ffdroider | a78990736434e16feb2a1ce666f36862431161f4821be9112a4608eedcca87d2

Analysis

max time kernel
94s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe
Size

2.1MB
MD5

135cde4f3fdb52b79380a7e7da9f0c30
SHA1

3b35b1dc8d7270d580d7b9fa66111cb210065809
SHA256

a78990736434e16feb2a1ce666f36862431161f4821be9112a4608eedcca87d2
SHA512

058a4d3a475f3f862ee07b4df5d3d378f834b444e98036438ea56a640b76857eb56d21008839d91f5b8b1e4f79cbb5f385b145f717725954ed58e7073c4445c7
SSDEEP

49152:NRFA0Ak/INTT5bOIR23xwQ2h3uLlID22zOZEn:NRq0AkQNTZOCgwlupIDzzOZg

Score

10^/10

ffdroider evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 2 IoCs

resource	yara_rule
behavioral2/memory/1980-5-0x0000000000170000-0x0000000000720000-memory.dmp	family_ffdroider
behavioral2/memory/1980-608-0x0000000000170000-0x0000000000720000-memory.dmp	family_ffdroider

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1980	135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1980	135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1980	135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1980	135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1980	135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1980	135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\135cde4f3fdb52b79380a7e7da9f0c30_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
14.0MB

MD5
ceef4fc2d9d53ace18940f5dd815afbb

SHA1
3189404b2884f0b3cd04c2a9669bd3de51a195df

SHA256
c07266c7439db76c0f06f348b5a03bd3c4f15af92fcddaabc70a96c8faae962a

SHA512
33c43749dfc69778daf2a1d9649bd0b47bb45b98bdb0d40164d9ed34136180d954b90e7b885eab85502d66e64327159366d0e6495c7a0594b1e9a98627d1531d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

Filesize
51KB

MD5
4c0d4665d1ed29aedb7a82dd7d2fe350

SHA1
4b2ec5f9a8f0ca7cb5dce1ef328ef76f820aae94

SHA256
4f67d87265dcc29868ab5930f1e08427f33298a3b62e1e94e9ccc31e06644a39

SHA512
0f70081b8186cc504063f3aa38a10d5048dafff931064ce4cc313cf6ab9a3508e6addc259f511ce29e9ba59f9f7b8da75d2b79bd43226a8423d8258599f68865

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
849b7ff701a9218450fe0461a97e5342

SHA1
eaa606bc50a9595cd49e00870d7d3099e3d35245

SHA256
51ea15654bd71cc469ab011fc110bd59b34614c130cd6693eed1bdf7c63184ea

SHA512
fe8a16dc88ebd80536bf1a9b23f2e696f5d6a0082d865ec4c16cf5f6a5531bdff3d47db81ab7fef73352faefa7338345ef881a1a708daaa0942360b9f91e3e71

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
1df95232eeb94b5c1ca5a9c89cc75a06

SHA1
049a50dc52df6ca3a3fead0adb23cf8f1aae9db8

SHA256
c49a3f158132300a37e888ee40bc338a4a2dde022bb624c2b68977eb836858e9

SHA512
2aa565608d225686fc49138c2e692de73b32b61f29b8ab633f5fd00a0caa7eb987bfdd861b3ad29dd050b216f3e0cad35217300a1f5bc27e8a728518ce61c375

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0f8e884734ed2c1a49cea80e8689b9ff

SHA1
d9b9fdb8533dd56a768c934f7b2117fac52c487f

SHA256
cee9611ff58d4b1a4ba5b08949e72990145b009d2656fe8fdd409bd86ae38376

SHA512
4999f7eecf51abb6029dc1ebb649cbfcdd6f9023b593bfd01bb3554a1c84934da5d436fb9a5d97ca8d5e72cf190b701e9eae8ac4a776074e5978751577400cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
b5a7a1d7809ebcbff78824f424730c79

