ffdroider | 07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe
Size

5.7MB
MD5

5f122b902a524ad2197a0074c29c9926
SHA1

384d649692718712e83685b166161f930472488b
SHA256

07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41
SHA512

2a91533024bea804f23da5dd50c481e422130d739c45eced2b4ffc9c79eb3f2bcaf6d7708db0ff796a5d4622714606c6670560fa4f55dfc3f4d548fdf3d9b49d
SSDEEP

98304:Y2b4nu+hxLKOmKpGkn+e0WUqAaYeebUvQ/qpyr0k9b+iHuNeRQhMUI+iZ7q1zPP7:Jfzd6pnG+iHuNKQbI+7NAjtVa/uG

Score

10^/10

ffdroider discovery evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 2 IoCs

resource	yara_rule
behavioral2/memory/2456-0-0x0000000000400000-0x00000000009B3000-memory.dmp	family_ffdroider
behavioral2/memory/2456-603-0x0000000000400000-0x00000000009B3000-memory.dmp	family_ffdroider

Ffdroider family
ffdroider
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2456	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe
Token: SeManageVolumePrivilege	2456	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe
Token: SeManageVolumePrivilege	2456	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe
Token: SeManageVolumePrivilege	2456	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe
Token: SeManageVolumePrivilege	2456	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe
Token: SeManageVolumePrivilege	2456	07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe

C:\Users\Admin\AppData\Local\Temp\07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe
"C:\Users\Admin\AppData\Local\Temp\07d4233824e6ede37efc81c9acf66316f64d170802a47793de957acf9a664a41.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
14.0MB

MD5
58f54e30eb6deca7ac60c29407f00cfd

SHA1
655b0427f848b3fdcdf73c4196fff2b6cf8d4f8a

SHA256
3fcec09c7824b369b34ad40c88df95bfa60d32db2e617bbcc47708bcdeb29673

SHA512
a5467e3cfd4e4ff754c7df33f10c522b827d875fa0d40bf0e92b031171af782e33725ef96b50b2e43d4610353d1364cd223dad052df866d86540a117e53a3959

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

Filesize
50KB

MD5
28227095a14a50d8538008f5be4af8f5

SHA1
0c4f79bb05499cf9bb4456be07063bbf72adf563

SHA256
593e7e7bca19cd4f4c5cfb11bd4583da9195dcb11225ba378e576210655bfa74

SHA512
a978bca972d3ba3a9fdf0cfc095c34f85cfa802335e73b05c88d23e08fe763851cae5b81db95098eeb8c84157806184db5fed3315ae379ff981ea45e2ac45e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
1ad9b7f5b7a92ebe93eafaa410c5c140

SHA1
2b039f32c49a8fc4293fa1d2f7f48fb29e455a5e

SHA256
6562638c863854bd25b9b11c719a136c4667f7e6919e312ce054b1d4fadd5f3d

SHA512
677e67cf8e7411efb89cd04268433063a5448841a649b30402a429da5265ac3c71900a136917f261460cd31a1ac69bbafd01af02b89af21e724a09f317793181

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d575e1b8e93967e2ef1017dc4396f9b7

SHA1
be61aea003c717d704223a0134e19c3eb4f7d606

SHA256
b31b4d30bb13ea06a4ba98c0529bf9d3d215e95ad26391f99d9a1e0a6de2000b

SHA512
ac3cc1b095978084de92cbf1f227bdf982dee9ff9a622022650107dc6c9d5f154cca75732d59302bb9b4fea9b538468d705174773ec84068c3b6e0bbf59915d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
a373be9cfb680fdc86d6eab712d4a6a5

SHA1
6fb5c7fdd676874c7720b9d58e07dac890937203

SHA256
5871123aab1bf066a7a2fa0d5c1fa724d2574d89c3282a954ad7a373ced3bee9

SHA512
6fdd502ed02dcbe8fbf0aedc63675ae711529a88a6478cbdd4f7e9709bb344b01361e5d9cb77f3687c986f9d4c964e561b30ef98a76ba0a6932e3f0854f3ee8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
6ff930e205efdb7e76059a7464dd23ad

SHA1
fe53d4b80b649810ca0a199e07cc591fa27b16d8

SHA256
7894e99ccd0057b034e069eac2b0049d63bb0480a0934a4ba2360e19064982a9

SHA512
2520c85c28a4d2381c564c9983df807d64295a5daf603465e8c7444a5e3c23e7b4adef54a9af8de0cd5fb14fe9770f98e97cdaceca32c741cba088e5384ba7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0712dc6c34cc194e0d39268092988c10

