ffdroider | c8941c8ce0a127aa4d032eb85a3358a831ce5b2001f4664340daeba2f5b0853d

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2025, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe
Size

2.1MB
MD5

12ef159d590b06aa7673987b5b66df62
SHA1

0daaa15a5880766b22318e58dc7895f5c5a3f8dc
SHA256

c8941c8ce0a127aa4d032eb85a3358a831ce5b2001f4664340daeba2f5b0853d
SHA512

c2b6a54674c1d984b2f4cc2350e66c2edf7ec70398466f12e5ca7aae4e1497ac36f294441ea34b443e35846e3d7ee4c04300709ba539e6c9c26eb70e8cd43337
SSDEEP

49152:D9qK5kXz7opLlAET5Gug+2RdKcObKKMLFZwKb:BqKS3oM08GcO+K0ZwK

Score

10^/10

ffdroider discovery evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 2 IoCs

resource	yara_rule
behavioral2/memory/1144-3-0x0000000000290000-0x0000000000841000-memory.dmp	family_ffdroider
behavioral2/memory/1144-605-0x0000000000290000-0x0000000000841000-memory.dmp	family_ffdroider

Ffdroider family
ffdroider
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1144	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe
Token: SeManageVolumePrivilege	1144	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe
Token: SeManageVolumePrivilege	1144	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe
Token: SeManageVolumePrivilege	1144	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe
Token: SeManageVolumePrivilege	1144	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe
Token: SeManageVolumePrivilege	1144	JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_12ef159d590b06aa7673987b5b66df62.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
14.0MB

MD5
8dc72a7be1205b09874e5e3c3b11aa3f

SHA1
8404044c61dd9112ff38614da7afee796c2c6be1

SHA256
ed4c2c4c930c9b01f44b69d0e0a75efabe173da466f37c238e6dbbe76187cc7d

SHA512
289209bf7273c35a073a6e2a851de24d18afdc4eb44a64b3b72ecc3c6f5c3fb7fc8709de70ba066cc38b08ce847c74deeee6632b755e49bb1e9135cbfa638693

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

Filesize
49KB

MD5
92a3ad484cfaf625601955191b0b0357

SHA1
157338a6ba1e4621c54a365e1a20fed03c5f8250

SHA256
05316b324a379e566c5133500cf65d0d92b161b46d1bef041b49a0606518b7c1

SHA512
a462c0a9bf7da85a6e03dc5ef6af99a4deee151b7322f21af19c98acea8d108f0cdac8e60e821fd2ad9cee35e1462576fa53d57d70d9aa6b5c03ee296b24f16d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
5951fcb4135978d526eedabbac0e55bc

SHA1
de38af8d8af9489b5d40880eecebefee709d2063

SHA256
c84bda98235ea33a41025c0a302df8b521864d4f2e938c9c7db559a9e416f83b

SHA512
65d0ad155bcb200424fdc340caf3c41166f68a8ebf4f0d734a5ad5ef619af1f751c1ef937547c04131f42e7d26de3d9a3e354597239f259ccbb6ff2a7982e941

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c509a9888d0c70729cd6b2069caff44f

SHA1
fd593cae12c333e51b0af739c2ac73b3a6e49663

SHA256
182a69c23651614c48ad029e94517c9fdd2d3bbd0700f714ab46eec64fdb0f44

SHA512
12008d8d26dff0a181c17b2830e48d379abe980ff35c92cf3ba09d288c8a3d94c4e25e6681faae53070b01e32e41ca1ff0517e116277d9f1525e6c90a3ef58b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
62d66008763c4c053bc3cbafb71b6289

SHA1
5398d9614f75f64a9c19bcf2104bc79467901439

SHA256
32419959ce3fde062fa0c1939c95ffe4b9a7a097e81818f1d911ff61359bead5

SHA512
ca72ea12ee0d0c1034d3e3aa0235caa41c746a7cbeeb987579289ad24b2c2d6557371c3ee5f3ddb8f9572b5a7be631719b0577a1b4ac79881c65f3436f916aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7afc01a9f802f9b6f842662bb5e018a7

SHA1
1f0eb0cea85df52247d775082e07509c6bfdc45d

SHA256
8324fc2dac9f8967287d3b0c34ae6df49d9239365f2f8ceb23a858b26a7e2529

SHA512
25646ba0fc1c6dd6efbc985901bacedbe805a66c9e99cdd12bb55c1d928ca7be7158929bfb73b0f21195babb762aaf169a37464990138748050133e4cfc43c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0bf0aa6d6ac6d8e4f6a15d1989959355

