modiloader | b38ae977d0cc4a3a2f7566f217cd0a06df9c728276bd0dc10dcab1740d9d8701

Analysis

max time kernel
138s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe
Size

746KB
MD5

ee02ef82034bceac64cbed4586b6c2c2
SHA1

18255b27d60538d62fd0d829097c0f4c8d881b15
SHA256

b38ae977d0cc4a3a2f7566f217cd0a06df9c728276bd0dc10dcab1740d9d8701
SHA512

d3a22c63897f72321ddfaa3e5a079b68453ae6f047f968496288d180b7421bdcad41bb54a9f1451242234a722f2033e8e42a2751f7c2411a4498a6d569a38ef6
SSDEEP

12288:ic//////u+sihafNn5T0Uu1Pn6ai/xHqF5eknZWD149T2Oynb+yR/pRxcioYN3vZ:ic//////unigV5O1P6PJqFtM02bn3Rfj

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 7 IoCs

resource	yara_rule
behavioral1/memory/2092-6-0x0000000000400000-0x00000000004C2000-memory.dmp	modiloader_stage2
behavioral1/memory/2092-7-0x0000000000400000-0x00000000004C2000-memory.dmp	modiloader_stage2
behavioral1/memory/2092-8-0x0000000000400000-0x00000000004C2000-memory.dmp	modiloader_stage2
behavioral1/memory/2092-4-0x0000000000400000-0x00000000004C2000-memory.dmp	modiloader_stage2
behavioral1/memory/2092-9-0x0000000000400000-0x00000000004C2000-memory.dmp	modiloader_stage2
behavioral1/memory/2092-11-0x0000000000400000-0x00000000004C2000-memory.dmp	modiloader_stage2
behavioral1/memory/2092-14-0x0000000000400000-0x00000000004C2000-memory.dmp	modiloader_stage2

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2792 set thread context of 2092	2792	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	28
PID 2092 set thread context of 2088	2092	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	29

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Tencent\0216.txt	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8F9D0411-776F-11EF-B30A-EAF82BEC9AF0} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433012552"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2092	2792	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	28
PID 2792 wrote to memory of 2092	2792	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	28
PID 2792 wrote to memory of 2092	2792	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	28
PID 2792 wrote to memory of 2092	2792	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	28
PID 2792 wrote to memory of 2092	2792	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	28
PID 2792 wrote to memory of 2092	2792	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	28
PID 2092 wrote to memory of 2088	2092	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	29
PID 2092 wrote to memory of 2088	2092	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	29
PID 2092 wrote to memory of 2088	2092	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	29
PID 2092 wrote to memory of 2088	2092	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	29
PID 2092 wrote to memory of 2088	2092	ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe	29
PID 2088 wrote to memory of 2716	2088	IEXPLORE.EXE	30
PID 2088 wrote to memory of 2716	2088	IEXPLORE.EXE	30
PID 2088 wrote to memory of 2716	2088	IEXPLORE.EXE	30
PID 2088 wrote to memory of 2716	2088	IEXPLORE.EXE	30

C:\Users\Admin\AppData\Local\Temp\ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\ee02ef82034bceac64cbed4586b6c2c2_JaffaCakes118.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\program files\internet explorer\IEXPLORE.EXE
    "C:\program files\internet explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
137bf4cc1aa56d681fc54ffb0d2e8b0e

SHA1
39c038d4a058421149b3957d4a3cdf30230bdc7c

SHA256
6aede83242f5ab6643cf98e11d804ffcb0f4dd1fdf216347b6ff1e09fb2c49ab

SHA512
bd52cda93ac6de8664e969688607e1edcbf4091094e7465527bcaee533ba09ba3bcd1d93987da9001fc0aea69899358bb3e02f1a2004a451b2b732d513990253

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6394e13ca4b3c1440d9355da338d998b

SHA1
060ad9e956b0c05ebbbb313f034e4c5f3c8f92e3

SHA256
a286af1b569d8c1b0bc577a3b92771f5ccd3742e4f6c898539225c4e711a2e55

SHA512
3d4223e3030bc79481dc12d582f0add27d98f82bd2cecd7f754cb41e92f67bf588d197a11b8a08d404c2a14eb788955fa48c7e3f81399b6ed3905bfcd1d88b59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ffae779a9c96d666c8bf390b394d1b5

SHA1
77bf6e5a77346d340d5094762f279c4ccfbd87a9

SHA256
4dde99241da83280b7dafc505ad9cc1423b148e6e086f3ab8a934c03aae7e3f5

SHA512
f3ba57c84a34fe2da4a27d20fad7a86b1abb90cfc374fa3c5aab72b117605a282d0dff148b3308c96a75c9070ce6af91fb3c18f7902bca89b18fe03ff81ef6a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcd65405a6fabe19da9bfda1b2b6380f

