modiloader | 6994de2a4ed3326ad8a3c29f0704ef6c790ab280d750c1585ae685fa9be7a902

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe
Size

275KB
MD5

935fcedc7847c609d495ca7283ba5000
SHA1

100991833c93b0c80c65aa16458a90caa9adb26a
SHA256

6994de2a4ed3326ad8a3c29f0704ef6c790ab280d750c1585ae685fa9be7a902
SHA512

be00cf792975fe429083511b02871820ba804f4b1d70e9cec648ce130db125171bbdf988196cc8333bf20a20edb74c6a882b6028fac7341dff556dcd3cc2751a
SSDEEP

6144:Gl00u1zrjVvPrFU85upquN0PrtXO4SIAgz7w/+oSMrJQKVeA6zah:v0u1PjVvjFnsF+PrI4LlGBJrVX

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/3056-2-0x0000000000400000-0x0000000000502000-memory.dmp	modiloader_stage2
behavioral1/memory/3056-6-0x0000000000400000-0x0000000000502000-memory.dmp	modiloader_stage2

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3056 set thread context of 2804	3056	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe	30

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\SetupWay.txt	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2AFDA861-AA38-11EF-AEBA-4E1013F8E3B1} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438596238"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2804	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2804	3056	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2804	3056	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2804	3056	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2804	3056	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2804	3056	935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe	30
PID 2804 wrote to memory of 2832	2804	IEXPLORE.EXE	31
PID 2804 wrote to memory of 2832	2804	IEXPLORE.EXE	31
PID 2804 wrote to memory of 2832	2804	IEXPLORE.EXE	31
PID 2804 wrote to memory of 2832	2804	IEXPLORE.EXE	31

C:\Users\Admin\AppData\Local\Temp\935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\935fcedc7847c609d495ca7283ba5000_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3056
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8c0b4ce06ffae7ffed635beea275015

SHA1
fb89fa0cecc89b3791b63cec5d89b62880da0ce8

SHA256
7778427e92bfee9dd0a2edc4b78f7fbeb77aea884c252866823d68798854a390

SHA512
55f4f31f2792be1a54719132a9de68ace97568c0831dc1cb5509359980ac9202a4e04395f2f67d9d38b527f31ef0d8d860d37df69400d335fffe5f1080071472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df2d369f42cff88af82bb7c71531f4ab

SHA1
adb389e65c42140eb0867236a5084b130eb3c3a3

SHA256
5ef01072eef60a6a29b9c5803118e940df8defa865471de41f6619362cf02237

SHA512
2bc706e76672fd0b8a093d022a581c7efbbfb75ab6530243e9b692d3c42501a39958ba2e1bacb8cfc3cea8d0c028ae88546b42deca880784124e715bc85639db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1ef709abfabdacaf8aa4a4270f70936

SHA1
ad207a39dd47fad7745489a9baa73f0bb6ccbb89

SHA256
2924a9008a1f5a4491ffc3ca325a43b3c2aefb306ca99297f35311415054f4d9

SHA512
9f63f6d1245c45f5e79dea594f488602e6a5ef30a104de3da681b29fbd2f9bce8a0b38c36bcd6173834a4a67c47f8a8678df2ad75fef2524fe4df1aaf8c32f62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd751dd96b993f5f194833d639eb93a4

SHA1
b93ddb7c3d7e7a785f5151f61093e81c57047121

SHA256
9c90daae362f27b966dcdd634a453314cb8b024269d2bd1d0643cb89a2e0a6bc

SHA512
b382b50284a8940821d85ec0389fbcd34679b4463ca40d9e2975a303295fe336e275e76ed1f0283651af509c11d4debfde881b8e81ea4ffbde89b10b01bcc347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd32f82e7c14055f9852a60572518d4d

SHA1
895de28612ac350c1f58b4f207486021b0d12836

SHA256
2a2ebb32db657dd20d143d7bcd355a470494d501a3731120d2647ef4315f1475

SHA512
54aac6b118807aa2d29fe1231326a36b7243b7115b33053bb625ca1fde717053b9d0aa64ccb1b4d9a25d4550df40e581972482507bc06d4c8de47359b325c5e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4064f62f22627dc62d6c006168304d27

SHA1
b47e2ebb81eac05b0eda82759a8331c2ebd0125e

SHA256
b8b564666e32dd6be5b25240102c3b5561faaeb2134f10dce1dc2fdb76328574

SHA512
304d646fc67a312955f02d1a26b69000b15e1a9e812af2c7fee987a9aca7102c0a7264b540a7495e81bc728b5ef9fd26499490b28f7de1d30425c57a6c02df00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c5a4566d391b181b1ee28d8b4a7b6d2

SHA1
1911d233441b8518ede07f5661f8dcadf23d1f17

SHA256
54e302ff1e86f9dfce1318364ecda320670ef18546a44c63f194d99584ff4520

SHA512
8be16a80459bc917c48cbcc20b5f02a9652bd97ef98295dd78d649970646e80f2ea808d2ec43a25e9ec0e0c52a72227e51e70e84b45e5b59877c39136a319158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c52558a64450e04a052a4e2c4dacdef