SHA1
a60cc6dfa52a81536f8332d6bdcefb934aee57a6

SHA256
6a0952c2bacc6924478d9738b375db98da1a8ad763024b5666630c6950b25d9b

SHA512
0124a691c4be536bfcb05083f72f3e6f67ebddc864251fa97d14ae8974f53825c6b56e919f5862d81aa07c9420935663054150cb8f2f46ebb6d0b167ff6d7237

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
cd5faa294d500534c7dd16995db3e0df

SHA1
6591435ff918d33473bf4edc35f2baa56a7a4f1a

SHA256
ef0eb1483f0973be34770ea9ba9d0ad512f07e845c24ac493dfef77773355307

SHA512
1d25742184013325fd98b579c7bb64766b1a05441ab59f8068d30f7af012f679027bd073cfefcada9f3c4fd400376c6fae2e7fba00508b5640010b811f3cad29

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0d9be1f397cc4c67ec84e15da7374413

SHA1
c804db248c21caa9919ccec56345a36e4f3b4c9b

SHA256
e39776be97b113f2b872346211f18bb55664a3854d422530a8c90dfa58abc298

SHA512
031320c70f4462e1ac4e05a65e457e0a3a15ca138ce3017c4eaab705852cf2ee36776f54d4bd324b6311b6b2641ba9493f26b3360733c3b79a2bc773033bbff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c1321de5a8c62cc397f22c9328f04178

SHA1
833e051ab322defe183330f3bb35e9f6db865ccc

SHA256
8a2b4ef5a90490ad35ebdaa17a23a84abacf765d2f83836c7fc0fa2b6aac1165

SHA512
d63dcedb26ab01880b588af2690b6009f1b6dc27af04f25fe4cf9abc894a984bd5e617ad30d1bc5826da0c2b738e28c3c8f6e9abdf665bbbbd1ae93a0be3659b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d0fda975758fec680b7836cdf9704d5f

SHA1
d5bce667c27e62d37519489a79015740d3462ce7

SHA256
eb0265b4182556e19bfef859566769d82fa1d48a779add26062fecc9ad1bebef

SHA512
262c1e5b1ea07b1db99c880dbdb6a0937bc45d91a6a0cd013e128157c4c821b814a8591702bde2782460abd2bb89011bf41e879a7375789c905697fe5b08b593

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
bcf4ae331e12a90a8cc47fe995cf5ba4

SHA1
79dee40cec5a22b3dd63abfe1b5fcd28949bfa4d

SHA256
32dacb5e392c1317edb1a098e931e069d210178e60a14a3ac19de28b48328cfd

SHA512
931c824aeeac5826bd975f0195354f73fc2a62abcbf30aacbeca2dbadbbdafe330d3fe52c15175f0e4918a5bb680b230a2bc30cab0deeb6209d98b3440f80a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
bffbdec79cfa57e83fa5d3a3fccd7968

SHA1
114728202aba2bbeff6ff6f9187b69a0fcb06833

SHA256
730a3ed8fe38f238b623228698334acc5be534fbe9387f475a3d8e39763714bb

SHA512
7b6d8ed19ca1b6a2b29343fb6e2d1552f97cd1b74796237dd66331c0fdb6f0f2c324e031ecfdb0f312ab7b61e2f9bbc24451dd559f04ff444430a1339fd6612a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
aa16d5bbca422d9c34b0bf1b70aaa7a4

SHA1
cfcd103b87a482529e693873cf8acea36b3238bb

SHA256
359b4a97192bdc2c9a31a1a246674e7a541634174377138bdd9b5b224aeb4814

SHA512
68d64165daa8726f137dfe990548c1f1816cc9dae1af26e886fdf152d1b716e75e0d5fa45d07a8af2227a6a8979829188e524114708be5b1b4fa77e3c973964f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
53fad53dc1b5c1570966834abf942882

SHA1
a04c2be1816c9d1f4ea19cbdbec7c1a671ef37a2

SHA256
cbba32b240fa7a99eb7ca8bc34040695789c7a2b276ef01e04108a45c0f20411

SHA512
6c30c3dd1d09ef8b6f88ca215408bf03f239ba9770d6790795d691325c647caed856185ac8165ee21f7a2d7fec857750c983f437047188ab3d4e8cd41823e449

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4395c612fbffe4849e7fd603d061e13c

SHA1
3c5ee770f3ab5d574c42112d7513e0775351894f

SHA256
bc970e9ad25208894fac843c1f3a7f9db7b30f6aef64d16eb1da582d3bb3fe9a

SHA512
3f1dbc7f490c715cdc1c06375ea0e513733399cdcf1764ab2066b0967c2d620d5d4560706c2581fd3fce550d4e2b0e80a6a5ddb6583d9edb7b29b4513c33e99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2ad332e615786d4e28f32ef7f4e54759

