ffdroider | a78990736434e16feb2a1ce666f36862431161f4821be9112a4608eedcca87d2

Analysis

max time kernel
93s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2024, 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe
Size

2.1MB
MD5

135cde4f3fdb52b79380a7e7da9f0c30
SHA1

3b35b1dc8d7270d580d7b9fa66111cb210065809
SHA256

a78990736434e16feb2a1ce666f36862431161f4821be9112a4608eedcca87d2
SHA512

058a4d3a475f3f862ee07b4df5d3d378f834b444e98036438ea56a640b76857eb56d21008839d91f5b8b1e4f79cbb5f385b145f717725954ed58e7073c4445c7
SSDEEP

49152:NRFA0Ak/INTT5bOIR23xwQ2h3uLlID22zOZEn:NRq0AkQNTZOCgwlupIDzzOZg

Score

10^/10

ffdroider discovery evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 2 IoCs

resource	yara_rule
behavioral2/memory/1252-3-0x0000000000670000-0x0000000000C20000-memory.dmp	family_ffdroider
behavioral2/memory/1252-605-0x0000000000670000-0x0000000000C20000-memory.dmp	family_ffdroider

Ffdroider family
ffdroider
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1252	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe
Token: SeManageVolumePrivilege	1252	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe
Token: SeManageVolumePrivilege	1252	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe
Token: SeManageVolumePrivilege	1252	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe
Token: SeManageVolumePrivilege	1252	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe
Token: SeManageVolumePrivilege	1252	JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_135cde4f3fdb52b79380a7e7da9f0c30.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
14.0MB

MD5
b175e8edc08806856ec8e6181ec1cb17

SHA1
9cc8720ad422fd2a4e62d6d5ac8cd0421f02c010

SHA256
1adf4b887a18e83aeda9e495577f151b6cb7f6ad1b606b5d6508aa18183881cf

SHA512
068ed42591a982c82632d1f698bc0147f64edf1fefd7b0500fee99bbc5f3d632c1d331b8c2e0483daab6ab10a7166438c33fdf0e5b730f72f3082b91ce0a65c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

Filesize
50KB

MD5
1615907f044ea4a10d28b97c68df4112

SHA1
e129e131d7eb72df69fe44eb50d623ebd4bd282d

SHA256
8f3ddd75d1fb36470e70c8199aa574e8b028ae8a4e4020447109d52dbd7d5df4

SHA512
0d06fd22be7fb7c122b04e20c8acc3fe96145da7c26e92e3ee30e22f080ad56fbd5c52f81d77d8a41629b000393742aef7672fda2056733f320d412dd716d55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
852db05ec4abf541674ee9c113a14c0c

SHA1
f1e72e5d73b7825d689ceff2686f4efc7c047f14

SHA256
d38b6f1351439487a0862d120a1e5cb1ec028f685bd8c7d8de3479cf1de559c4

SHA512
65a218a04c68347d27594f93f4504a927ff9bdf7a53e3108284508d803ef6466582b314d61d6c9ac8e34438050823f4407a3358b73a679af2c1eea26cde61f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
75a28101a4007ac02a67b1301e83c073

SHA1
8172aa5723f4ade509f26880eb817e16771cb09a

SHA256
fbc19b98edee651cb2742d8ba78c6bde5d68fcc7358887249daeed9c6ae89667

SHA512
1885d02d33f8f6e229a3a9006cb85ee6da588cae95948b9aab405ba58bde901c038f406e0e7da07008fd0127400fceda60570512d0c4a21c2d1a4366fdd1f81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
442dc95ba76af0ad76e0c25bf2e641f5

SHA1
ad57ca85540f7f839cb6fdafc88b38bae1328576

SHA256
25e083466eb662e8ad3ac84f85d5fdf423f4fc2ae65dc6645ffd6795cc79b5f3

SHA512
1dda414060933479f354186c43385070dddc2dd69e0477b0ceec1e59eb386fcac9aed4d71cb13b7a9d118796d7ff3a2846a306592b7e324ac47d1cebdd92dd1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
71248a080e6b389c2e55bdc85e4de4d0