SHA1
7f15c3d3bbfe3a874eb15f5aa04b48134e5154f7

SHA256
e8b8dfc485dda5d0e6b8fafa139742279061788fa50664b1974c60f83e9d1df6

SHA512
02fc09420f0df1c4d5fe31b88f830a28654f392ed50c3b1b48fe1d0c711d7e902a230ac8925c42b8a88a0f3a2c63a740c76fa4fc1014b7614ebc0f4eff8e01bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
042061ace17465e7e3ca469cf4187adb

SHA1
4c933b8f305c855ce9e7eb2060f73777c7edb1e5

SHA256
31e521323dd94681aacae3d17e279f364a0732d030767a1a735cf5fa29134663

SHA512
b82336d782fdacd03b730eb840531a0fea08b09f8ced51df442cd150f73c025d9fdef274bda12053e427e55f30e718ef21f18f5df78903db7c021e2dc2a772f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99870b1b0c226b7d2093b936ce177a5f

SHA1
bff8ef36d0af80b3b49b6385e34e7a4ffcd688f4

SHA256
92b61651eff99c78b708dedfd3c772068016d10382b1a79d15c9d5591a66878a

SHA512
9974fba35e24997bc2a7f72f379d571b263385f8966381a23082c78b2d883d629a75f37427a4de573b7f1b12aa570b424886ed11ce674adb431ca15ed841a66e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a876b529c38b91da68c9ca12ca58679

SHA1
d7682b594d2b386c8ec588089ce02454ff5a6db3

SHA256
7b87ac23c096af88f7410498cd6c157cd7d69c12302c2f4741a1236f354d2b90

SHA512
6fd085e61264581cf916b27a9956627648dd312f2d4744b4df1e19280ee8ee5b84808c8f41f08c340e5ebd6b9383d18e3ddd539595c6890800e6aa0fef615cb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c15576d99e078dad36b2b9ee0b42e8cd

SHA1
eac1df40aee578518ebe00e1b68dc20126377566

SHA256
bb0a70dfbb4e81d5248813a3398dffb049b073c832defd1bf71da7fec40f4f81

SHA512
f5750ee1d69b86d07373d66db1c975f388335d154a9a64db34a5ea5cd4281f5c1ec6a06e0001731dc407d5d9df7459d215eade9887cdbd46a742419405891182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e86c51e30487e293c7ad3c2ba95143a8

SHA1
5c2173456b6026635ec90abf09745b118621900b

SHA256
8249f4c9e66680a3f984d08bbc8b7169692d0e0660066d5e6355baefc26fb56d

SHA512
a31c49b65491b319d772c32e8785c20e1280af1b520df8b7637ab6298913c67150cb2596abdb8496bea9a6684247726f8c2e011a7a1ca80d470fbe4189e1271a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd499c0a53ed682518747d502bbefcd7

SHA1
4b19ca5fea039c67d47998082b4e0e54932f0ee0

SHA256
ab165be25668f28734b1ec650a105d0bbeeb55a14d67f4ad0bd3ccee2b5ad97f

SHA512
ddce4000f0f266ce9b4b45addcb69d63183966dd4c48caeaaa477ac8a72260b0bf0234499ac02670a31290ebd1c194d02940e439697bba16a0ac53b6a8715bb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61ca410d49ea81d739dec49c28ea9ec4

SHA1
9a2a71245d5a3042a619ef2e9856378f1d3f5624

SHA256
3e426ad980a7b3490e75cd8464d0fb43f596831d42ee43f41e54ab2299b359a5

SHA512
6e5d3a096e33014e61598a2dda81ea3b3439e6a3b87418212a2970eb7f49fc29c6adc661c93ef0729749af87d538e30d214dc87ca00b9ecb9ab851ec62cc5d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89def7262196c249fd62a458e25a8e3a

SHA1
66c2ae859ce5a9a23af2bbddf014f707a20fe76f

SHA256
12340a7bbb1b916bfbade490d35f6050c5ef1d99927a0373422cdd72e24259f5

SHA512
393b8e18ea403d28e762e1203d16ffef30e63c24160f0a19d298ebeec99db9004356f7d77a9727f04b00ddca3e3bb60970ae7083f0c39f1ae63c298330f7ca84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81bdbf02c680912c6e247988da3dc0d6

SHA1
c486a6a0d45382319942cd9cfeabbbcdfe3fcada

SHA256
7dc94cc2e74354363be0dc8e5a2353b84fa0a866bdd9975e1f193af13e541d1f

SHA512
0f5a96257a213f43c66fcf62eaef5aae7fc006cc8f92a5af920936548fb77f5a8dc7ee8aea5279ac891c60283593128b3e6ffae5f487234b47e7d7e60131bf3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
402fa13d488595dcefbe4ce053476665

SHA1
ac35d91d32931c9dc6f731432c07e6d4552a9ac6

SHA256
1a2455c33cfa03b4426afd31bfd8fefecc6ce22c81c008fd575965b275bd06ad

SHA512
09dd6641200f953bb07b87c606480f985e580a3ba71d637a23b9f53c9f569ea54bff6183458ae416893e6fbc97ae84976dc1c61ba4790b7365ba53511d9e2c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5477.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5566.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2804-5-0x0000000000250000-0x0000000000352000-memory.dmp

Filesize
1.0MB

Download
memory/3056-0-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/3056-1-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/3056-2-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/3056-3-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/3056-6-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download