ffdroider | 1e24cf9272650fc8a205eb84823f4ca69ed1b6be158cd7df2fe7389dc7dd9bdb

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe
Size

5.7MB
MD5

d75160a4e7d723d77caf035aec631b1e
SHA1

afad2f13954beb9668752229c4f2d3ac361a8356
SHA256

1e24cf9272650fc8a205eb84823f4ca69ed1b6be158cd7df2fe7389dc7dd9bdb
SHA512

d5b7c576437e36496e0971ebeace37032a77e10ab2d6f1daf1b5c46001ffcdcc5a1d191fe862d4e88d98f9dfdf565d5a775a1901b911a24bc55248ab1bcfd159
SSDEEP

98304:Y2b4nu+hxLKOmKpGkn+e0WUqAaYeebUvQ/qpyr0k9b+iHuNeRQhMUI+iZ7q1zPPh:Jfzd6pnG+iHuNKQbI+7NAjtVa/u

Score

10^/10

ffdroider discovery evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 2 IoCs

resource	yara_rule
behavioral2/memory/2968-0-0x0000000000400000-0x00000000009B3000-memory.dmp	family_ffdroider
behavioral2/memory/2968-601-0x0000000000400000-0x00000000009B3000-memory.dmp	family_ffdroider

Ffdroider family
ffdroider
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2968	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe
Token: SeManageVolumePrivilege	2968	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe
Token: SeManageVolumePrivilege	2968	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe
Token: SeManageVolumePrivilege	2968	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe
Token: SeManageVolumePrivilege	2968	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe
Token: SeManageVolumePrivilege	2968	JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d75160a4e7d723d77caf035aec631b1e.exe"
1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
14.0MB

MD5
f384473be50101bf43d56fb943594e20

SHA1
b738638a8bf97a2af5ddcef226e5f519cd34cd4b

SHA256
cddff92fbfaf739057783a6f9f94bc219c96d11d89eca61d78491f48aadb19ac

SHA512
cfc84c398aca295984b103078d3804aaacd1cd70ea19cf487cfb39026b8c3010b0541e8a8f9da9cad6df3520ab32afb3d76e0ca3c53a8bbe655bdb010945d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

Filesize
49KB

MD5
77c7463e899e20a862177774fc6edf69

SHA1
6f539ea9b72fe10830f345a960bf0b420094ab78

SHA256
d973c91b2f6b05e079dcf09464a5a913bcdc0aace22ff41f518cf17a98977ead

SHA512
6134d8eb824f07229b1dc18efff10915cc8bde9365537afdcbcfb7c978fd8d01fcc2b7921e680476a7d1e9557b9892365af1b0e8a123ee6d6bef6241e80091f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0ba2c3322f2c13b3c5d634e8d89f2281

SHA1
8441b3a50fa2d91a998a7d331fd958f514c2c0e0

SHA256
0fa81d13ff08501c5b4da7f69ff6618117b61aedc426f54d176d4f1f4151c6a5

SHA512
09f56d4a7b87d738d250f7092ddc0a49ccb984bcfe030291000957731135b2d30d2a3731dba0047ed915ca8ea442e659ddfc15323585badab6781cd493a4504b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
9174380206d4306b3d67e9e604f4bc3c

SHA1
b6cc9314017acc267d1cf1adcaa829fd22630d45

SHA256
08125c23a2a38aab5704e7a81b263052a8d10dc966f09a2ce005d4e7af6dc7fa

SHA512
0e06c4220b661155510055132b224411826cb4ae6249e268056f0819a979bf8b352e8cd779cd81310ca0c3db6738661c9b5dbe46db38ec9335f68c6ae7228a34

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4867989db00f40a005e44529bb8e7b1d

SHA1
af53fe15213503b75f10aab1b622eb39310b9fc8

SHA256
b60d49a233db0b40997ae458941dc382d2d243e900463255e6712879b06fb2b0

SHA512
f49d395e0015a92723f8b33917f85562a764a6602309e8098b3ddabd27c5d3c25fe145e7f0057571008fa0005bbf7f11a0392c4c4b02bee08f484875dd577643

