modiloader | e4bb1c7af15a3aa51a832d5049e05e8f3df541ea984bd8f99491e2206d823626

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c97ad582f6797402a4a1715728158669_JaffaCakes118.exe
Size

731KB
MD5

c97ad582f6797402a4a1715728158669
SHA1

e932612fe4e03a80edd13fb2ea5bb3e326cf5a53
SHA256

e4bb1c7af15a3aa51a832d5049e05e8f3df541ea984bd8f99491e2206d823626
SHA512

99c911add9f43cc77bf2e6a9312c100122a23d26202aa6cfc83b7651b0cc2fdb9f8935b4361b974dc9ca4d2819f85b50473ad15f1810ae1aaff031d3ac73b256
SSDEEP

6144:ucmdu7bADc63bQ29XruHZg2CFA8vYYWy4vBe8YZGOX/3KFOPTIJl60Vt:mdu/0r8MXru5gvEy4ZGZrXPKFHZV

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2000-4-0x0000000000400000-0x00000000004C3200-memory.dmp	modiloader_stage2

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2000 set thread context of 2564	2000	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe	31

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\2010.txt	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9404B211-B350-11EF-8B93-E20EBDDD16B9} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439596281"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2564	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2564	2000	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe	31
PID 2000 wrote to memory of 2564	2000	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe	31
PID 2000 wrote to memory of 2564	2000	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe	31
PID 2000 wrote to memory of 2564	2000	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe	31
PID 2000 wrote to memory of 2564	2000	c97ad582f6797402a4a1715728158669_JaffaCakes118.exe	31
PID 2564 wrote to memory of 2320	2564	IEXPLORE.EXE	32
PID 2564 wrote to memory of 2320	2564	IEXPLORE.EXE	32
PID 2564 wrote to memory of 2320	2564	IEXPLORE.EXE	32
PID 2564 wrote to memory of 2320	2564	IEXPLORE.EXE	32

C:\Users\Admin\AppData\Local\Temp\c97ad582f6797402a4a1715728158669_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c97ad582f6797402a4a1715728158669_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2000
- C:\program files\internet explorer\IEXPLORE.EXE
  "C:\program files\internet explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8bfbc1953ea1af14e9507d54e37c70c

SHA1
c1701a60a8df9ec9e388fadaf15e17249d15f26d

SHA256
4c8f9174c31b692b3b6c5f907b14b87392c3d47c47662e7bfb615e1cf42dabd7

SHA512
d36eefba65ef2f747acb521d4e367367ef9621e839d1448a5e195ee9553959472a0ec798b8e55dfee3e69d574434ac4ac567873aaf47fcd7fa73dcac6740b9f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7a78ee8d8097c6aae88a54c1c2397a7

SHA1
5c919725889ede15c7e2053cae59cdd5cae9fd42

SHA256
9db9079b01e0880caafa7e92f821d101fc1fd16ee49cb74a7f4005f22b622079

SHA512
d182e368c95e0e1f39427a51fff18a6a35a9ac0cbaf106eb5910d30bfd79163fbe0c4fd622d9e9aef6e7aae2f5047052d08ef391de52aa97fbdb4ec69bcf68ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edb0552a478b016f0c27e0bad8dd32b7

SHA1
b0988e75af02d17f16096fe4a2291ce6c873f5c0

SHA256
3176b03d3a4e1d50fb5303e72774b66bad998252b4b01f614465e2c19609150a

SHA512
75fef3bd2b484efb638984532fb93b777fce175074daabbd0806f1e4caecc8f6a1ef660ae6dcd58c27ac7a4fba0533b67a8279e4229ac069d5bdf284e23efa3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55c70b9e324b25e1c62f3ed02d5b7ab9

SHA1
3b9fe4252bc345d45e8020150ae1b1042ec98a66

SHA256
c3adb9a64017c31bdb6dfb621409f457e1e38fbcdca13f5871be13db13dbbd63

SHA512
9883c5a7e8d0c8690fe2427c60845073936565386d3ce28db35ab8f447c6343beb428242a86b965a8ff1e4e4ae45b7eaf109851e9a0ce84ba8524aa116241cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31e0db171cbac20628f197ee3c1ae014

SHA1
451b9039532a8fd82155cc086836d3f5f74f09bb

SHA256
5b9760e59dcbf5315b190e0167cdf3000f24d163f8f75748d9d62c2483a8c7ad

SHA512
5b8bae14607442b9d37af2073d508f5d4f0a36e284260c74e3a6a8cc3ef8f7cc30fcd109833ff5e2c4afae3fdffaf5571ee36f774445b7b6f42c9032b8064960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b082925dd881a5fec17e86b16216fbc

SHA1
f7f5a86ba67a08824f8e5d99dcb58a28dde569db

SHA256
c7d4c29a41c84cec1d180b239b371827ee91a95bf1227fcd7eca6b822097ce24

SHA512
c65e05cf871157243eb1a0b6c2b0f6c91aea22e63e0a4a4cfa57e97efc6f71fb0b287919216377e99bef379b9c5b591df887afdf10fe11a50d9edcc4db2f223a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a10d3e826a4703c0ba4b211261cd72e9

SHA1
f686e79ab89e4e97ebe5461e49c08318fedecb1e

SHA256
9dcc90696a1a14afc96ca019229a1e40068ac67be90db0b3f9c2936b308cf3b8

SHA512
f40c931ec698038c0deafa37edd827d94f7b8f0144faf4fcf12656f6b0a39eac4f4520e4a0f443ed2d3dee08ddc2f196f32c5736eaa65362ad5785906d57878a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ede4748b54ea7eeddc3da4057618faca

