f4b04fe09119a037f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
660164305e141fe0175d56f2d46d0b31

SHA1
b81e09305caf0d2a361ed8cd842ad4cc6d37e689

SHA256
5db2fa0ec9872259601f0ac4a0470e4df4ec9ab78bacac8d79664acd164f2663

SHA512
370c49bf5ade26d7aeb67de2aad673ca0335c3c7211f1d6730af78d01248753ec758008a610e03cc7e2aabbd348964e07387b35fb6e657c91731e47035105b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ea35804b5705202809d95c92d57a8b1

SHA1
3c5e9db59b94214df60782aea892468938c4c167

SHA256
d755b505a772621e84a3899f24b56164c6d67a13e443b8b885ea351648b77aa8

SHA512
3359ffb1f34249d4afe5ab7db288da21b6d3cc6bef6afd794384de3f08ee61560297e2297b597d5d02903c3b13f534b333a4f1c0b59b3ce2ba95073e16a733f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc9dfe2ecf475c9715510c1ef1b171f9

SHA1
ed45ea1ac39f2bfa670dddff081e2006bdd6db2e

SHA256
5c43759e850a87983ab6a0a8b9e4519217ac7cdbf40f3e7b38f4ea13288d5014

SHA512
6c38e648ee675e65d9ad9ab814654a233aee058d00cac17850a57d73a3985ae26c66c801b9839357a760e734c38e04011efa1588f9801bf5405d21a45a636873

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6560e239bdf9b7ab5e8ed0509a753842

SHA1
f4e96677d8858429233cc9095f80d63e9e244d5d

SHA256
5fd89cf56571b6af7bf8e43e398c0f2fa3d145c46a83620ba9d1e726857df359

SHA512
162991dbea6e8b4f4ab7de1f43e33ea2ab7719f56cfbedc0be5c498e9e073426d489c959e3d9f246bb88c1890ea08e882290b89d7fe45c4a5b8150208ab2eb3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62ace63439180c5c2083bc14480fbdce

SHA1
dc24a4ca7d5011e85be1d177608bcf7269d34d19

SHA256
fc00c18fb5b80c971194f1977746efcfee3c89eb35fbaa5cb4942782c8052f84

SHA512
57fcc0f320cdcfb9f18048ef3a481883596eb622baca611caa91ef21327fa04d3d817f28c7af300e7d3ec975705237864e8dfb762b6c5e29f0b75749116afb9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cc1f46f82dde173ed9cc8ba407d1f5f

SHA1
ba6df4bfe3f048923d9d84cf1531bcaada02a2e4

SHA256
4290004c01aaaf43d0fb0744022bc63afad451889f8ba1ee34b2f93e7a5dd51f

SHA512
0f128d966a92304696365f53a28474b0fc103937044537ec7984b1fdecfd650a4e2098161e07f60e577dd59959abb2d70ba11bc57ebcf35f4c3b5f5f4d95d9dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57290903a38fdbcfe478d70a57c657a2

SHA1
db9f8a12978e2e8d56284c37a83a2450f5ac409e

SHA256
c201d9a1b1253690ed08d22ab05511f15ae6995829eab66436f6198ad5f17d30

SHA512
dc6891514a0cae8883a89bbbd043d801ae698cf4569104191de4320a71d67f8b99897e9738165885fea3b29b9137a4d121b2d355a3e8ec14c5cbbb30ab61fb4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e59152593c03552b336c6e8e591aec3

SHA1
eaf2f3305ca0d33119fd747b95c89e79724c8052

SHA256
d5218a8d311516b944e138b08e15b58ad672c6a300488b7d98258bdbc3f1e276

SHA512
8859eb6be00d45c77c36fd6aeda284fcb693fa064f51793b08d765d523bf127d857c00a679e2e6e0236d980b1093d08ef7826c39ad0352231f2aee2eda79de10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71bd16536442c2c5d68d9509e5cfb332

SHA1
f96b0633e18879b5e58180bd06e9cb22b153c6f6

SHA256
3f511f537d2cd999fc66e41106031338e5349832dd5d545b26fa8cc66931ede3

SHA512
7f3998734b294ae3431502f59ee354f0d5184b8ebe487d43652ea24fe616b7e482f36b9f143519be33bb61d25ea349b8a87b11c7d0cd1143de2fcbe201a236a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEEA5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEF26.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2144-1-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2144-0-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2144-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2144-5-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2244-4-0x0000000000210000-0x000000000036D000-memory.dmp

Filesize
1.4MB

Download