ffdroider | c167e698769aa0f9119ad3bfc1f463120be75cc35fe13522e24e49107bdc2594

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe
Size

5.7MB
MD5

b45e9e6de21b7fff593975adc8550779
SHA1

e333c3797a402b7d4af72db730a85eae21af16a6
SHA256

c167e698769aa0f9119ad3bfc1f463120be75cc35fe13522e24e49107bdc2594
SHA512

652d6dda82f1467ca417e9ff0bc15b560f68e5a269da1e9ff6b217d266d64d949d191986c3106c2bf7ac991acd73e2b26eeb2e5a0d7b154b737238729ec7292d
SSDEEP

98304:i5DUM8pGFeBSycG465AkIV/U0hfZ+wBW+irvQ/qpyr0k+tOYCvOkVCQuYYI+iZ7V:0qpCHDiAn63OYCvOkVCQuI+7NAjtVa/u

Score

10^/10

ffdroider evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4024-0-0x0000000000400000-0x00000000009B3000-memory.dmp	family_ffdroider
behavioral2/memory/4024-603-0x0000000000400000-0x00000000009B3000-memory.dmp	family_ffdroider

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe

description	pid	process
Token: SeManageVolumePrivilege	4024	b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4024	b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4024	b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4024	b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4024	b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4024	b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d
Filesize
14.0MB

MD5
dbdbbbea7dbdad115f44958eacd8d52f

SHA1
e58eb936b934f5d12a7903267da21363df09b720

SHA256
edad95ba6d9e5760d83f26b63a06608bc0b41c4f6b2e4c3b1a866d952178ca21

SHA512
429b185ca588e01240351fce6662a9f99967113e277d74f66ba364a6f1668b44d66357c9ee3610ef5886136c0ea96d5502b5f9a7fcbbd4a3e238bb5c283e92df

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW
Filesize
50KB

MD5
4b392e9af0c32cfc72f12afab58cdaf0

SHA1
13f9d93fe93605db9c408aad6dbc47f055ea3d90

SHA256
23e77b6c43e5a600b262c1416788dfaa47bd005bd994d8587768c15c339ad14e

SHA512
8e442b41f52bf33b31ffb86712513848070297723b07b57f013e86f37d3b5a21af9d4cdc696ceadc3ce1f63c4878da7e142f56c0de70e06785cb0503db20ee33

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
d70a08897c085f8632406a258bc03c7c

SHA1
9cb809a7c999ce24fb6d7dc0f1ae1d5641a70be2

SHA256
186626179bb1a4bb64abf8decb69f7211e2788bac7b190f3c5b3b9a7177ddae9

SHA512
4db53e5280beee7b3065229386b2a58b23cacd6e0741f7d4861f9a6dcd805d346011058f03546a66fa6258b14b35ddfd81cd1f897a57d9e49c6e6f5e97a416a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
77baffee74efe0921223006b069d13c2

SHA1
9ce7012e0074e02cb3986b9c969ec0b3ac5ba44a

SHA256
ca962bb5d8f5e41b282306fbc0bebfa41e6fad77d0d6a005f91a9b00cfbdb24a

SHA512
99fa785b965a0c80fe5e6eb2c950eabc069d5672107c195cbcb2790d9be5d1b36da97eb811be7a3a250afef063c4ea00abc64eac301fe37095ead47290837db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
ad2184b35bed26bd2eba2f8b851dbed6

SHA1
7f405321253d275359558e83021134477884e596

SHA256
3cd2049c3e1b41c0b0a0282eed61af81c6baa448a7d429e6c858ad2e5ede7c15

SHA512
5e89272081247553dd889215cf238e68806f87234ae04b6e3d43c44fc71636ae1bfeba8005f6a311991a33a19612b24b21ca15a2475c611c8aff6625c7bc05d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
59633a78fee42b6e8cb1dc64f6085387