SHA1
68c7ae9e0d5e05f1ea4e1ed516d64264424ef576

SHA256
c43548d54483059c0b21b48492b56bf4fa058b18bb4a9dc47217699272601cc0

SHA512
0ec2c1c92dd483f5a28446de6e56cd9677252a5e305766e9fa61e09f42cbe3e9da0704c9e4e96dc0b52bf6dbdb26a466786b89865e18957dee1d33832e138722

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3c33280ae1b7f02ae9b6e35f5c9fae49

SHA1
51cfe9b6aa794307e61573d7b5362c16dc8b66ef

SHA256
3e87bc58b6ee59b5c3468dad7c0613b96c4f2f7e21642e7cb59af986e261d5b2

SHA512
236f88518b29c54fb26ed6194e15393d0c3e07f1c9e0de18344a3d9c6f167ef3c5629dbc3d38c6e79c0494b98f2807f783dba5af5b152e63b099377d91fe2cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
92c7c6f6b82738d3e2e9154f6c095df0

SHA1
b9b5ffd469d60794bf8ed0a2d47520c2341b9c99

SHA256
4d51e74bd9fd75dfb9768f07a1e66a867f1aa82295c813d219ff1a077ed4898a

SHA512
b7d02f14a51a936b47ad170fdd150ecfc641dcb8d6d559ca1fca57a5252211773f48a5a199ff3cf2f305e9d4545325503988a59369ad79e384d353ec57908607

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
62d24838154652122292c3e046a5d4ec

SHA1
458ee1008f791d1d429ed5d7437d3c28875e3b9a

SHA256
2a59c061f0138abee90b6b969cc21fe7fbf2fbc03f4ba7fd4e88adb5bf3e5c93

SHA512
5fe3112a2e60410b8713980a610e3bc3c918339d541a243285b134f2ef95c8fc6e9253673c5b717849c30ddaec6718fcffbef0444ae7ca2e3f8ff079cf976d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c45b19c5e9bc57a6ffc6856ab75cece2

SHA1
6e99abda2504bd9d01004ca0abf93ac45846c1a7

SHA256
fd6b604f0f9841a05799cffd16536558f5289e6315fa9805b0a8eff1d8ffeded

SHA512
52169977f1664a28fa292985761de313b922e505fe440d51f89df0002c9d8594c6cf72732dd3a5473b0abd54f84c73ed496ede65ee836f879703d6d95d4cabe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
07fa08879ad3620cb1f7fc3e113ce237

SHA1
913b8e14e5233177442e95b506cebca3b8081ab2

SHA256
fd4dfeb934914a9fb5470ac516475f68f9d7ed3c156d11e458d9dc03de798c95

SHA512
13c88f67ef49f71e57e6c954022fb929c740eba7820811b254def11c7842706bd72bc2ce8eb7d5f21e41980b18edfebdce2c6045192734267055edbef7d5812d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
ef08dd2e83e27100e2bbbab1dff79857

SHA1
ac355b4e8b42045caa41c032e7099033f082d3ea

SHA256
04eb04a4965857ae7f5c36e7cc96494a1842700a82d60b0c8b98704cff32f417

SHA512
aa59fb558b368a3cebd6ea54b42f12d05b57321f3c0775c216296cff6140205776df96e69d3ff778ed16dba11e754fd9c91d250060678ac9c40fb673eb0cd8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
935374c6c0de5cc706eb4942587d5635

SHA1
67826d198ca2dd43fe6b70ba200fe1e22f62cc24

SHA256
542407856bde8c12ef75d1b4cbcdf4543736934a2ca08e284d3d81df8f2a8eac

SHA512
753d25eb80cf3f0e2fdff784e323089df5fe8d3f1bdf254bbac7c20b2b0c14179a4e374b7b8ba5a69db920fb6986998f2431cdb86d24bccf683485df79bf47ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
42a37c9079480514df6ec41d94659c15

SHA1
d50a0406900575fe55ee5264baffd9857290336f

SHA256
2c2cecf47096a7d66d90a438b51b86305662f407cd33c68a8584c52ae00d664b

SHA512
de67d9b4a77dbb42697ee6a5f311c83d7aea1ae7da683aa3ac2dbebec816f6447c74a46b52325d4950c756d96463299e36507518a128e522544d2ded905f1e6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
412c07e17e3c194c2fe6c791d823c86a