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
110ca0e650e5b6a94a63f37af2f88210

SHA1
eb01557c1aaef1990967b90be07568e9a96e41f8

SHA256
2e8f6f725909cfe68b5b0f2af27a764af8cb8cadd7e2d99594f99516b1585b5d

SHA512
daf343eab8af75890a056b122d7dc663f91193bf1502070e6d5c0ddd2b0f7917ce8ab70f0ae92324553d44b834b7b64b81a37455190471b2d0ac3d0685a6ec85

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
30d20194a81d067c844c3d867662aca5

SHA1
51590e6e2016ac0c58d3f4bbaaf783c5bfaeeb84

SHA256
d17d51d4ee497d72f7a3620cfb438668091df2f7e44d4155d7832e58f8647c78

SHA512
5b77dd8c3b8e5b3dc5d9605be9687713126d456ae2dc8f0810f8115d296140a19355b76e27967a240b2a6350d9ec48747d5466107bcff50cf1099303cf474998

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
639e9d3b48b8fa6554fad7309f51bde0

SHA1
a52685e647fa651f5917bc3acc98621d9aa7d983

SHA256
22496f2cb856f212ecfa992b42313212574490b4b15992cb6735cf908d14df48

SHA512
e7d37193bbcdea39e8275fc9f68eab9ea2f068a87150d772224603aa4d66bcf7b3e4e45fc80cf8373493f37fe53500655b4b5369c68fef5e2060f76fafd4db51

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
868eed86287cbddb564b8b157428d71e

SHA1
366b2d88d847a4b4640b5f8b48847c757c8ec2c6

SHA256
d7f30287c8102ad72a0096ab5f1b64cc789bd8eac40f9c06ee75c18ff4649337

SHA512
1ec99ea9e5179d0f995db07dd5ebd206d6e1508f1621ad6efaa80e96b5e29fc42b101da753db7be208f800a272c20768b1c6b3c4fddff8a3160fc1008959482d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
32923ad5237dd599d413cb67f1b77179

SHA1
5fd6c898ff5f326e0409f0dbe36d165038e80e95

SHA256
165a2093658b353d25b77044034a56c04f6e7828f21f0db961c0bdf18c18bec5

SHA512
641c699f6abf76fef0d005b2f82256fe5ff637bed2701bf122e198b764fb14145d03924acf088fec6b3e87c6c56abe61610b664da220dababf286339f3095062

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
80739334f4968f1fd7ff77fd7bae74f0

SHA1
b8c2940972b823c943681fa47a9cd73aa08b2b6d

SHA256
dad36b3f7caf3e7e6ea5288cbee0dd3e59ced6c87fca76f5239d77c3e56a57d9

SHA512
e036ea5cc3c497747efbe29c9e4cc9f93d91b068e03fd8f21e3046a31bf717b7671ea90df826d30fffa352c2c6683bf6ad00421bda0533cf5d473ad89e328d31

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
21d1a552f8906bcd124629fb41cc04e0

SHA1
691df731f896dbe5951c0ec70481ca92f3086f7d

SHA256
fa7012fcbce859d9dff614a5054da5de9605502721f138f422fd1a8ca23d5231

SHA512
76cfeea3bf379d93d59d72de8e12995483ce633bfcdb0f58261f1c3dd395888c99062ea5de473e2cc00ba7c943e2249dd1b3be934b4c2164a7f9e03ab2e45e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
dd62d313ea7d4f70a6a520e2a36d651a

SHA1
e37f7344dca20b1ac628a69fbcb484c583149499

SHA256
4dac2dc1644a7f3139759131e92c89f037291acfe8441488cf781417ef720b3e

SHA512
bda9f2e3397d643720b3f41d662d8dc145229fac37fb428dbc287462ac9f7459e05c1c6799a2a3101817abeb0a65f420b064a7991086cba32d6c2e609f9600a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
edf908bb645abd158356ec8ea3c934bc