SHA1
0173ee8a89b1b9e87b7d7e7f4f1b961e7ef0fce9

SHA256
8737bab5d44e46a00bfa48cc101632300abab8e40e7e0977d2c3ceecdd1c9d29

SHA512
b2b7f492f7529d50774e220e41d318e8961a9b609f277dc7514b25968e2a1a19d06ae6bf9ac104a4b0f4a1391f56b52c2607e21acec577412a5a86ac7a2b8f30

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
9c73926ee6c58f971bcbd1a51cbdef48

SHA1
a8b038f41313a419ea9b2a05307dd0232e4bf3e6

SHA256
d0760cc3adc7e7df2abf192abc51d1b4fb516aad56edccab41505e7be728907a

SHA512
642fb5dd1a6c07bfde77ac89f85afca9f8098f5b9c46c5b43bfa28f928a5641bd0f7dc5c69a41957595cdb86d2734ffa265c983a9b48486e1b4916499155d3ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
a4c00416970474db624e0b162a1a18c8

SHA1
e5682d64e55d4e12bf84dff614da8c00d7353d97

SHA256
d18ef2808e74aa26f50c2220aebd5e4416c08d41cb9fbd9554dda6bda54232bc

SHA512
cd5c9d4f2b111248c1aa669216ff6aa03c3ddd5bf72775e0060656ded7d769854c13605b8c585e70b28afab4b1841302e289e0167ffee36277f00c7c66981ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
54c82a03c1552bec9520e8c97aed5107

SHA1
b403e5207f5a8c479deb5c971ffb0a1386bb4259

SHA256
74d88e6eaa2c2013b1ae0a7c70ee9d60299d4d8e0f1cfd896a8a0a9efb8237f1

SHA512
51a1538609dcc1ce359f20e6c1c93ea4c81f50383fffe591b86b7b448d0f331413f1bd8b0971fa4184721df4997ed17886e1a5e52b74e9a14f0a01aa6daf6c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
fbce0fa11a04430df59a1bd40860aa15

SHA1
b3869ddddffa21b20e9f2a7a3ad94722935fb5ac

SHA256
f99848f2c9cbc50eae5d810fdfb3c0f5c20d435180f8eb2e0b8e34965cb7c212

SHA512
07a8c67baa7b1f8f56699d1125ed48bbb3a48d39555b8cd3b940067566bc9a213e62142da26bb6d9d08b02523ffa8a0206d415210c2deea7e6c44bd855fa5b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
5c42c9c037a50bc7b3180bfd3a5c8381

SHA1
c5a04d4473183750c9cacfdefb6f8ab82720e4a2

SHA256
8eadf08b0787eef79f19fbc16820c214037b77ca6f02d1546d60e339ff185a0a

SHA512
951801396da478194ebeece74694275a4431a2b18c4c48f61b617703d5b85fe23615228afb2a78879626fccab27746b9806d3586312f34e75b9b8082a610bca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
80a890ff8f7d3b6b1df48ae2b06fccd2

SHA1
572f1e8746ea601908cef7cdb00b02fead6e6e33

SHA256
d9aa056b7110e6e3fd58128ea2b55b20054774482ab29db080ce0fdf8231e7d0

SHA512
c90f60e63b417a0408c16962876eee54c95a0bd2520bddd7ae56e9e2d91d99f75d4dc16a7a9561c83da05cbfa367d93565be6007cd2aebae5eb65863c3d0924a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
0536a36169aced207dc8391d61efa19a

SHA1
c2ca4fb030fd7354440e11ace6189fb4b6acb3bb

SHA256
3f25b04d4896ecdc98b269dbef9ecb6188955d59463152544e150c21ebf9ad94

SHA512
a8d5871c397db8ee8382da5a17d220506e720d6000f6bfa4842f667c8d9b945be980d39f2a761d7ed81a72a74942590d3a1ae665ab7be994c4b1c29a024076cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
2208ff0b1dc39823ba26f4358328037c

SHA1
9027749473d1f8a30e9e9b5a7795ded786398282

SHA256
63685d3d12da4f6751efd940135c9d99bf50fe2a70560996aed4c7238ae0a0be

SHA512
5674c9eede21a41662a46bf4e9032e5bc6f84869ba45381cb29fed67de84561b38525e716ec203c17c5818de9da983d2502dbb914dd14d67164760f2734c59eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
8bfd83eed184cec6d566eaa1f89f6f82