SHA1
d3e6d3b044655f1f1ef5e06e1592e520532275f1

SHA256
efe455cd4774b2a0ece3d88c9e124b56f81caa6de027cfab4487d8bd10a8be27

SHA512
3a38109179c47cb2cef53230f0d6d43a9a94f7497b9ca5d0a99e4d1c76f500ed6fafb7b2eb3dfbf0022e629b66fb7fad28be9db405623ce07c793d243d9ef31b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b42be43a9746dd360fcde4f3af8a5fc

SHA1
93fe0f2ea732be3ccb751251d55e746c5ebe4c9e

SHA256
df0df454221b929d1d2696a1251b95195023f33aa057f2c7330f2fe4c7bbd287

SHA512
b84493e3cf8588bc1b968cebceafbe0b5f81d0535fd3ec920f4b55c258e7bd518458a5fbeabb240c7692fc860c0238e74c051ba7774365ec21b69172fbc8e5b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e414608e2650f57ce1d2a9fb5bc7f500

SHA1
8789b3e29ca13232d70e6d59ff9696218d3bd557

SHA256
1637249c124de660b447598fb16027c58aea67c1ffddea863f4d56090e7cb887

SHA512
1290a9f4da8f05716663f9fafb4695c16c84947816b2cd1925c404a51804edb3cd629dc9b9ab8c7124694f4a6c433c10097659b14f95103f1642d0a2aae7ed62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22a06b18242f352c1813edc8eeb9d5a2

SHA1
8d1f92ecd7fe9011fdbccc01910e0217a6f0de34

SHA256
979c420ddfb24ae90bbb73a63767fcd8252f1dfe3bb7021d4815a215d9fb809f

SHA512
23bf4ccb5a8ba17b46177ee5649148e73ae0ab7c2dce960549fb97f96817ef9b3a1964796c2fd5ce1d29d3b2e163b3ee1bf2c1947610f9189ca76dcc6e4e5827

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74a330dbbe3023e61a0ab2ec1cb3aa6a

SHA1
728ded881ab1b3bd2e3a13e1de53b742ecfd64d9

SHA256
e96238f5b1434ece61ebfef2605cf4e4b3a0f8c92b9626c9506e4db0c5473356

SHA512
b3d2ddfa1d7ee522dd8f6b2f6d06271e4cd3208414d4881e65e088c65bc1292303efe43ee1722db4eed23ea04d3b21a9ab38912e7cdd753bccb82c210035de51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
565cfb1b1248b1245ca761377c4ac9ea

SHA1
6f6b6ca0695acaf670eec79c89a58ff53e49e328

SHA256
7bded7d6e14008fc7c7edb658d0acb5b9c32092d8ecbc9d9fc4e2036fdb32d28

SHA512
6f802dde7cc67c405281405c056a1c1bd4c4d0a6d88c9ec386e7b8235536aa97d4ef392b93caaef0341ff5a4aa25d519162d000b0ddd24999e6f870dd8f1ba52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f85361e35684e24356050b098c8e5c9

SHA1
61d8dc49fece9d55a9cac1385f2cd9b9dacf1128

SHA256
8a761465fbcfc16c41cffc51355b42d7dac097feee0bb970713bd4a99f86dd1a

SHA512
c6b98609f5e4a7432f8ebe65082df142865c5ca6467d8e6eddf4ea859458e1351a4b4d4b4bba3ede9538e2373a64bdcd1d1a30c5678a95b207b74bd41681f43e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cda24fd87e364f8be003b9a838245a32

SHA1
7e1b76aae0ea3458c2ae56ac6cb9b7b193baea5f

SHA256
8b43d43d3605fbaebf9f1adf3ecf6ee964883d3840a7182da8fc34219675f1fd

SHA512
79212ca5a1a0860c1cec5fab68afc941682e3f27f7ce7e92d5fa348996b770eda4a4b4107336e8ad3247493610524a9ae10c879790a25539d55772806b29dd0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb7b2b38a1f6a20d3663b65b5851b9de

SHA1
6a22bd1e65936af3e5f3c2dfcb4d8d0ddc3b2fa1

SHA256
ef0cdab2a8a2b18a477172f48a35a9aa0905f483063f66e0b5193e9d37bece4d

SHA512
b5080538a74f5c52b5458b149349edc46eb1a889edce0f9d0156a9500a617d206f71b7459e970a3510b980a00aba7b81503be8ff178dd63f34b3507df3c8678c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
612dc2793a753dadd2162bc5ae66f705

SHA1
02deac4e513711a39f82f262f3c3014a1a3258c1

SHA256
cf13b46bb80b60e737038539d84f407c1631a3e18bd797d19a0e06018803636c

SHA512
d866673c192d03edad903fc90b09d9f11330e9584425d266eb8ed00896e2c8692011f344a5befba29a77656ddb45a843bc74e2c31998103c6624962a82ac9e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91204331b2e4a6b68e41cc1826767364

SHA1
9dbb43d48cc048d711781cb4396b58d33d8abc70

SHA256
ffafa0478fb5f5940c65ab92276f7d461845364a33b20e543eef3015cee847d9

SHA512
6d76309c52f91a7d462e227598d10bf5ea78dbb50f463d27a99f73c1308bae653035afac0d0ed56c709c62142d294e1dcf8d964fc7c3656a01b6a4d0330b6a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2000-4-0x0000000000400000-0x00000000004C3200-memory.dmp

Filesize
780KB

Download
memory/2000-0-0x0000000000400000-0x00000000004C3200-memory.dmp

Filesize
780KB

Download
memory/2564-2-0x00000000001C0000-0x0000000000284000-memory.dmp

Filesize
784KB

Download