SHA1
7dd371493ef711bb66cc5091665363c48d288df9

SHA256
d17754afdbdeb5197e162f7be4551ae5e64e210fe575760407a42f6a31189ff7

SHA512
cd50f30d6241a4dd97a0582365f5ac1b8a6c4b3ee77bf21ef7ff8d1160e46fd59013ac77f375ebd559d8952950b1a21b4a11ea6cc3f85d103af6910acdbe80d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
09c4ad6e3c6d07b1874bbd582fa9a885

SHA1
39554b243f62ba7ef904f55e18185d5e7f5024dc

SHA256
d6c30cd1a58c4d2c399984df2241fd1909c85a08575557dda20497d54cbe8575

SHA512
739cf8f3e12540776ac138b54de1e603a634e77b12295a9498ba220c13db141e7f4172b77e60d4e49dd446feed238ad7ec19d2b0d7ec961f4ce65c3ede36bc9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
678b05633740ae1b72c00d1b34f10cef

SHA1
6d00cff26646bb951dabfe2d9262f375b2dd1d46

SHA256
d9b69e02f5f16163fa7c71d3e603ed465b5a138052f97a650cacc8d41a885d85

SHA512
47539cd6a4b9e1e02d8c96595f3ee9d6ec32da53db669d144b404857981d5e07d29b64473a0d6684aa25e6d2c56463cc4d0f6e800586b9e305de9655b1aa0067

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
132199fe80975be780d9ca3039da1249

SHA1
3b225b8850b54b0523a855e51b094fdef41ae977

SHA256
3a228a9bba16c23863f55df6f717ebd743d5cf5844fa85c191624fdc2f085a80

SHA512
863058391fcb20a5b452caba59b7c9578c84880bee2be2d9c0fb0559e96c38405d2b36fad95d7a12f59a5812274fa79c482e165bffba87d2654c912c3aa3c118

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4d92df642a3465179a3b808e28ee6846

SHA1
4c64e3dcdc74f53e44a5d79a771a7e5d9b45233e

SHA256
04c3cda0b60e7887fc79aaead0e9777205b417db847b416c615d2cc288f53b2e

SHA512
56bdaf39d4190d36c8fa25066743cd9ae2aa7a20e6c3d41a0b0f052f58a443aa48f2c05b95f6528f777b29c536b209cd8d28cf5da28cc30f105b2942edede5f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e771d7c7ef64350800ba2712663a65a1

SHA1
a6115c6a2f21a509c8dcb50a21f2b4b7bdfe431d

SHA256
1ceb28125e71e8ad57630abc3643bf7085a3b8e60df4f6e56b496f9c8e333bdb

SHA512
be2df2c5a49838de1ff6499182bcc2be7e8bc16d9192f671adde88fc2a68873aa1f774c28e8411cd2bac392c6afd3865c2767afdd0d0f659a6fe907004d0209b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
1cc673da9d8afdfa3588f2c59a9ab5b2

SHA1
ce1434b041c2b0f29f87a153d09572ece55c7618

SHA256
3b3a947c180a48a2383b2a795be59d0208c5488279843c73ca0657708faf23f6

SHA512
3d1ef39808c7899c03eb19b57bbb0ef2aada3a11b969b37f48f198ee0fc5ccd46752f86d138716c9b38e6cb3d5d902bdc5f94b170c4190ba6ea612aabd94dd3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
b3d89c075b008ef29dec4c44a2d1133c

SHA1
785fe9ba244c887c1dd45d03ae8633389c5d0a13

SHA256
afa940953567f1370301a6da86a30ff66ccb0ea6ee8e9f60ebd159255a67a8c0

SHA512
423a11c8f0083cd8db6ce6a5e04612e847a327cd567c4f68e971ceeebfd2bed11b3c0aa79309b4a851f81c14446dd707c290bcfd8157955324dfab18d67faed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
ecea09b504e2d3439219e24918cb1458