SHA1
74cc8ac29ce30ce2a39229cc4f22ca79afdd458b

SHA256
2e83d148862dcfb698ff724843bccee4a4e137c387ab7a7c400fd921fbde7e8c

SHA512
a2fb8f057af6b938c89d492b6aa059f221a8cbdb404beec719a4b4e2250828314b4a0328044061a251bda9fbe07742b02876c7dab166f3edd81b9d711aa54f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
a30cd3c544e561fcd2563ca30531b968

SHA1
377408e1fada32ddc406f8ce5b920ad7cb27dfb9

SHA256
2d082c52dc89d924cdf64eaa7f639a06afd8c3b2b000577e37e284d91a2eab5b

SHA512
b133a7fb96959eb47adbab891f73ea775edb391ca6a06556a103d1d4d9d24caf921aa9e2749face01d2c886d979c5aed2de2684b659ec0417a59389102d04953

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
4164e0a415b7522f51e537a680fd7209

SHA1
83b7a763f4525a777496aec3352250696bb8d276

SHA256
ff83f4b3c13bf0b0ab4c8226f16676a36a9d489d4b3b851ff993543666d816ac

SHA512
a2451b3a702c03ac8680b8688eca4c089f3bd3df66ba16d3aeb03a7f727d9b623929e5a74ebf8be012817251112fd9eab568c7fd76885b999c721c0496aad3e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
542184367e1c9cc0d4f1f0d5fdf4dd4b

SHA1
c3f4cce786ed214e06ed040e11853c1b9e4e88ad

SHA256
eb0d7a8d9d7d46146f6a3c0b7d33e33fb6285862dd3516fc870666ddffa2e51d

SHA512
27a87265c18b82a78cb104ba06859596f4c75f9a6ea8140f607565a3ebe5dda3ce02e5e9e9a317bfff709932ab705399885ae4d9f2542a2651eb631c0bf80905

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
261675e1ead30d422e681383bd2ee434

SHA1
164f232e8c8eec6de252f1a722e8dcd24a9d017a

SHA256
7991119ba01cce7faaa02015b9aadac8132b2290d17867b98df22a74cdeb2440

SHA512
083afce9cb7027579ba49fcfcb5c2632481f9e023af2ddb0a24f53b707d6ece8a9e7cd4393b8f17432914310c94ecb9552a0f92761f4301f5753cd0b6953f444

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
07b6fca31a67881784167d64b9e27a08

SHA1
4ce9deb06bebb4dc286fdd6fce32ec37a91852c1

SHA256
2260cacd57f55e79cdd48b2b2555e8f90b7314f8ffcb39cb579b365e007e594b

SHA512
935b082a8e8c85bcc0381356048ac90411fb2abde1e9fbba7ba1d1ce3d9947ed020296ebf5a85fe3c3ae40076b7c0eb2d94a8933764500b16102ece3d7548cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
4e12f706128fbf5a7a8866951c80ab34

SHA1
4db9f03b3d4a7044aaf1da211fdb2d982f3f7c68

SHA256
c32c762ee1509618151efbf6fb84c47f3015f1887e3f367dc3d9e423fcc95a63

SHA512
cc127411961db7e2929524d85a4f13f64f6f13cb364f340acc067a94f96aa14069b72a455a303a5f3951c1ad71e27abb8845338f3256af5348dcc031f8659ec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
4bc703db717ede5a772a31b034389834

SHA1
ddbceee510638763c46f61463e1d6c7a6d784758

SHA256
d7f9379fdbf60ddfdc31616e03766190ff40a91cebbf19c74f1fa8e91ebf5201

SHA512
9382bd3d0836e722200c5dfda45aead06443c8cceb0395285770007225f44208eb23308d4ecbb0034d3464dc26c3b9786174587c81aa774edebddf03a6ba241e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
1176d99116c1cd8de7aeff314f89a82b