SHA1
cc51c349cd55fefdcf6ec30e5ca055a68b43fc54

SHA256
7924ebb2a33b6b1b5b01b71d7372491c616bce09fd76fe5c5aedcf97e3a0aedc

SHA512
2b2e210cb60395e1d7e1f7ff8475eb661791fe35d21174e583ea46268165358fa44173a6728b108ce8bcb82e7b1d5eb02c1a7e96cecf6db47a40be948a9cf334

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
07578a04c31a6cd3a6897793d0db0a05

SHA1
8ee217584b09ea547b5a2fd400d12c7825fa5375

SHA256
9c137b888bd9bbf907865f048a70eba9c848ef531f6ce8472b941ec69e1668d4

SHA512
db2e36fdc170bc9ef7172ac1838beac090bebc378c285bf883e0ef998c03c9ededb98b3da358bde3e83e767891255dfb61c1c5e7057c4643aba96a0b3410f326

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d1fe16689c4e466cfdcc7ed51338a815

SHA1
890e4c48dc22e247a75e7acaba2ecc872ba20360

SHA256
3535401012991b57a3a11cb6590afb94dc8850ce6bd9daa79c4ef4b383f038b4

SHA512
132ab0fd266c37a9ff93b655f0951c3a44b376bf43989e134e297f62f974fa5f72f93be2ed72c4c96080c4b5d738fe6c495b708052ee7090e2fecad18426467e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f84bbe220eb081539bed19f045040e58

SHA1
c034bfafdc1d0a2ca232f97b4b6e6cc2ccc09388

SHA256
370da889ee9442c4cf0514daa54567ca13461775448169dfd8ac2e1b85805980

SHA512
968896487eee5231aaf8fc0fb672a0aee62c5a57dc6ef0a05b1637e612bdf280fda1dba4e5015c2e82041df1355d5aae965756c03fd1982d16aa68be4afe1aa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
24ee619e35e476cd5150ce3caf012480

SHA1
d6f0b14726d6407ecd62ca0e5b0cf965af6cb419

SHA256
cdef04ea5bfd21ecfef0166eaeef018adb535df0be4d0aba1f0b1dd5e2297b78

SHA512
2d2832ae02205118707941e30e0b23466ff9e49626d343cff9dd209f3210a546de4431a4a1757e0164891101fa132663514ae906d5c76053926e90d81c09eb92

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3c480bd930553cac8b11dd0d27e43a55

SHA1
fda00e3d05d846ccc9f20471f252b516e2baed31

SHA256
16c14a3898c95fdee2f6e57db101d756f5289892a73b83d34aeaa944f06e66a4

SHA512
dbf0ef69dc498591bb1aa4844e52c06d5f4ffccfaa2252b9baa86bf2f906f9b076fbcd94f8f359f2367cc8e529b56517478ce1a1cbd621bd4675a9b7ed18aa0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
311bdc9f354c1b4bdb6663dd4b378057

SHA1
9cee67d228e56836ad9db865497ea61038223440

SHA256
21e184c15d659eda08e276cdefbb2bc757109d3bb2668d9ab24723830073bd4f

SHA512
a04232128ee931f7269ad405cd0641c6a94e7371bcda272d9cd7f4d578c7a5d395ef48d9873cc747dbfe288808e52baa17bd2778823f5fca47c3e9b8d43a042c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
50d7ba376ade963c4f62a805eecdd91d

SHA1
82d05600381e8d32964792dac5fe7dc12023ad94

SHA256
45e96ec35ff8cfb1e09cd308dd22925817360e420b2b024d79665bd148adf0f9

SHA512
7365a500d0690226d8b63455b78e090ea20b6ef820910f443a927754da66bbafa988f3c67adec2f0b8313683561a0b824180d38efc4c6be2c92e473096e07dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e20af7b0e0fc9bd085ae620151748871

SHA1
a9fe1de140b65c905c8008bb97f210b4f2b54fda

SHA256
b0d2189ff20b35a8089c2650269751e3c1cace5193c8b74c0a2999bd1f4a9bba

SHA512
5b19bbdd48a39794c654223d853b0435e48abaf85ccc05ef4bacfda59b0da7f26c54accf6b77cc36afbfb4749a4d18d6c029dd6539d49c6f034ba54a08e12966

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f2ee212c7163d823ed761782694c269e

SHA1
d5984b602cda7bf9a70be3940f63ff6ac5d6cc43

SHA256
2d722596d6c068d01122b276a7ceda727a989589a070ce19f00a682e4482241f

SHA512
1cb8bf01d16da679e3d2223dea8ab89f78b584a02f2e6f62f9623dcd0fc4fd02ceaf6be9b16b93eca0f7eea06f89e25b1b186270a98fbadd4668415abbada606

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
85f30becf1cc8370b9e6b7596a39022a

