modiloader | 024fb8fe09ed1985a9b77047e7c60cb2f821c647aac73cfe0784bbb829b40550

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe
Size

404KB
MD5

8bbb67d0cd760d1e12cb9205559a727d
SHA1

7ddb84bdfc10271f3fbc59d50b62503b31dba788
SHA256

024fb8fe09ed1985a9b77047e7c60cb2f821c647aac73cfe0784bbb829b40550
SHA512

33e163923e0931e2aa45bd0b31d4bc8f51810a3e519edeedad8e70ecffc5ef29e0abd8d612604706b9a0db7d7b6fd3b75c7e8825a5c339c1397c7a56de5bde7b
SSDEEP

12288:TwPtyM7q0Ac/AwnL+r9rvf/C+OH+R0QkBz+Lwu/:Tu5q0rFnL+Rr3KUR0QkB6

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/2364-1-0x0000000000400000-0x0000000000527000-memory.dmp	modiloader_stage2
behavioral1/memory/2364-5-0x0000000000400000-0x0000000000527000-memory.dmp	modiloader_stage2

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SetupWay.txt	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2364 set thread context of 2912	2364	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe	30

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{264FC881-99E8-11EF-846E-46BBF83CD43C} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436802650"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE
2684	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2912	2364	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2912	2364	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2912	2364	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2912	2364	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe	30
PID 2364 wrote to memory of 2912	2364	8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe	30
PID 2912 wrote to memory of 2684	2912	IEXPLORE.EXE	31
PID 2912 wrote to memory of 2684	2912	IEXPLORE.EXE	31
PID 2912 wrote to memory of 2684	2912	IEXPLORE.EXE	31
PID 2912 wrote to memory of 2684	2912	IEXPLORE.EXE	31

C:\Users\Admin\AppData\Local\Temp\8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8bbb67d0cd760d1e12cb9205559a727d_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2364
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89fdf3be41b59fbca92c59a1246c3823

SHA1
9cfc5234c66e7a99c4637521aa7960ce94c5643b

SHA256
4a580aad8a9f86e4f3f3e2baed809a66f983066218e51450e68c434981c629eb

SHA512
da985b9a04ceaae940980739c0f208b1c135190f3be6c9cc7eae2ec282cb80784b51ccf9effa17142e7d5be1bc8438f0e1ced0514355b4ae9ea6a4ba6f3ba750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b37cbb8a4d1f778609e33688cfa26ae

SHA1
efd33ba98a023d5bce4c2d4db4789dc1b22fd716

SHA256
401945036673765f5f0b05cd49699d0cacdc73c5b043c6d3ece3638b3b6be399

SHA512
5b9e403ff0e9d5172c7f4fe81c29c02ac29a89d3b27f6177cd6ab52fd4476d652d68ca51a003a287ad47e8e92ba399cc6a011eb9672c578986b6a261c57a09c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b5ac6d750bdf0567848b7ea1b1c2944

SHA1
926d73d597cb82d6ba676dc0ffe580dee1ed2fd4

SHA256
be1353b3ed2f5e69f7dcee1f2eae41cbc683c1549b7629cbd053f454a0f41b93

SHA512
acf82b2000367cf2a5a77e68271d1e87149211f5c9c007bc3db5f3018e51d4a525f801581f72d760f6d577e164ec2410124d141bc37f84b8954a284cbc1defea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
790d0d485a92fa2afee0700516fae026

SHA1
695d027116f3daae96169f43a1a65b1a54f8a795

SHA256
e35763f97260de9271879fead997199d9b09a2a6a71075ac96b995f5a967666e

SHA512
42333337e56df4811db7bcbca89eb8209535fc511001d69af371acdde98627faa2656256ca48aae72959b345e2836c815b46a0f48cc2cffc4c58b7747a47f8d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5ffc98e79cdede0f957458f31811e05

SHA1
b83cc3d248ae1243ffef8d90181d1cdfc6562464

SHA256
05aa3e4b3ffd8d58494e48a1f25482215c74a9b6c8589b50d6bc3f1fd96a79e4

SHA512
616d236d6dbe36da48481e2bd467ec211068581854d81008d84b095f7595ff66426b3e49e9caf51c7390b7bd16bb3dddc2f198440bece78d588c59b6de5207d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3235c1a0641052028f6fd296a28beb1

SHA1
a37c987cb69f65f9b284ef4e68abfa339a1de20b

SHA256
1cbfe32747ab6cd0e45204a0816464d17dc576d1136441633ce176867f2f6cd4

SHA512
9da4f23d44b38ca8eeefb6b59bfa70e584721031e83299cc36db2c55413e80c7035617cdae63c92ac9271b1416bdc02008afd1134fff8665eabfa64e99e65006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ef5a386e57695747daf2cf23cb5d794

SHA1
4e09a367d344a0df078d53090df95df39eb4028d

SHA256
77bd9a3d06710cb7921c4421e2e2a854b2f7d43d352fe41d6c0b54b1a6e3a618

SHA512
b577b60662d2a858f9f722716f6e7c997dbc8f24da7c4208854927e117cfc81e7ae6e07903b4ab41db7ebee7de00866acce64a8fa8034cf901129017836b1d7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8b7a47db05e7559a397354baeed5af6