SHA1
c48e37d4bc1c3f808901dd606710c43c070f9b2f

SHA256
bd77e68fa2008e2565119a85f030af15e83a8571ff85edff2a14508453a09650

SHA512
39dd4cf105e822a903ab1d4f30db8cf5143fc5f11724f2543951c3934bb4e6915a953993565c373f3fe1522288ff141d36f2779b0c5862e7605e07fccc38a746

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
49f25b510a92ef867c03115a6f76552f

SHA1
f4df6458055825dc2d1315dbea9d005fed00d637

SHA256
72635223b920717d922c8a3e33d1a5b1ecebb982e59d082226fac6cc1cdb888a

SHA512
54123e3352b4a7d81f8ad6ba4053a38b7128e34d8d3932a11138741640b6a7c515d56dfe61d5b60b60ef05c91d1cbdc1f74a035d73f0559bd2eb5d2aa199d0a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
6c1fb8ff97779b95058140315249d6fb

SHA1
f556dd55d8494586cf4fd0458037d8417f2bb5a0

SHA256
33f0c5e2e9b4672175862d1b033b8a69276825e3cc33b8bb48c8d53326319944

SHA512
3c4722a02e4ff7f3aeb78b4a4474431cd36a7a07de472809e2c8889421db19be6b6642c15720e6a231fe6431d705c474eb661d27be6186e9f15356d3074c7b5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
6dcd959a5942503ee4c681f8226d2c86

SHA1
bacfaa31e96e598ecadcc6661e5793a5cee29ccc

SHA256
1a2652f0bd761b3cd8b8f9cb13c34133a9ef6195861479c60206a3c30607ad9c

SHA512
401767d01ab3a5bdf107ca952f75df99e200c30287586c91ce0ed6ec878f955157418fd6d09e52f17044642323e958f9213dcea3df19fbe38cc7849bf662f096

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
b5c130c91654e9166ef7896a0e237b2d

SHA1
69b12efd0c891186871393261d6fb98b7b06c6f4

SHA256
ba8afb7e02be3b4b58b67c615c37bd25b6871782181cd398e107c2350fea989d

SHA512
7fc1196f31da9f32b302e8113ee8b107acbc8dd7614436f9f712ae29cacd824ffb11658010f65dcfec9104b88900d1a51e9da7198a844c0d57aa74fa44eb9ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
cd41c6d1e1edf681889ec89269ba9dd1

SHA1
099ff62abd8aa89e89bc61e20d27ff766ad357ca

SHA256
462c29cad4e935b21cb17c3e1ca83b5be38faab0850c77f81f391b785cf5ab8c

SHA512
9610fa2ba35b9c91e294b677de94deed6248fc13104845cd36a12832dcca636ba46cd6502680425acad01081499a8befa29f0e7476c6abe143c842536241a2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
d8403e80dc8ca552c7424360902218cf

SHA1
f1363588b1e728372ae946836619094768be4dc7

SHA256
08cf503302bcb41258fa371eae10b10f476f55c0df56989954b3b0e813b3bd7a

SHA512
debcc6222e5da7e32663dd3207eda6655d87346a33ff9c3d1128a2a75d39efaff805293ea04f22fe289a5d2cbc9e6391fc2c347da73394ba10e36006e540f25f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
c5fc6e379f4c19137d3a48961ad67a93

SHA1
900fe9903d1bcec94629f8714bea3ae1bcaea4d0

SHA256
91fd3c57778330be5f74f648293a15fb483b4aabb96eab6387bf72c135ed6014

SHA512
5d5dda70fc6dff67320b29c363f6e6910adca5fa9d703c58c075d27c0c7f6c6d873724a455d2fffa98d1ae8307fc6ec7c4b6530a0bcc31d73f3e865927274ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
40a4fe494a52b50371db432d5022d882

