ffdroider | c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d

Analysis

max time kernel
93s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe
Size

2.1MB
MD5

8f39826560e920ca15af69213cdfbdc3
SHA1

ebed27deebe1796b53dd6bdb780b102d153a15f6
SHA256

c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d
SHA512

7f9c259c974234cd6fa8830a44f08aef9ee29022cfa9f888bf741a06219652e40c14a164b376bda520a95033154cef51342a7cc5af03178a770ea457c6129622
SSDEEP

49152:D9qK5kXz7opLlAET5Gug+2RdKcObKKMLFZwKby:BqKS3oM08GcO+K0ZwKO

Score

10^/10

ffdroider discovery evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 1 IoCs

resource	yara_rule
behavioral2/memory/212-605-0x0000000000A90000-0x0000000001041000-memory.dmp	family_ffdroider

Ffdroider family
ffdroider
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	212	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe
Token: SeManageVolumePrivilege	212	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe
Token: SeManageVolumePrivilege	212	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe
Token: SeManageVolumePrivilege	212	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe
Token: SeManageVolumePrivilege	212	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe
Token: SeManageVolumePrivilege	212	c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe

C:\Users\Admin\AppData\Local\Temp\c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe
"C:\Users\Admin\AppData\Local\Temp\c8fff9ad2ab8cfa7d5e9ee1dbd19e9978e901978361f46fbe2ad62c61fef333d.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
14.0MB

MD5
2dea244ef41c4a60faa15f25a4c2ff77

SHA1
eb2248727b68adf661140f99ff84cc4759e4bb54

SHA256
936f1fd27a0180f1cb79411cee9a224c0f02277a6bd4a800e48e9bfd57fca5d0

SHA512
d7b85dd298ee20cf0945ef56ef9541ec375bdc0846e48067058f92cc5fa8a56d2039df2c932b46656bdcc3f13503259803d4b6187e8f708506325524cd97a258

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

Filesize
50KB

MD5
597d1c3b0adaa0dd0252f66c30b60884

SHA1
e9bc38162d2e516ae988946f93de6b2ffec7689f

SHA256
b25305f94a9150b826cfb8f322291746494bbd27aeb9d6f482eaf7dec4ee0265

SHA512
b3077293abb72e2b4f8deb382cc2bb9b061ebcd26c2ef40f652e3c659d8016c366c57b83bc7419c60d730a38004391e388d7c2b99d4934b53c4fcd4c3f8e6433

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
5eace28b8bc960da28e96b425f27d3b6

SHA1
2fa8352ec08294caa66a8ccce28981eb73d11f6c

SHA256
9fab229524ad297db74bdd0b9551fd18f639ee605b65659cf04ecc5615e68a3b

SHA512
a9a8ae40cb14b0d1b56fdbff5ad57565a417349444497341020315d1059902b060e3abab76a34dc59d3df8393cccbfccba254c666c618e27910201cf5b47f8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
cde158771242497e04905c57c6a7706e

SHA1
647dc395af6ff2c82f078953633d27986d6b5083

SHA256
56dbc19bf5761f35e11a1366b0d4e2ecb9eba2f07ecc68bcb45b9b46022136ff

SHA512
fdba3ae9d56e81a36bcfb5432540153d27bdacb22f035bf5d2c7d0737ecb67924661c04e104efdaa63b0fa57bd4e59d997e253c2e34431c77f710f622d1ade6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
971fcd5de2edbcf8dfedfbf260550d22

SHA1
1814bbff061c11d4ab8c20bc1886f54628040aca

SHA256
121fafbe81c4be924b3ef5c61482e4bb3e6addf33d05a7cb903c1e205d0ce054

SHA512
31ae65df74242894515a337fc80a3e9a9ea970a5172b79a9a7271eb06cab2f47573bf6d4200712b9e40d7fe7a47274dae7a93d8fd59995f27e2bfdbcbf2fcb43

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
5df3200e87f13e8e0734da629ae39a24

SHA1
90666cc63824fe776f7de709b6627ebdb9382f16

SHA256
8b39677cde1b782fa88ee2b99fb914a70c62b84405b5f92af809f45c54d0fc7d

SHA512
27597ecabb3d31754a6abc1c841bd3240e6ceea188f00c9d32522b88c2ec96434d8549750870ae97ad2326cee614f0b5271306fc0099ae35d7b4e5d06ee3dadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
09171674b8ba3d144e787842ded552e8

SHA1
29919568aefcdc3ebb76cf6f7e3c6964d45b7f18

SHA256
f1f24d6f46409d27c9e65959f0b7b715984b31c8cad5b8435317853c1cad199f

SHA512
e963c5a6f10d08cc34fa6d4e01eea6e43edbe3e00e6909fd1f8229cd6f7b39bce07e9548ab8bd7b14097b57df6bdb55cc071cc5f120482bef8ad2be78151cbb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
17dc5a145ac4c29c7e4eca3697ffdb15