SHA1
6a0040297d9329b4f1804153e4e6644f8fa90876

SHA256
c75a02a811b42df2bd465ef8e5fc6793b03560698aa4dac6e8573a4db0884ba2

SHA512
16776b9686e70e668e25975d9eacf5673e5acb7d2c4d014f92a9bc37f1115cf4faa6c3d8d70897f8916823c3fbacd5eed622d38c7f855f81ae20871018b3242e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4847dae4267cc6ff51f4fa5c129ce4cb

SHA1
f4bf4ea9aa1bed5dad4c8aa69f6cca8ece4214ae

SHA256
cdbd30d67a79856ccfe1fba36b7530e76f3eeceb18df4d6fc4cd4f85a1b7e710

SHA512
4345d823c0a6245a7f2c38afac10c296a61c47599f90d103c468e64b9d7422aa1230a4c8aad87f8595725210dff4b888787fe31d36eb6f8088124603b29f5b4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3fccee8fc526d3fcb5c0ecf5cdd0c38c

SHA1
d021730353931ed5ffed6b359eccd6cde182c536

SHA256
e88abc465ceb57e1ec478f1e77ddfa410a631d4b0c0515fea6c53b0986023b56

SHA512
cf0319537707dba2c1886c0fe264e75efb56e8dc31780b92f942463b3fcb159112f5770a4df907d2543dbd959ecf1da57565d76f7ddc8e3070d5431c8ad8b247

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2dc3fc88f82c08067fb76ab3561d788b

SHA1
9c9bb904f1f1affcbd49dcc2eb9d2331fb98fcba

SHA256
6d64ddba6e7135b9f9e9643c75b65b63e7a22f1ffd757a2f1326d8c393f21ebd

SHA512
b3d4ccd9cfdeb7fecbd54c7c73a43ae67532d7e752f03ad86b5389423bc4ca826b0b13407ff5decb9c237927f3cac179f917138479b1d3c4254aa8b710b5b531

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2f8ac049891037dfafd05cf3851f1c08

SHA1
8c095e596f7aad8c3a0721b5e14ddd7d3a68606a

SHA256
69bc3d85b52f372677210b99fdb29a0fd866715622846cbb2ea9621947089cf4

SHA512
9a701cc4b0f8a0c40121fc4f9656cf8303455edf959aeaf0c40820a979f7a2936105fd6b0b0bec1b6bbf5cb8f6cb24d4b63a3f528368b4aeec1c4795bc676ab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
082016e63a9105d856d0feb4f08f9526

SHA1
c3cd94d283744d63c5d6c373a54f422584dc019d

SHA256
2c5cd99ff8f5e128845efbb4cdf21cf038a58e643b62dc5251604db903b0a577

SHA512
ce05cfa1b2b2c0b91bf02c7109fd67174e29b414fc8aeca91238771dfae17ffa2121ad9964c2c78437ee15cbc26696246bc1332f83172d132ef0266d56bd9315

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7d3d3186a838d5580138e9e2f5ba2564

SHA1
ad79f0a225cc0dc1af3b4ff8a70a5021e32489f7

SHA256
ac6820556d89e5fbbf1f6b7d803012162430889ca6c8f0e66c8a58a4720f12b6

SHA512
0e1d246089f9b48fdd689e593fc974735cf71af859f2daa65e645887264a23e2d4dcfc72c4bfe689fb2ec361831f896e33cb7eb02e4764d5b60f5c867f1d39b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
19d0635d395c4cddbc36536cb1b99fe6

SHA1
6e11fe4fe48205b4eaef671d90780de462a48d1a

SHA256
f5f5c7c45371ac3b30780695305240222f70e103c4a8b0951e8441408d5c84e1

SHA512
20d7061da0bbbfbb17ea778d614ce537d0ff95ab9efed302074c3db4bb6817947e0f35b82724954c102040cdac6fe042dc44fbec12d8342327f3261b74bb189d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
227ec628628c58b3633b8c5801e9b85e