SHA1
05cb062a793bdade151c1c45b0b9703d90dd711e

SHA256
c01cec0b742d06ec240339e3165948d3982fed9bf42c86a15cebc0514b98b696

SHA512
35fb51bc9d0ba0875a2f48f163a42edda77cee03b019997a726519659ce5a84bc40ecf0164987ca2186f03c7d9c4a9cf67578975da4423c36178e56cda1e62d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2e147d88f287887824209aca495611a0

SHA1
c3f635e69ccbad84d346f3ec1d6236719f443e03

SHA256
cdf495260a5d77c1f8a69ad61e6b1df230fdf98c3762d1eef6f81d73fab86d5b

SHA512
8b0e7aebffa3b1bd68a8d6ad3a524bdcced4028707d92e937802def5c3fc78947a6575b39103fcb04b2af504c6b100f5b37c7e6fd9a62fd5adefdb36544dc1a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
1c2538ec62a5bd0eb245b0b9b0e27737

SHA1
45558e5749df561a8e0e850216e0ad21dc7ae988

SHA256
ddd15662f4d6d42587fc723384cbc191778d0520bc943fe2917f5c5962056c7f

SHA512
023eaff6102a17c81157d29d6e234611cdc91d3121b5776df9c7cea4820e378da2cfe4908450871895f4b4a22879d01ffcf5d8f04fa0b28275e8090204559f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f5344788e77d5848522aa91052f9146d

SHA1
2f936da3f6fa9046a23c09e28c41d038c9df5d49

SHA256
b8b61f98159a61cad8ab5deecae31f5788b2f307069fc53afb5404b1b4aebe66

SHA512
5f938f070c1924b84983d25149cbe7f9839d394437521d94c26d2a4707bd845623a0e0eea4e8e386abcbf3c132ce8e46a256c46249d4accb7af6ebafb1049da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
b8bc91171c34020550ad149c9490bcf6

SHA1
3c4b8c415971290e0371ed90402d0233542376ae

SHA256
8c04ee0e73489670b34a9a9d72f948bf7ca654cb2ebb6899210263866403c086

SHA512
f6fdd0bbdeceae143746d9b1c913491686b373dc0fa3c1b80cd23c22fd72481dd413fde0d7b162b6d94a8047b050d0d76c70d9ff91c93f4e2d6e3bcb4486ef7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
18d4b7c5735e0b4d923bedf1ce7f49ce

SHA1
c947166db84fe86964d06a9a15c0169609cb750f

SHA256
05defed3c94fcf4cbc2c1b04f4620fedaa5c2f1809532ec70d47446ec6f5338a

SHA512
3370548714f380e6a5c13c391ddcc5c9678e4779efa707832fee5d3aaf5c94cf7557e0df8a4dfd3a3ae8e53ca538fb6941bd09dbc1b56c0ea525713684c593af

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7b63f7605eeda46058301be4cb5c0b13

SHA1
83a872f6f4a1954b58c7ded7d42474651f39c8d4

SHA256
9304d376d94ec1c4f1a289d6575142ad7bdcfcfd77d5e2a29d25beb4c11379f5

SHA512
3cad7b28f2be58aff7fb9423855306919446a4041a6e3896eb2ada4596292acc33c3e73504d5297e9a8b99813f2ae195300bd2c817d79afb25175de257dce116

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
33ac77d9a80f0dd64d9698a75c2a1c4a

SHA1
7b80833e93fb9c4a3f391b0bdab49468c4ea19a3

SHA256
e5c71c3470dbfeb63b586c9464335ee5d31eb44cd09ee71aa768f251f5960fa9

SHA512
622329007d4d5cc9acdf7816328cd3f17c6077df26fc8640afb5e058c0fe2eff402d51bf7748ec4e72ba6c82b96f04be746559c01778e67096097618581ebcb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7a528c5a8550b32cbee0f4cca0ea2d82