SHA1
6e1e40e5d29c118a89a64c5522466cd0b21bb36b

SHA256
4561aea915f96d2ce71e33feaa59f6e6785c47a4bb08b035ba5282f4ff6802fa

SHA512
2d1a600b475065deda87deef8f2d1783ffe7b25ef1eefe35ea2c5e888cb3b9a8f70c7c2688347ed3c66326d69206fac6f00bcccfdfcd0f385bf050ee09a38c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
36b66eaf2c8519f9bf961fca6a6e8d21

SHA1
be0092e0c898d1e5a1d4f908f017f8c95c6c2e90

SHA256
0ea1a318f2591a68f461073d5ecf6b455e4bb9239f3ff70ec76f084d8aa3d8ce

SHA512
3d587dc24afbd9c2f6dbe1f1c5c5afa0d42fade67dc94de3b87c64e2dd75cef18032eea5f852cdb9f7a2e3adbeafedfc9f39ba3b528e6b926177fb14651490ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
a3aef22e09b6c9f8ec4d201fcafddc96

SHA1
4901964bb80d580ea8975e9617909ce20d36a1df

SHA256
6200ab4f3faabc35b53c112bec469f7c2fe07996a63e657e920ddb1730810931

SHA512
5fdbb2512ee14292d131ae578f28543269c90d2aa0939dac5df4f5ce6c6162fc00e8d842d2d94394d32dead9cffcfd71315c43e3f18ee0099609514b60224577

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
ed8e04c809228cb92aaa30564c9c894a

SHA1
b5c1636e53992b0c281e00e6bbe0bff17ba3315d

SHA256
95417aa38be320fe699f03c824c407988311e5abce682970a05276289b894976

SHA512
8355ff8783f842e2f2fca56e8011f92bd4fd15f5ae30587e1e4039b920523216966b694fdedaf88d2d57558792a302d9aa5ffc997510a2dacce6a1b4284d7ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2fa9d27571ccc022464486ef3e72bd5b

SHA1
c6b5ce723da4412c5dd344a8f3e0d5436581b082

SHA256
03429c64b69b609a5e8786d91133b25bea7be3d7876310cd5ee4fec224d2dfff

SHA512
6f461eb9984dfc90493a1c03ec56cb1558ca7944872eb81f31c457aa2204a956f53d6d87806fd86f833dc351548e66260a1a7aed6f53c80ddaea698675e03520

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
98ae47e6900608387937f7f8564cadf8

SHA1
df9b5c658af4df97209541c0f7c6db77a8c6a4c6

SHA256
07899f357428903ed58300a60a8e822e422f6620e3fa730917bed01d1671f667

SHA512
8f06689e8e761f25a589b6a59aed6d464c97432ae185dd09912205a42259d5ead2f4b0d938782f70d2e66c887315b42d2f8e802402614091e0233452a5e3b569

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2efbf42550e7e10d1de9f6b3c5951986

SHA1
e6b9d174554e0d784c45167de7273a775a66baf1

SHA256
fb0b746e24ba04196656276f1c713a217c3e6f1052bf2b6b4d18bd763c4c2915

SHA512
390ab1567fa7faf1eb986ff25c6e69f6de2e44bea9e0843265260c267ada12366909401c9328bd3767ff2d7df44d23ff37ee94a3feba344eaa387502a8bc77ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
8e1ebfb78e0b8c3681e167c08998a339

SHA1
026134b36d0252afb250e8140a0975c9f1d04455

SHA256
c7fa40f254a0f43c7987f02d78e420eb1d5bf4543244727fb9ad12747f2c5b69

SHA512
23d03bed8b33aa6c351178263ee27c1574021511ad09bec22105a0a75e90c3d90a172d0cde6e9bcb6442bdc980ce07907bfb988b757d3ff60b5f002622ccb7c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e24dc9805d469b929da1d58fc6d6165c

SHA1
500219c20865b5bb068bfe35481b6f62a1d9c31c

SHA256
3b4af9d1b33b31696b508fd756f14758965c62c9cbbf4a48ac0ebd21e236d1ae

SHA512
659f6e52d43415474bb1a6074b0dd79c2abad3e2cc5aa5313a17b9b2b3d5a4382117b47a17ec9dc7ae8e14cbfe490565f5a5df61b4ea13e2227be2d3dd9daa6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
38b51f45d771eccf74ebb1d06b964293

SHA1
0e7f4275d1cf2e4d0908382799af11e73607c373

SHA256
9935bc513890d903c9435bbcfa6c2602d931f631589fc17c392032d8a69de40d

SHA512
a37bffbe1972b35636dc784d8be6cc822760498e9f72871f0eb340c717edb71f8a4e10cbedc8f39044a4abae6413b5ebe8cd4ded9fa30d5880ea67ccbcf09610