SHA1
ca21ab2e4bf5da33ef2ed03e33eaf042ec6c8375

SHA256
c13c09134b3a598b0f39e7b02f0ba3e0082631f0d3b5b1a2caacda8b3e1e4550

SHA512
ac988780d24fea8c78815ff19ea5654fa7ad303c2eb71e7dec5e668f9444ad24679fb2424f60f1f4f2dc001a0410e75f421b78e96fee45d650e6e371742b0c67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b026e35c04363fe5ec3d46272db020eb

SHA1
a21b0538634e1a99353698d4e846b148ecb5a4a0

SHA256
548ee2483f3f3238a008ec7dc7108ed9f7bae865f62070d4dcc25c51794a9a86

SHA512
a618a72ce66f37d6ac31456b23b1fe813a2211509ef9c0b3f1ab95d3df9a32a32e26d163dd61d26946bd986f254494c7f9483f6bf6889a91985a702c361cc253

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d31dc820e10b47b7916c53b63539a059

SHA1
148fe8893f42c94188226da60118544dc7dde48b

SHA256
eaca31049f7d214329e8bbff135390cd33ed5cc3a07ecc0055bb7727e3f6bfe9

SHA512
eb2c8eb9f54d04ede670c4cb19ae1695057507faad321ce126e17b9a321c8f3027d1f3670b738e490e123c67bf306dbf4d24ba2b19fb27f438dc20304bbc7697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68478121634265ae2d9d47b78d3d2096

SHA1
97db9d1198352362ad5c1808cc96b40b0da1e43f

SHA256
bff1b5fc4b83168736a3434295db875bf0b30eb46f6b6c313669cb484c67393a

SHA512
97e45d01a67558d2181cfb8bbf4bf8f74b30c6557d71eb52aeddd7c3d74cb3f3f1cc269fd1ed6658cc973c8e57afa2a2f9a1787b27a0342be5053ce121c822ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50081d8298f08f61d02ea06079263e9e

SHA1
3c94cdd8e4004b5b8a8372214978d63e0aa4c890

SHA256
176168f1b5d72addb01ac4b1d5937ef35695a4a6588826a520271e99ea04faa3

SHA512
3fc5151f17aa7d85ed4902c5c9abeaf865ca5989dc00dfb95d7cb676a191c1b47c894c119d0de5ec70dcf5c208b281623198f40887f63ed21f4ec5b0fe8b16df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3c9eab174f48110d1330a1e4359a7f4

SHA1
11a87eb1c85497982578a9b1ac605502e47faccf

SHA256
04e08fb2bba900e606f2dae26743dcbf2ac1b8da84ac69fc3090a03fa00a130c

SHA512
b16c257f70d74fe1ba6005b0baf5967ef131b91f9d42996afb422dca9c9c94f2d8e99c9bf61b5895d20bd30bcaf4174f63f0895e888a5a812a2aaf6c9b504108

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e41c5d192cb103068a03f7d6c4b3f033

SHA1
e8a7b84fef4f226ae92f2bd16080125b20adbd07

SHA256
a414227bd5f82a6f244fef2257222ab9fada61f411aa7055aa7d80bd09f60888

SHA512
0296e9ff80020b78de93d9614c07496b48bc3541e18a378cc0cddd36e88c8a93db3166394d5cf2e27da57b99e3a23a9affa4b7039fa12584739843f8998ace8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdb8a102121128afae2124371d3fc287

SHA1
5245ced618ac60a81eace02731ee5a104254771c

SHA256
80b5fa1500dc5f03e3aa5ae9be1b483e90db3d156284c6d0c94044e91740451a

SHA512
0d1e5e314fa0d64bfb2de3d7d94d5735d0bd9b781100f2323d26b8e8173585b65a8bae4230d5d16939106d010488a70a2f678137f980d87dbcc85cbeee4ffdca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0fd40062878948632798d992406abfe

SHA1
542c9e955d7f3f127cc1b5a7fb04093465380037

SHA256
37959f2762ca545a0ec591c1b9ad2ed1a0bff2c9fba7b9685c9a52a0eac00d4a

SHA512
0f90e8374f653176a8bf74a9b53cc78f099d222fa32d367be9c31209ba5c03876c3b6a88becdc80159d49065267c1c6b61694c8542b2c3acc8b8b8a5665cf1ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dba710d9476613b3293297aef99f2a5a

SHA1
ba6104dd84599fe3d6aef04f611a387fb5e7a49c

SHA256
30ef7303dcd888f0273d9899495229e48e61afa22ba9b8ae5e27f6c3b9a3af96

SHA512
92670e6151e6d51275d26b3e58234c4e5ad65023664c72aff2198e5a4df65ab498502790a57574768576cefbbc5fce8ccb24d14aee273cfc7cbb90f7808fbbca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6CF9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6D0B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2088-10-0x0000000000060000-0x0000000000120000-memory.dmp

Filesize
768KB

Download
memory/2092-2-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-14-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-11-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-9-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-0-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2092-4-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-8-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-445-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-7-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2092-6-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/2792-5-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download