SHA1
7ecfbe21b4e10d27750148cf7170eb387f6bb222

SHA256
a3be437eb2ee69b783fa231cd1054a5f2d94875989c9b5f8cbe2692b44e1c51c

SHA512
6ad7f69c2a3b5d401e03d9db815d7788d09910c899d46a80c34ca82e859855e19de4414bc4c47c5d70d138276e901da0d17b7eb453b0d69e2864a1a1adaa0394

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
43638e54642c7754c0bcf03fc43caec9

SHA1
4e9b4d2cd8a69efafa7f93448dc2cb06f538c598

SHA256
3cd425c04f6138a610e3936a94b355418b99a17bab782156bc7ed6d48c0ad3fc

SHA512
c3228e8bb099b334d0c5aecc4746a26905b8fa19cbf3e5445a42a3f7c48449e5d0a078ab2aafda214ff53a77fef66daf5c7c980412ae36edae0c2c1cc0b1711a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
ef30d159ef48be4e6eb7c85b7d73e904

SHA1
dadd55782607d5cfc440f8851be6b3292a5f03fb

SHA256
8effdee4f019fbb75115df29a74b2758d096eaa8e0e39bb172750e9ac9ac99ce

SHA512
ddda80b43f055b9f1fa08e31cea5a9c7d309329b845f210c74a7003f936c9e61c907a55f0ff9d703ec9fa8484ec457f4d9f57e7c64ab575876beb167462e4910

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
a523ad5dc82526c20bd40e029f111253

SHA1
6497f50d6c6caae47713865abbf9264b7db19921

SHA256
77dbf38bd2f374a2cef31ac7cd865a8e0f55ac9bf12a14368a911dc5a5dfd9db

SHA512
0587980973f6d615679550a4377d03768d6def67c2aaad08742595f10dd6045e8fc77845fb6fd8acc45b039a00b2d1c198dcff278c59e80a448449e52f28bfe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
9c2ebda42fdd3bdd8fb9205245232dc9

SHA1
3bf04e13f7bc50e3282996d7f01f850e69fb4274

SHA256
fa53b5c249b102b8005b6171e773d487f1f1af4ae29ac1df1ce154c82420378e

SHA512
b023d04d8ee5ddf2c7ac58c215a5f101a33afb476ffe493844384c9e059736763212b7fe8879899aba9f75734ee229d4c2c90fe29b6c2700accd641c212f9780

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
6eee3724f90fef8b006d00ba6a37484a

SHA1
3fd2ebb704dfba48bd5979222c57cc4d6c71c5e3

SHA256
adddf3c8134a1dfabee4642a74f52b6ba06d7d6f2bbbcabd819fdf99bdeb2523

SHA512
f5645c76024d64a292824c8e1d3da12f3970496f7a2017eac26c284ae73860b92586ef62602ac818865a7c79c7fd59b9b13e1b95829b2e774082946f464642c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
93afb5d1dd31538bb9f730a69aac9171

SHA1
acfaf454a05451858a4d09801204e2ba22df81e8

SHA256
182b64a1d7e6bd26c9b507ee6a38aeaaeac74b0408f2396b3c5bd7e7b48619bc

SHA512
be85b240e3e361ec05f54631a86069fe69cd67f899cb456220edfb7cffc87d65f2bfb378c512129e7fb7bdc56aeed011c01c0b77709cc70f2a5ddcd79eaffddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
909f393b89c48263a3da07a92b38dbf9

SHA1
82e3b831abb5ada72e4ef45ee446a0cc76c7b144

SHA256
40dd39462271c475b99d1ee9c5114a04f4a044ddefa48fa2447e213fc1a13299

SHA512
8767661cd1c8ba49faeef79613c3d50ddb08f044c1e00d5ede5e7a27d15dede14c185567c7ff0bb7245b71a6122fff116222d19b114780b2c1f48b5385f2be0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
624444764825eb8493f792ca78036b37