SHA1
5f714c4e5a8f92bcfc56b2c3d6d0a55813466ab8

SHA256
a435fb7ee40c095d43917111053b69903a953e6501b04614a13ce4c478599eac

SHA512
200769f0d92ec84f95ee87de17c17f41ea17afa4bbdcd5a7b4eed8124a4f76e3c8b10bc262ee1da89d785bc9c42c2339e78049fcd5509ad7e6e7703864188940

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d3eaa8deb3c38a692ce2b5c56c8aa921

SHA1
a1ca850056770c9200f2a25ab5c9bf8508ede8f1

SHA256
2739ef1c81b9c59644346d517e2a0179c4bfc202a7756ce0ef806c93d4beec66

SHA512
9b203fbfe8c668f850d3cf17268bc72281d4b4c879eb7f56c507d9d5a0f0a8df8368fe55e05c4c9255320e733c0c856c85290bb857efb9609bb97feb56f3bfb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
9a4786b2ebebb969f3c398e45329cac4

SHA1
63e8e273c9d8e7829afa900f3c3addeae08fd674

SHA256
6bbb5318e35f3bd2329c00b48c70ecb2fd1d6f483da48f83bfeecd48ff7e2927

SHA512
b7e1013fc7920b89d6f885ca58bbf7c21e75b8f1f82a64b6add740720757c4b34b58e16886653565a263805b3194b972c5eef7bb8c5b3eb2b5b8d0b796881f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2ffe4aaf2df44bc29685e7d7b030f2be

SHA1
1ea7cce7041058abaf3644d02c5140d1ee4542d5

SHA256
d91ae828953d054f6fe7f6213e6df49d3a92f4aa7e05327bb8161cac93d7a4b9

SHA512
802c8987f86e69da6f9972d860607f1443cf30e1ee873433d4994eabea28c6fbcee23f860da25f4232e15029d1ba50581be2b1741f077932f0c469965b28baa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c3bc546e6098fb56fc51aefe3324355f

SHA1
769fb41aa01b8f250422c240d2a0d49fca058e11

SHA256
7fd4488c43636c581f0f58eafaf1c9fcb12140954792f9723f03e2c0f4fd640e

SHA512
c4645eb5c2f7677a7543a41305aa54910b73b495d90dd9257a8a9078e88437e050b327691fb0440ddde128f29f1d7648a21997a6b97ccd593ae6a0b9ce5b16cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
6d0b49db748125e4ae0d749b87763d6e

SHA1
fa612adf4596326acce92405421ebfee89bc2ba8

SHA256
9f5c3d9421decc844657cd829c3ba7d1d657f773d674d935a4d47f12cd1b944e

SHA512
c5145a9f01e55c94d72d6815c7ab57bb220d18cf5b6115d0dc28d60a8eda1c7f20a0caf12a6155feb1036e6fed86ad1216e28bfe5d91af686096ada441160965

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3692e9ac4a66259e48e05906fc895ac2

SHA1
cf80d09c2cc318e5e686060e1cb9cf8d0206dfe4

SHA256
6b7c16ccbb47e02cd5c187fceea5eaab4cff55330e7cdf5fe3e8ad7bce354336

SHA512
3a924f0b94ec1e32057c41f85fffc9f7bb699ce65fa90aa74f0a8bb17c55198a7febbd4fba9bacc259087a0a6e395c171f62e57da3273142a99b683e2933f3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c398d1af1dd97e3200c599a6ea64d73b

SHA1
83c287df40ad32a03cb8e359c4152959fc3736f5

SHA256
81f806a01f4642786034b6054aeac199a13281ac9d2bc7eb0c9ddde74febb56a

SHA512
4282c96c8a4878d0fde93feb951872bab1f6db49556e2532714397af8f869f61a17fe6ae6206993aa11166d5f94e4b268ca3fc50a8d0d4b091ec28c948a865fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
b63964abaacffffc63c87cec33fa0671