SHA1
5100bce017a5409a30e6e8539b5457922fd4f08c

SHA256
51f05a140d13221decb007951f3b70944415aad917619bde688e5be1bfd67d79

SHA512
34cc7166bb54545754f2cbf5121b52c85cbe77049e3d6d17d4a0050351bc52913c32d6591c8d38c9a52b8eb55f172a9c708419a4c52e94f1ce42508921ccf4d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
6321b9a135b665c72bec024619de97db

SHA1
b056e0abe5521ee1823acc590d25f63725bc1e9d

SHA256
f0377ef6119bb6201d7350fd5b0d3c6ab91eb6f4b1e992a855aed647ef5af881

SHA512
dce4bc1c78baea35612f668a6b73881bddff8390943c8916b260574992ae35081ab52388da3c3c7a24a3702ded15313337ff93c19dc1234b00cefff989d524f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d429609cc9ebc17fcfb7a22e7d5c30e6

SHA1
017e09d4202f4b6e8471d3e7aa05bb90edf5fae7

SHA256
97e68693a9dff4ed44e4cab89308a9d10d6ae064cba204e80686cb2dc3f75190

SHA512
692cda0c937fd3d26d02d2809340029f48674f3f12c9c5d67ce7febadce9df0f04e0f099c16a45083cd02eb0cba26d902ec51a521b47fa4884e12e085a995184

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d24e05daca0129936e6c1233238d4010

SHA1
a00501e9411f4319d10247251b24fd552e19d0d4

SHA256
f432ae235bb38b61cde6cc3f77bd21b6cd0641a420d3785a2c0e79e95d0c47eb

SHA512
63803d484ef3814bd760492bab1cff84d502459262bdddd873daa14cc0e1687f1627a2b1630eaa4fc5ace6094a5ae877a9df225aeb95db81264d05085c98a8b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7d1393172191a45c9ecc5d2aac20fad4

SHA1
e38cb83a0ee1b6a1348a45bf719657775ae1fcaa

SHA256
ca2213e0e389656a9a3a57f5f77b1c69f388d3849017269be8e942a3e53658ba

SHA512
3dbb5fe379f2609917a9e2c54e9dd945b41d76adf2352002a7d5108fd64e36ddb7961480f55da1e01c873eb9e9ac29b2ea6cd8e02ffd1da97b28e7f9654b2c7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
65188a1225b66890ae86352e01713a4c

SHA1
f336d10fdc3df7898b77a884bb8eab92d84b8907

SHA256
6b0607463d31bd5bd47e5ddae3f4079740183aa3f0303af91cdeea3a495a949e

SHA512
7d0d35fe7b9cd33f6bde121db6723f36fdf9c1c8b40bcea16ab1215936831d600a7f8169f93eb8d28324e44150d295e348c98844b877e80eed836827021079d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2d096ebfdf5b5b8f2ff824ea951ea3e9

SHA1
43344a02894e1a5ab117ae01e8f5cba80145f2ec

SHA256
6c0ab522cdea106d61f5fb02c89e825ac59d3bfb7e5b434b695bc140f7c49a47

SHA512
6261bdc41f040e0a60ca9e3175714f011805682c785d670b043858c6a92e0ad47fdabc34b66cbf8b54f351cc0672cce9dd06ea93621fb6dd0d3efca68ff3044f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
99b3830a300d4a37eddf4dba1d1da6e6

SHA1
fedeabedb757aeedce7779f626a4cdb8e70cd309

SHA256
6d33faa52bc2d4d269429fec6426c26de8a013cdb4b81f415f371c5129bda716

SHA512
cf4271ac77994ea87b7dc0dc4a70502ed1f5b97bbf4210f5176bf65a13422b1a3cb6f557a5f9f00ca59fc289d88da5a7dd80b15282e4f4c4497917f2393a49a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
664f9fac3094c615226cd26bc8589091

SHA1
e0dfbc210e77b99397dea869651eb53b172b50ee

SHA256
55c4b0a02cd0795e6b2796d4d82558910d91a0bf596bdfdf6056e9e577c55265

SHA512
16c8aff6e43cecade05287d68dc379f02c55afc63c295d3b0c6b1fb30063587bfc7703282c50670c7f1a20e0cc871491b4307c719da4648d7c537b20947a9d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
90f21700ddd80524bd6cf608fbe77217