SHA1
69ed32d88c24d2fa8725c5428554c89bf1b0ce3a

SHA256
d00b2d4fa490ed7be8810fab47a93924b584f467dde78c960b31344d75fc2943

SHA512
dd3ac3c639cd2529f3d74b2acec351d63beaba47eeef49d222b82f4175677fa4d188381304f7dd40869f6e92136434385f80f024791a1036ea9a742be75525a2

Download Submit
memory/4024-49-0x0000000005130000-0x0000000005138000-memory.dmp

Filesize
32KB

Download
memory/4024-74-0x0000000005130000-0x0000000005138000-memory.dmp

Filesize
32KB

Download
memory/4024-150-0x0000000005440000-0x0000000005448000-memory.dmp

Filesize
32KB

Download
memory/4024-152-0x0000000005570000-0x0000000005578000-memory.dmp

Filesize
32KB

Download
memory/4024-129-0x0000000005440000-0x0000000005448000-memory.dmp

Filesize
32KB

Download
memory/4024-165-0x0000000004E00000-0x0000000004E08000-memory.dmp

Filesize
32KB

Download
memory/4024-128-0x00000000055D0000-0x00000000055D8000-memory.dmp

Filesize
32KB

Download
memory/4024-173-0x0000000005570000-0x0000000005578000-memory.dmp

Filesize
32KB

Download
memory/4024-175-0x0000000005440000-0x0000000005448000-memory.dmp

Filesize
32KB

Download
memory/4024-127-0x00000000056D0000-0x00000000056D8000-memory.dmp

Filesize
32KB

Download
memory/4024-126-0x0000000005420000-0x0000000005428000-memory.dmp

Filesize
32KB

Download
memory/4024-125-0x0000000004EA0000-0x0000000004EA8000-memory.dmp

Filesize
32KB

Download
memory/4024-122-0x0000000004EA0000-0x0000000004EA8000-memory.dmp

Filesize
32KB

Download
memory/4024-114-0x0000000004E00000-0x0000000004E08000-memory.dmp

Filesize
32KB

Download
memory/4024-113-0x0000000004DE0000-0x0000000004DE8000-memory.dmp

Filesize
32KB

Download
memory/4024-142-0x0000000004E00000-0x0000000004E08000-memory.dmp

Filesize
32KB

Download
memory/4024-72-0x0000000005260000-0x0000000005268000-memory.dmp

Filesize
32KB

Download
memory/4024-64-0x0000000004F20000-0x0000000004F28000-memory.dmp

Filesize
32KB

Download
memory/4024-51-0x0000000005260000-0x0000000005268000-memory.dmp

Filesize
32KB

Download
memory/4024-0-0x0000000000400000-0x00000000009B3000-memory.dmp

Filesize
5.7MB

Download
memory/4024-41-0x0000000004F20000-0x0000000004F28000-memory.dmp

Filesize
32KB

Download
memory/4024-28-0x0000000005130000-0x0000000005138000-memory.dmp

Filesize
32KB

Download
memory/4024-27-0x00000000052D0000-0x00000000052D8000-memory.dmp

Filesize
32KB

Download
memory/4024-26-0x00000000053D0000-0x00000000053D8000-memory.dmp

Filesize
32KB

Download
memory/4024-25-0x0000000005120000-0x0000000005128000-memory.dmp

Filesize
32KB

Download
memory/4024-24-0x0000000005100000-0x0000000005108000-memory.dmp

Filesize
32KB

Download
memory/4024-21-0x0000000004FC0000-0x0000000004FC8000-memory.dmp

Filesize
32KB

Download
memory/4024-19-0x0000000004F20000-0x0000000004F28000-memory.dmp

Filesize
32KB

Download
memory/4024-18-0x0000000004F00000-0x0000000004F08000-memory.dmp

Filesize
32KB

Download
memory/4024-11-0x0000000004450000-0x0000000004460000-memory.dmp

Filesize
64KB

Download
memory/4024-5-0x0000000002D80000-0x0000000002D90000-memory.dmp

Filesize
64KB

Download
memory/4024-603-0x0000000000400000-0x00000000009B3000-memory.dmp

Filesize
5.7MB

Download