SHA1
1ff4f13dd3213c9e7c33b2130f46952465104c28

SHA256
83512f548f3918aa5c6e06ca1d9dc66bd8136ee87a4d76e5f021af17c2936de6

SHA512
2da1217cd44c6a8123fa5e5d6f0f0494ef368e27e18923d53477a404c80249f3bd0842e9e237ab58676c8ef8326a40feca8d9e217617f983b5425ac69df4dd6b

Download Submit
memory/1980-45-0x0000000004ED0000-0x0000000004ED8000-memory.dmp

Filesize
32KB

Download
memory/1980-133-0x00000000053F0000-0x00000000053F8000-memory.dmp

Filesize
32KB

Download
memory/1980-146-0x0000000004DB0000-0x0000000004DB8000-memory.dmp

Filesize
32KB

Download
memory/1980-132-0x0000000005580000-0x0000000005588000-memory.dmp

Filesize
32KB

Download
memory/1980-131-0x0000000005680000-0x0000000005688000-memory.dmp

Filesize
32KB

Download
memory/1980-154-0x00000000053F0000-0x00000000053F8000-memory.dmp

Filesize
32KB

Download
memory/1980-156-0x0000000005520000-0x0000000005528000-memory.dmp

Filesize
32KB

Download
memory/1980-130-0x00000000053D0000-0x00000000053D8000-memory.dmp

Filesize
32KB

Download
memory/1980-129-0x0000000004E50000-0x0000000004E58000-memory.dmp

Filesize
32KB

Download
memory/1980-126-0x0000000004E50000-0x0000000004E58000-memory.dmp

Filesize
32KB

Download
memory/1980-118-0x0000000004DB0000-0x0000000004DB8000-memory.dmp

Filesize
32KB

Download
memory/1980-117-0x0000000004D90000-0x0000000004D98000-memory.dmp

Filesize
32KB

Download
memory/1980-78-0x00000000050E0000-0x00000000050E8000-memory.dmp

Filesize
32KB

Download
memory/1980-76-0x0000000005210000-0x0000000005218000-memory.dmp

Filesize
32KB

Download
memory/1980-68-0x0000000004ED0000-0x0000000004ED8000-memory.dmp

Filesize
32KB

Download
memory/1980-55-0x0000000005210000-0x0000000005218000-memory.dmp

Filesize
32KB

Download
memory/1980-53-0x00000000050E0000-0x00000000050E8000-memory.dmp

Filesize
32KB

Download
memory/1980-0-0x0000000000170000-0x0000000000720000-memory.dmp

Filesize
5.7MB

Download
memory/1980-32-0x00000000050E0000-0x00000000050E8000-memory.dmp

Filesize
32KB

Download
memory/1980-31-0x0000000005270000-0x0000000005278000-memory.dmp

Filesize
32KB

Download
memory/1980-30-0x0000000005370000-0x0000000005378000-memory.dmp

Filesize
32KB

Download
memory/1980-29-0x00000000050D0000-0x00000000050D8000-memory.dmp

Filesize
32KB

Download
memory/1980-28-0x0000000004F50000-0x0000000004F58000-memory.dmp

Filesize
32KB

Download
memory/1980-25-0x0000000004F90000-0x0000000004F98000-memory.dmp

Filesize
32KB

Download
memory/1980-23-0x0000000004ED0000-0x0000000004ED8000-memory.dmp

Filesize
32KB

Download
memory/1980-22-0x0000000004EB0000-0x0000000004EB8000-memory.dmp

Filesize
32KB

Download
memory/1980-15-0x0000000004410000-0x0000000004420000-memory.dmp

Filesize
64KB

Download
memory/1980-9-0x00000000042B0000-0x00000000042C0000-memory.dmp

Filesize
64KB

Download
memory/1980-5-0x0000000000170000-0x0000000000720000-memory.dmp

Filesize
5.7MB

Download
memory/1980-1-0x0000000000780000-0x0000000000783000-memory.dmp

Filesize
12KB

Download
memory/1980-608-0x0000000000170000-0x0000000000720000-memory.dmp

Filesize
5.7MB

Download