SHA1
0a89cc49a4d8ce028a9132954df273907f8d4039

SHA256
f74b6482a83a49627f168b77947c0bd23917b67e6cd296322ed573e2c2bc98c7

SHA512
a4cbd6553d987b6a447640df084251db9d2c0f238f631c4f278d391f31fb37a5287b3f24ba52792f9e62be94fa1374cdd73fd588b83fae596fa1e43c3f6ccef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7221077f52106847299b67031fcf7a6a

SHA1
a597acbf75f3053e6c3f62c09c34b09db707f670

SHA256
a824aa06e025b0c018c9122aed0688eec9df38b93aa0fa43d831fbc5554c14ac

SHA512
7f00060e76759e4e003b722ca74ad448ec208d46f84521f1d535bb80d1fac10c165399151ae718ec9c4c58769fa0114282d42fe955af9a2e9b15475a04512ebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
b4cee1f649a1a2008b46b47794e0c8d1

SHA1
ded58cbadeb75351304348981858a4fa94259f05

SHA256
f61cd81c93a3acca557eb249ff65968cd983fe264a5ac51ef083699752cc5483

SHA512
a2bb8fe5808c00ffcb82c74f2c96103cf495242557b323aff275374e4e1ba63a7c298963ec7e807f5233b27d54978a4ba4aa864344dc8447f98f0eb12e281a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
fcf17c2d93848baca1064529659239db

SHA1
7b1406a76bec0753400fb1c79b31000c2c4e1d9a

SHA256
c2f9e96e8d962fed18e489e288dd3446b96bcef47cf940779c22872af9d816e8

SHA512
74e73cd7b2eeadd25f78cc258d61166508c78d675c4c911d2bf5fcca72b07810ee12202fbd02a69ef13bfce23452c0cfe47b6dfdaa8cad8c6a4b59bf58a3ecdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
955bd2c741202acdbb9c7ba67000e189

SHA1
45d71e91d62bbbe30097577530b2f461e1fea6bd

SHA256
0bbf863927f807b4b727103a70f3ae35f4e1a83574970d67fd7033ee6968ad0b

SHA512
ba3599d2cdf96a58a5c9c23659bbbf2e58e15e7a46898489b9241517b4879876bbf920877e04865123fb65409a4dd608ce86679d6cb6631e228bbcf457e7575d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
58422ebfa7037e0493583eb5525ee9ae

SHA1
f5836c8a7b32f0365cb5edfc14f1c77f0d9112c4

SHA256
e8c74f24288e14e67daccaf70e888f2f89c103a4f5383b0c3c02b8261553d6e4

SHA512
add831eb9382a82cfc424c731cf894a0f4789185a59b8e51a37a568d130944a265c86205064238731db4eceab5575410852eb0f6c1af8e5df4a0d918c91153e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
6b88a95c8923b5649b38daa522ee354f

SHA1
1d0d0b9433270abc96e67f912b10cbe70c7b961b

SHA256
e93574efce7442df455c4343d0d519792df5113253c6fd78fe46c5ffd0360ed6

SHA512
1adb0c987f0e300aeba7f20f4b963f109e7a54a4938fcaf4c60c59a4d35f4b9095691e22fbb73f1208b7de04868761e3dcf218475366d735ecec23d8569b3474

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
a78f0510c9d7a576d01e56a52e8c23dd

SHA1
eb6224a3caf8cad0e26aa78dc302191eec92a450

SHA256
14558639e1795829bf523581be34a7eadd948381e20c1fc4eb313d1c55b15dd0

SHA512
9c382a5d9db7fd37f0e76a22ec49f19e0aea92f62e0362ff52916dbbbfbeb8a35bd432a5c201ef6b3191595d71b0c9c4c999a2b4172dce879e7d2529a05dd71a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e252cc687602e2918c6a313443fdd01e

SHA1
6dfe1610bcfcfce54d24e99a1a23273fef307098

SHA256
75b9aedb6b6b7be5152f97ed3fbf942bf1ba238f21cda5e0c5d1a5e4c50ca080

SHA512
b274e60a9165b62980fe84cf5fa1a36f71ba9df49d9d5b12a0d1978090ef0b4789f965bb850a11f0bf8dc9f5dc8e3897b3f43546bb6e6f573331ff0e25edad3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
ac3f5c3d291218424bf360721c3d0f28

SHA1
1e2cd681ba620f0f18f52b2e2ef38795b415c09a

SHA256
e118b99bce0db4704e270701c238045095da501d41c890823ae48c5a7623fe08

SHA512
282de70bd15feb618ed825d0af2d1a0295e1eb1659726eac9d0e89060ef37a23513b699099bcc5352cbee7e527b84bd8c2fe65e3ee2d254f20f1896eea08db2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0d7bae7187a14a1c3c058648e81786a3