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e80d0b6d516292453749466af029b420

SHA1
a5b5f003266dd4888fb169f86c90f3341735e11f

SHA256
3f6b9f125f672f07bf7b7f0ebf49f825c695ade551066a911e4c220a2f0fa373

SHA512
ae6f2f317bc65c87017c391a2e230c483c1fbc70ad0661d1edef8c8efc03a76e5e82d0dec96a210f4699cdd4bc767d0a86fcbd0fae385e2e51c9d197488d6b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7f74048343b4d91eba764af00178c946

SHA1
dc9b181c5ff6cbb2824d439a0eb8c139b41e3eb6

SHA256
6bbcd568abb0ec694f1a7a4b748f2a037e2fc27c790cb35577572320f1472862

SHA512
87d8b14e2bf4ddc73ad7dd5c3ca92eaf75d9236627f7208ff6e27958ade9ba2ede2112b1e44cfafa5bc5f0c4c984261e309673e0f52e4666271b545513ece428

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f076735cd96acdf8f28062d914280b93

SHA1
3189c9dc441da29c40ba8ff8f1e47064f06ccce1

SHA256
8c83ad5efeb819fca6bc42ab5f0f6ec14e5b8c04d4ebd253398661ccf173fbdb

SHA512
b017ca74f5bd11b24fdcb9b8033797b47960ca8b14fb56b7d54c773a60cddf70da182b6c31b29ba4c8a890749a7b8b6b16e6560dd43ce51582fd54aefbfa7369

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
9e5cd3bb8da0ba0fb12aeef21c4c3755

SHA1
67509530c95c4b044d2be6f74cdf22ba6d5d2737

SHA256
b43698e5528362a7b215c6a32327ccd5a746458339139c465bac1d7699543ee1

SHA512
06f7b29f2d921f45942b1bc405fe0ffa4997effedf69686be5cb5b6055cebebe8172045963784c33971a3d64c5be622ef47500bdf8dc1edc7499b604fc75faf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
88d1b03002f5a3bee04a8e4ab2e59280

SHA1
710143c249e955d6da0988228f98afc8fae707aa

SHA256
588af8840ba7704e21387226e33455aac7a14739683bd2579b6ba36b3ffbdc39

SHA512
6e84dc66794dcdc6fa6e2c6eaf7674a1578b135fc220d192c04ecea4b021b4254bf61e7512b8cea2f632242f310e213d0ee94eeded86684604467de72d8c683e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
6515f4651dd6ea0a8949cf256f749bb7

SHA1
c6e7c537afb8c851a487e6141a23dd922ec1231e

SHA256
1f0ec0ddd1d4bef92c753175d18dd2b5ceebd2c80fc36cd3be820a6f63e15312

SHA512
8b88959e631040c1e65b10aa5a9bc50bfc46b0493b8dfeb47f9d0b25d6970a9bb955bb1c381f2f651f66113dcf2bf548440af0496ef3b5dc7b1dc845c1c7efe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
be185cba03468a5cd6d11e8d075c3e42

SHA1
b89ebd3c05a394a442d790a664e0c83f01a94a64

SHA256
5bb3b6b2fbfac8cdf7322bd3409d1346949b4ec3759a0044f86d5e40e90f37fb

SHA512
a2ffeabb5cb056d03e61b76116e718165d3b6dd0e7b3196eb633811a7252d4e05c7488cc77c088008437f51a15f858cac40888fbafd5b9999a12fac9c273f2e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e9c64873ea914a882a69ee92220cc4d9

SHA1
a4fe120bf8f45314d0001ca02acbbdd6f749433b

SHA256
609dcdac987e2c6500453cc1333849dd07cc5b207b99496e60ed30a385afcbf7

SHA512
2d65d2a6ba197d72249540911394eb681728aae48be272314a10cb73295ae5a4ccd185b1b00c47a4e011445569f5bf0857b751e1e773d9937389b3a7b854497f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
82a24ae95d8b52c8ff28824bc448079b

SHA1
e48d256f600aeadfa79b31645822a22212f82598

SHA256
fc9bd77d5887e33aab8bb0a26bf63bd08790447748885c5f6fb57354a08b58ff

SHA512
150853b2b109ec0157c669f9eed94123d0e5cd79c61ebceaa7e3f4d51736344ad4ed451640921798e6224d6553e00439474d59247796d6ef0159bdf785b9e29b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
627f29406b4e0f5d9b5901a384951da6

SHA1
c2db4ecae7f2e2cd55360d7d834d023b61d819ea

SHA256
1e8166193b4b5b98931a6b8164950cc55d788fb28565478c0ed4aeb0b75d6e77

SHA512
903fba994c92d0090826485599a3c8db1d52be524b0d68ed606457d865baf3f9ff7de55692d757cbf694d9b6fecda40975eca507a43d6b472571e1d58103592e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3ee14b04db993e4ce663de4adf70da81