SHA1
902f132b9ffccb3aebf5f68952c0ed168d0d4b64

SHA256
1b5ebec5f5c7ff5a6867b9aed87bb019a1e6f20b75ec70c968ef45fdb7e825ec

SHA512
74db8f644425d406a15f495745777d937505d8b7d5a3d2f75f40070a0a9adab5f79804e918ba50bfa9bb6450ec674128b573d7cbdddf5309a5d4ef9b00481d16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32b1802165c1014457e8da0090ca61e4

SHA1
23ec0bd5880543e0f3047f8ec7c9ee8dcf5bd0ae

SHA256
085e5dd8f585d84da9b9f8095aeb08fc9d449045fa07c04402a3c330de0a9d7c

SHA512
72a32c0c608d075a7fda9324c47e6cde3a61062ca8ff6c293efd0327b6506e2bed7f36773d3f3596b664106cce632ca12dbf2dc774befd46e063ca047bef6af7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79c1d1aa5e46875d6c11296a034ebabb

SHA1
8346821362a72d9f3859a1db3476d941ed3b6866

SHA256
23d7986137232f80fd19bccc900130f35b1a71749b47551de7229a084ba46c4f

SHA512
b38a680fd3cf6d4bb315bb622722d613c13519da3b3cce181f489f1b8648ed1be4fd8e94ab6ca0d9b9a884a2350c3cade92fdb7505c45784391dcfc2770998cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
185dd5ee7c1cfdd33f8ab4c200e20008

SHA1
788521fa15e3b42bdb0393502e9828cc7048cd83

SHA256
edff2caa617f57eb3c8217f8676ede54a0f3aaad44364d04317af86e38a8484f

SHA512
60a63131f9272b9ec4e56f99c13b008e7c335088f312f8c293b78a166100232e384ec19e32ed3c1c9ea0d3f5d8633eaa54f2834f2ef73396e1e38878688ff744

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a4830ae9613c65db3554c3b27476631

SHA1
3e3036a3399d35b9310684eb586f8f127e1da2cf

SHA256
474d1b0dbbaee47969f300091b8fa9977c8ac7a6c4cc5d01f768f19609532793

SHA512
f0e948a52d2e6548b9e2a770364925b3a0f6d88b90e2f64e1986baa998468de6d774034ef4b9b96609e548082ba50f5b725acac29c950b3f9d310a7db631c790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36287fac2f9ddabd5fb1350a50940ca3

SHA1
f502d2476f3f7b30a2e4aa239bb8f6e2ae5e2906

SHA256
524a54ad803f884abe7c441839b3b99e7fa6b46de06d589535cd2c95e4e34745

SHA512
47ae4972d56c735948cad99e17d9196f2309edb25df3c8d73e750b59e0120e8be797b3db8cb2728f3ca2c89f35ead6a8594b59033aa67f8f67c550931d0f6a77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41f9a0b4c77dee69c26b50a99a28d552

SHA1
2959e7a27e0519b604176f81f4ceccdfb1828900

SHA256
258bad614011f595cbebf7c618f10808f9773478bbe2167b958534c20bfb9299

SHA512
ee95a35eabdffafe54c4ba0b138b1eb7c4fbbb5d74b1338994a203c8144789169185e8c0fe4145b4a14d224b54bab4acee7a5dbe5d56dc5e82af2a5053eba4e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c142458c042b4a82427b4933193805a

SHA1
a62c05f6cda33c8c66727b00cd8cf1917d68dc50

SHA256
f8e490d5afc880042df3a376fc014d8c51bc784b03cf2cc3ce1907c1a65ca9c1

SHA512
7b15d2a11d176be826a227e9190adee6763877a33342f8dad34582ccd15ddf96779ceea3618cbb4a6e86a238ede1477d4034b6bd1f05b05bafd310a3aa0af6c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4b869dac5a584c4576b73c1f2848fd7

SHA1
20dd906b26e49d60403e7a6cfb25c6f3b9f575d2

SHA256
398f3cdcfb463d25dc42adb1482a838a22cae05ca4921938e1c01418f4934e90

SHA512
1eb1de6dc89f6edd026cb44f25aa30eff594b268001b0734f51344cfacf6be85595e550e6bf55ef398f5cc4df4c240bc9c542e8f1a30c8eafb71ef7c38eb9428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3aaa7daa4ad2908d5e41947d791d2c6

SHA1
e8fb19c84527d2ae5069d64edaa63054a3055cd2

SHA256
1888c0fc00ebfefef9cc5f059199852a14c0883de50d19f9752ffef6637819c3

SHA512
035b5a68d1bcbd9bb697c673c3ce8be7fe97f48d75ea0ab45dde863912f4f442d4173d28c3614995a3b089066941f18280bef676f2824ed0d0a3554b5b35fd54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d9a2900e78bef48ff4df67d53846230

SHA1
8d9f7ba8c0730dd874b094214d58692b23bc8792

SHA256
62f1c955299d55db3c3b71d84c96176bdf5590e543c6408c1c4f8226253de3c5

SHA512
e2cdd237ee98a88c885329662f2fd36832efd3ddb1388e33fa0675c6e2975a617ee6d42eed213b1a9cf50ca66855ca2b6f2b7eed05898bc174d93656782e1d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab261A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar268A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2364-5-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2364-0-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2364-1-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2364-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2912-4-0x0000000000160000-0x0000000000287000-memory.dmp

Filesize
1.2MB

Download