SHA1
e1b2f3b4b89d46740e035eba590ff81ab338b222

SHA256
29947652c5fb4215208f5d2267fc037712b075b997e1d410e6d4bcbad1180726

SHA512
ea41722fb34fe0caca438f561b877aeb4dc5a516cba99955be6990cef368ea6b179eb216db11272e7dd191b4de8c2ea70109184d07d034c186d90b2fcacd3063

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
434e20e8085938e3cdf37005f22646ea

SHA1
2929a63675b76809020cb2791f9c9b69096530c6

SHA256
2fcc5e1d46dc5d15fe8bd9da02accde8c0d41c86a740b38d6501ecdd7ee46443

SHA512
a3fda50a08bb2af80cc38fe39ab6255c7e65d3baf51a10b0722b6c445331be90952b23d9e2ea4edfee59aab40fcd73e9ca9ac27da57ac2acae3815eecd8c8e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
29bb4994b2548646ae9a4e0cb96233a7

SHA1
d8ddb0a92c10aea95f3b6379e0acc5bee8169a26

SHA256
e063c90357d7a7396d6c7cef636910ea50c67d15b45f448aa6fed62afa11abd3

SHA512
1bad0ee9ccafdb6de107343ab0ddca7c628516b35894bb397e3350263366b0956add430946d6b3f622b6f3bf9d47694777e4ec06a91b682a1fcdaeedb10e554f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e3890ed64441d739ab01fbbe1b8ee8f6

SHA1
a87fa69cc8308e96c6a93702987e63664ec5cd60

SHA256
9c88d0bbd1bd627b5ed21fc67648e57a6646a4ee4af2a58814972e9687e5eb90

SHA512
92ac49f0ed498fbaeccb62e649a7749dc21b76f166b13d314d135419093d5963e61016eabc6a6be1dcd9e10aa75c1bed82e5ef133b3269251efdc730306e6664

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
6d1d59facba4874aa26a3297de93bdca

SHA1
f1b027b2b51924a7c90f1c632102fa8846243b58

SHA256
34cabd3a9eb6d7dc8cbcb2e8cdf9517044cc72da99367ddfe1423cf2a4da0699

SHA512
5e31c552fb7965cacc30cf1d5deaabb421943ab4d473b74a3cfe395b79510faf3bcee9dc5eb2facbb03fbc90d2f6417a82d100f9591ddb822e92156485575985

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
73c3b47b80c40fa6fc404dc326509e9c

SHA1
6dc837f3cb040cd6480dd3b5f5a0b1aef7236b51

SHA256
448cf0ff1560de9e40c8b5225820d386d9801c9310a783b52a2e7115a9adaa32

SHA512
c4846ec31960fba0d1efddbc9a7988c2d31c7a5617e84e63aa11f721c83a348ef3a5706d731a26b327ec87a1af81404e6db4d2f48d49c9c2a9138dbaf1c34b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c1fd9ff84f8acf4e980581f6d7119c1d

SHA1
c473da774dfca5e3d5e5eb7c0f54aa126143643a

SHA256
3a0352fa4c1e89e5fc61fe77dfe8eb70076730f657ebb515d88bdd315f5e88a6

SHA512
ff7a5ea52120f82685e073fc9726b757942c021e59c3f04827617a42a74c3a75ef3066dc70ac057e562472ae916ae45bc788b4a412675f0cd8d91a45253805c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f7a804d99d727d43b07afb86eb28bf10

SHA1
e04e8e1681147b689dbe531a962656412d107e6b

SHA256
dadd04d3729832429170f7db45ad4c1b00f74e682f69d46a1cd2f1795cfb43ed

SHA512
f1cf788ded5ed0c7059e7e4c8af90ef455249569242d2a1ff9f90d968c54f319877a4cba15ac267525791114c01205e8b1416ba6598e24a53391c1e90fb3c55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2035a8b0a46947e5765d6e7fac012267

SHA1
62e0d93269ab1875ce1fcab8399053bda59f033e

SHA256
3b5f2009a07a31edd2452b064f31ad058a2891f649b0b70930c654821b3de178

SHA512
872b0391a1b8a8c5c398b6d347983cd8ae819bbf98b3726f1e49b86393463d2902e812d0ae442e508e80d1db815421ed4baf2fec320070d76eb3e9848c1e4077

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d6e2b15e3aa69176d4c7a153a3a8cb30

SHA1
c70c029dae919154ad39e6d04e0ea30b54b0187b

SHA256
2bccc0f37de72a5ef12cf47fa95c542ca444b73ffc9aa0207136e94d58c61f1a

SHA512
4c9d16a8dff493bc5d87754c861580cb1e2b705ef13bb3ec2b2663f6bd6052b905d543ecac5b086deafe83ddba3f52c4c3c5ce1581d652e910b35751d58bf311

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f1efd4ecb6047edf60aba139a3bbe924