SHA1
031574040590b9d1673ce3384590d18388570580

SHA256
760c4c3ed71fd04f1275af6997c7f2bc9fdeca4b2a93796869f11efa79e626d1

SHA512
9b984248fb35967f9bdbbf2f92dd2ae66e6d65dad3fce2bbc17bd40302faa3635435c9154cf47d99ee83d080726216b36319b2558ec78023005bf4b62b36c764

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
44f8538e27847ced527867ac809b4990

SHA1
331490cb05e09214587cc62918781514bb5c4886

SHA256
0c797128a9958ac18506f8d519d69537675152d2142569ad13b06ce4603a58cc

SHA512
1e3b58d3174a673da88b1029b5699113064e6d185c290c7cfcc632d463b2fcbff26b088d16d217b06dd64bb06b4dd667160bda28893e1a545c0cf963cdea7361

Download Submit
memory/212-50-0x0000000005690000-0x0000000005698000-memory.dmp

Filesize
32KB

Download
memory/212-65-0x0000000005470000-0x0000000005478000-memory.dmp

Filesize
32KB

Download
memory/212-130-0x0000000005990000-0x0000000005998000-memory.dmp

Filesize
32KB

Download
memory/212-129-0x0000000005B20000-0x0000000005B28000-memory.dmp

Filesize
32KB

Download
memory/212-143-0x0000000005350000-0x0000000005358000-memory.dmp

Filesize
32KB

Download
memory/212-151-0x0000000005990000-0x0000000005998000-memory.dmp

Filesize
32KB

Download
memory/212-153-0x0000000005AC0000-0x0000000005AC8000-memory.dmp

Filesize
32KB

Download
memory/212-127-0x0000000005980000-0x0000000005988000-memory.dmp

Filesize
32KB

Download
memory/212-166-0x0000000005350000-0x0000000005358000-memory.dmp

Filesize
32KB

Download
memory/212-174-0x0000000005AC0000-0x0000000005AC8000-memory.dmp

Filesize
32KB

Download
memory/212-176-0x0000000005990000-0x0000000005998000-memory.dmp

Filesize
32KB

Download
memory/212-126-0x0000000005400000-0x0000000005408000-memory.dmp

Filesize
32KB

Download
memory/212-123-0x00000000053F0000-0x00000000053F8000-memory.dmp

Filesize
32KB

Download
memory/212-115-0x0000000005350000-0x0000000005358000-memory.dmp

Filesize
32KB

Download
memory/212-114-0x0000000005330000-0x0000000005338000-memory.dmp

Filesize
32KB

Download
memory/212-75-0x0000000005690000-0x0000000005698000-memory.dmp

Filesize
32KB

Download
memory/212-73-0x00000000057C0000-0x00000000057C8000-memory.dmp

Filesize
32KB

Download
memory/212-128-0x0000000005C20000-0x0000000005C28000-memory.dmp

Filesize
32KB

Download
memory/212-52-0x00000000057C0000-0x00000000057C8000-memory.dmp

Filesize
32KB

Download
memory/212-1-0x00000000005E0000-0x00000000005E3000-memory.dmp

Filesize
12KB

Download
memory/212-42-0x0000000005470000-0x0000000005478000-memory.dmp

Filesize
32KB

Download
memory/212-29-0x0000000005690000-0x0000000005698000-memory.dmp

Filesize
32KB

Download
memory/212-28-0x0000000005820000-0x0000000005828000-memory.dmp

Filesize
32KB

Download
memory/212-27-0x0000000005920000-0x0000000005928000-memory.dmp

Filesize
32KB

Download
memory/212-26-0x0000000005670000-0x0000000005678000-memory.dmp

Filesize
32KB

Download
memory/212-25-0x0000000005650000-0x0000000005658000-memory.dmp

Filesize
32KB

Download
memory/212-22-0x0000000005510000-0x0000000005518000-memory.dmp

Filesize
32KB

Download
memory/212-20-0x0000000005470000-0x0000000005478000-memory.dmp

Filesize
32KB

Download
memory/212-19-0x0000000005450000-0x0000000005458000-memory.dmp

Filesize
32KB

Download
memory/212-12-0x00000000049D0000-0x00000000049E0000-memory.dmp

Filesize
64KB

Download
memory/212-6-0x0000000004870000-0x0000000004880000-memory.dmp

Filesize
64KB

Download
memory/212-0-0x0000000000A90000-0x0000000001041000-memory.dmp

Filesize
5.7MB

Download
memory/212-605-0x0000000000A90000-0x0000000001041000-memory.dmp

Filesize
5.7MB

Download