SHA1
085501f39ddb4841ea6f38f1e8d2ce945f05db3f

SHA256
f35ea41ee03ef25e27f1075805287628adf3e9868a82d7d4a61c1e21cf2406d8

SHA512
6cf21fd536a45c651bf38f099addd1bd3958e7f02227bde61f679cd39bf5946ed8764b41a4e1784544b6053730c382d73696e23bfdeca59c54a774c9bd57fab9

Download Submit
memory/1252-42-0x0000000005080000-0x0000000005088000-memory.dmp

Filesize
32KB

Download
memory/1252-65-0x0000000005080000-0x0000000005088000-memory.dmp

Filesize
32KB

Download
memory/1252-130-0x00000000051A0000-0x00000000051A8000-memory.dmp

Filesize
32KB

Download
memory/1252-143-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/1252-128-0x0000000005230000-0x0000000005238000-memory.dmp

Filesize
32KB

Download
memory/1252-151-0x00000000051A0000-0x00000000051A8000-memory.dmp

Filesize
32KB

Download
memory/1252-127-0x0000000005180000-0x0000000005188000-memory.dmp

Filesize
32KB

Download
memory/1252-153-0x00000000051D0000-0x00000000051D8000-memory.dmp

Filesize
32KB

Download
memory/1252-166-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/1252-126-0x0000000005000000-0x0000000005008000-memory.dmp

Filesize
32KB

Download
memory/1252-123-0x0000000005000000-0x0000000005008000-memory.dmp

Filesize
32KB

Download
memory/1252-115-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/1252-114-0x0000000004F40000-0x0000000004F48000-memory.dmp

Filesize
32KB

Download
memory/1252-75-0x00000000053D0000-0x00000000053D8000-memory.dmp

Filesize
32KB

Download
memory/1252-73-0x0000000005500000-0x0000000005508000-memory.dmp

Filesize
32KB

Download
memory/1252-129-0x0000000005240000-0x0000000005248000-memory.dmp

Filesize
32KB

Download
memory/1252-52-0x0000000005500000-0x0000000005508000-memory.dmp

Filesize
32KB

Download
memory/1252-50-0x00000000053D0000-0x00000000053D8000-memory.dmp

Filesize
32KB

Download
memory/1252-0-0x0000000000670000-0x0000000000C20000-memory.dmp

Filesize
5.7MB

Download
memory/1252-29-0x00000000053D0000-0x00000000053D8000-memory.dmp

Filesize
32KB

Download
memory/1252-28-0x0000000005560000-0x0000000005568000-memory.dmp

Filesize
32KB

Download
memory/1252-27-0x0000000005660000-0x0000000005668000-memory.dmp

Filesize
32KB

Download
memory/1252-26-0x00000000053C0000-0x00000000053C8000-memory.dmp

Filesize
32KB

Download
memory/1252-25-0x0000000005100000-0x0000000005108000-memory.dmp

Filesize
32KB

Download
memory/1252-22-0x0000000005140000-0x0000000005148000-memory.dmp

Filesize
32KB

Download
memory/1252-20-0x0000000005080000-0x0000000005088000-memory.dmp

Filesize
32KB

Download
memory/1252-19-0x0000000005060000-0x0000000005068000-memory.dmp

Filesize
32KB

Download
memory/1252-12-0x00000000045B0000-0x00000000045C0000-memory.dmp

Filesize
64KB

Download
memory/1252-6-0x0000000004410000-0x0000000004420000-memory.dmp

Filesize
64KB

Download
memory/1252-3-0x0000000000670000-0x0000000000C20000-memory.dmp

Filesize
5.7MB

Download
memory/1252-1-0x00000000003F0000-0x00000000003F3000-memory.dmp

Filesize
12KB

Download
memory/1252-605-0x0000000000670000-0x0000000000C20000-memory.dmp

Filesize
5.7MB

Download