SHA1
da3e1ef0981299f41f90b57736b030a38b0824d6

SHA256
dd3653a68e91e29d4fa0948f14c66443b718e1286a5dad31a277e8f38d567538

SHA512
2534f2a78260d55f1f0b5d045f52ac6fb9e2beb3f3f2f3eed92e30e7963275c6c95989a8aa60cd977242f0e384b43ffdd145219ccce4065cc697b1f7e5028c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4879a1e34c37ac54d6c2c9deaac75863

SHA1
b2828af80f40a66439c9e593fb6af3e8c588e883

SHA256
d421cfdd0d419d2b9763db131ca5d64e992dad1b3950cff372f421bfebec0188

SHA512
4d4fcdbfdc16d842ed0649e9f691ecd664c1848630beec274ed586304d9fa42cca616329cd8887f0ab6cdc166d2f2838e8da1912fb5246f727a889602bf571ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d09825b269e32bb5d73571224e020bae

SHA1
53aead498c239cf621368105b2e173300ef93b62

SHA256
d5788504ff2ed482678ce34690a779d82764fde4015f4183e3c3f6cbc5044efb

SHA512
73b1988e80b5fc94fd123038cf91c9108bb71090cee57d0be6f7133bca4eea16920730b3b18cee55865b9a6af4077d4ee4b915043b9dba928b4b84c6d42734d9

Download Submit
memory/2456-51-0x00000000052B0000-0x00000000052B8000-memory.dmp

Filesize
32KB

Download
memory/2456-74-0x0000000005180000-0x0000000005188000-memory.dmp

Filesize
32KB

Download
memory/2456-142-0x0000000004E40000-0x0000000004E48000-memory.dmp

Filesize
32KB

Download
memory/2456-150-0x00000000055C0000-0x00000000055C8000-memory.dmp

Filesize
32KB

Download
memory/2456-152-0x00000000056F0000-0x00000000056F8000-memory.dmp

Filesize
32KB

Download
memory/2456-128-0x0000000005750000-0x0000000005758000-memory.dmp

Filesize
32KB

Download
memory/2456-165-0x0000000004E40000-0x0000000004E48000-memory.dmp

Filesize
32KB

Download
memory/2456-173-0x00000000056F0000-0x00000000056F8000-memory.dmp

Filesize
32KB

Download
memory/2456-175-0x00000000055C0000-0x00000000055C8000-memory.dmp

Filesize
32KB

Download
memory/2456-127-0x0000000005850000-0x0000000005858000-memory.dmp

Filesize
32KB

Download
memory/2456-126-0x0000000005460000-0x0000000005468000-memory.dmp

Filesize
32KB

Download
memory/2456-125-0x0000000004EE0000-0x0000000004EE8000-memory.dmp

Filesize
32KB

Download
memory/2456-122-0x0000000004EE0000-0x0000000004EE8000-memory.dmp

Filesize
32KB

Download
memory/2456-114-0x0000000004E40000-0x0000000004E48000-memory.dmp

Filesize
32KB

Download
memory/2456-113-0x0000000004E20000-0x0000000004E28000-memory.dmp

Filesize
32KB

Download
memory/2456-129-0x00000000055C0000-0x00000000055C8000-memory.dmp

Filesize
32KB

Download
memory/2456-72-0x00000000052B0000-0x00000000052B8000-memory.dmp

Filesize
32KB

Download
memory/2456-64-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/2456-0-0x0000000000400000-0x00000000009B3000-memory.dmp

Filesize
5.7MB

Download
memory/2456-49-0x0000000005180000-0x0000000005188000-memory.dmp

Filesize
32KB

Download
memory/2456-41-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/2456-28-0x0000000005180000-0x0000000005188000-memory.dmp

Filesize
32KB

Download
memory/2456-27-0x0000000005310000-0x0000000005318000-memory.dmp

Filesize
32KB

Download
memory/2456-26-0x0000000005410000-0x0000000005418000-memory.dmp

Filesize
32KB

Download
memory/2456-25-0x0000000005170000-0x0000000005178000-memory.dmp

Filesize
32KB

Download
memory/2456-24-0x0000000005150000-0x0000000005158000-memory.dmp

Filesize
32KB

Download
memory/2456-21-0x0000000005000000-0x0000000005008000-memory.dmp

Filesize
32KB

Download
memory/2456-19-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/2456-18-0x0000000004F40000-0x0000000004F48000-memory.dmp

Filesize
32KB

Download
memory/2456-11-0x00000000044E0000-0x00000000044F0000-memory.dmp

Filesize
64KB

Download
memory/2456-6-0x0000000004390000-0x00000000043A0000-memory.dmp

Filesize
64KB

Download
memory/2456-603-0x0000000000400000-0x00000000009B3000-memory.dmp

Filesize
5.7MB

Download