SHA1
00c991c2ecdd008464da02bf3b47be4dd8fb584e

SHA256
6de8070c485790dc41c7fe0d05d420666012762336fafb5b67bd3b502999a234

SHA512
f77470cc2c2f9df8786564b78141b7701c0878a42440207cd8d85e8f562f58dc4c98de0c95ad1f4205584448850e2b957301c2b49b014bbe490e534f083eb9a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
1ce72cc720b32815a5315a96fc58bdc9

SHA1
4044740f82f94f9b8eb4a8dfba3f4c4cf1d11d8d

SHA256
4987abbe8e46e5e876ccba43eed4de07c6d94732100a32f2e6649fb7efddaa24

SHA512
782d56c07c511c25ae6202eb45702a59c1edc3f047c08a0a9e726c5c13a4bdc492e64a15fd042296e5f7c6cfcc3dca6ae8787c2b90ca117563b80c95118ea978

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c763197daecb4189f75d76f053c71603

SHA1
39b9e938644adbff4eec572f04d58aa115bdb474

SHA256
306506c0e3c6fcf0f35195baba7124d14b6ad5e9dbc6590e29a5695414f12568

SHA512
7b256183d50efa9e462e458fb262deea5d83564e216953736f5167cd2bad615d28836569d399ade9e3ac5758911cbbc1d8d2b381473ce214e50181ddcc428498

Download Submit
memory/1144-42-0x0000000004A70000-0x0000000004A78000-memory.dmp

Filesize
32KB

Download
memory/1144-65-0x0000000004A70000-0x0000000004A78000-memory.dmp

Filesize
32KB

Download
memory/1144-130-0x0000000004F90000-0x0000000004F98000-memory.dmp

Filesize
32KB

Download
memory/1144-128-0x0000000005220000-0x0000000005228000-memory.dmp

Filesize
32KB

Download
memory/1144-143-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/1144-127-0x0000000004F70000-0x0000000004F78000-memory.dmp

Filesize
32KB

Download
memory/1144-151-0x0000000004F90000-0x0000000004F98000-memory.dmp

Filesize
32KB

Download
memory/1144-153-0x00000000050C0000-0x00000000050C8000-memory.dmp

Filesize
32KB

Download
memory/1144-126-0x00000000049F0000-0x00000000049F8000-memory.dmp

Filesize
32KB

Download
memory/1144-166-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/1144-123-0x00000000049F0000-0x00000000049F8000-memory.dmp

Filesize
32KB

Download
memory/1144-115-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/1144-114-0x0000000004930000-0x0000000004938000-memory.dmp

Filesize
32KB

Download
memory/1144-75-0x0000000004C90000-0x0000000004C98000-memory.dmp

Filesize
32KB

Download
memory/1144-73-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

Filesize
32KB

Download
memory/1144-129-0x0000000005120000-0x0000000005128000-memory.dmp

Filesize
32KB

Download
memory/1144-52-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

Filesize
32KB

Download
memory/1144-50-0x0000000004C90000-0x0000000004C98000-memory.dmp

Filesize
32KB

Download
memory/1144-0-0x0000000000290000-0x0000000000841000-memory.dmp

Filesize
5.7MB

Download
memory/1144-29-0x0000000004C90000-0x0000000004C98000-memory.dmp

Filesize
32KB

Download
memory/1144-28-0x0000000004E20000-0x0000000004E28000-memory.dmp

Filesize
32KB

Download
memory/1144-27-0x0000000004F20000-0x0000000004F28000-memory.dmp

Filesize
32KB

Download
memory/1144-26-0x0000000004C70000-0x0000000004C78000-memory.dmp

Filesize
32KB

Download
memory/1144-25-0x0000000004AF0000-0x0000000004AF8000-memory.dmp

Filesize
32KB

Download
memory/1144-22-0x0000000004B30000-0x0000000004B38000-memory.dmp

Filesize
32KB

Download
memory/1144-20-0x0000000004A70000-0x0000000004A78000-memory.dmp

Filesize
32KB

Download
memory/1144-19-0x0000000004A50000-0x0000000004A58000-memory.dmp

Filesize
32KB

Download
memory/1144-12-0x0000000003FE0000-0x0000000003FF0000-memory.dmp

Filesize
64KB

Download
memory/1144-6-0x0000000003E80000-0x0000000003E90000-memory.dmp

Filesize
64KB

Download
memory/1144-3-0x0000000000290000-0x0000000000841000-memory.dmp

Filesize
5.7MB

Download
memory/1144-1-0x0000000000CF0000-0x0000000000CF3000-memory.dmp

Filesize
12KB

Download
memory/1144-605-0x0000000000290000-0x0000000000841000-memory.dmp

Filesize
5.7MB

Download