SHA1
110ac6a965c8fd5936a65c8d87d7981c923acb27

SHA256
35becc4674eed85ff3b18fd4fc6f8b5e4f7bc8b92fea87371e55203afa8772a7

SHA512
736a5ae1af86bb7358eaf968945a5d9d4add47d126cd18b552a7d4cd1a31c849d81784d3393f7999f316d097363cffe160869b19eb468c8eea217d807b900365

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
07627f6b041005f112d90f2aec275dd9

SHA1
6d21e4c27988cfe27a0abe5267c79cfe24f3813e

SHA256
3c671f6297ef0f755fbf584fb86247cd65ec0e976434d0c8551cceb95a11e0cb

SHA512
77626f5de997cf1c23b0e9cbe9b219e6296f45ac3e1543f6154b336979ee3888621955342b6f8c4f93eab191e95aa1739a7a75137baaf79b794d1d01070b1fd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
05d16d6630bcfcf07b0a4fbb4042c69f

SHA1
0adaf3c84d97690321ae7f821e574e0c3bdcd3b6

SHA256
8dd4535e91112538df95b5f72e271fe08dd9035b655bdfcc560c1bd31f24d74e

SHA512
58378af818e3ca4b91ca87c2dcde6c50f3250ecf668cc30639c0bde90a3ae8bfed0ccc99c1156c9de1ddbe258f7f4e130062520c94cd366ca196471c06fba998

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c15ea77dcf3dc0d6916926f9d7e3ff5d

SHA1
34f0f92e43c743e599edcea71a3dafc2e82ab35e

SHA256
5d19056f3db31be9a3c244811dbddb0fdb901b6f501cee123b398c30a30ba0ef

SHA512
5a24f8c6180991430dae2edd4a4f44ad241911820dd02b23e58578d8b00ea3d7b23836927204e6b66dd4249861830c36add099b4d9c12475112a01cccd8a33c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
48d79f22f67ffd0c48378e8b70dfbdf3

SHA1
414a75d08a6271d42bf5b8d63acd22ec1791c46e

SHA256
703ca5f42e489904f37b8425f17274daff473ec4f15f4ce570e59f118da7c8d4

SHA512
080dd1f36cd50e995fa7bdcb1218e8c813e94c6a75d751f0e633ce412f8e323925a88ca5d17fa3fe609f76c015c5f3aaae8d693fac3c1e9f65fe6f32a77cbcf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4ba3620312a6d15e258497b43dfcc6ba

SHA1
bab309bef7eb6c3975a3197b3d22366a5e9d62ed

SHA256
bebb16fe87c2b75a0ee45b9385b4da4545ad4f7ef906a98479f7689c7a41a0a6

SHA512
3f7efba675bdf7c6d55f76d96ddaa33f52d9d6b6f49ae1d3358a9ebd11f7c6b6505ffee34bde9c3fe940b3785956ba82382da518a5762751184fd0a967df1571

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
5b212688c0725a3ff67bde4b2453aeed

SHA1
da5c05fbb8ec241e8824c52060ab6f1e82e16544

SHA256
df03fa87b4938948749a98511a99e777a10eb7b1c9455567042c268e53155f75

SHA512
ff8a6cdacfe46fa43c1af27e3ad7b6ccdc1a53b4a09a43da8a7be154688db454325571cd0b0cfe0ae03bb3f731a787bc1a1b4db890954e5c789b1a990bf5caa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
9195b3b9d1de31e688c858072c05f6c8

SHA1
5ad7c803a255221afbb632e9cf76f2e1c133c2dd

SHA256
3a97faa28cf9652c3e6f081cdc61a3427d995b58100d4e3a63930988caa25c52

SHA512
70415bb0e790039200ebcc1b3c3587958ab8cb32ff48494da2c13d2223619697650d8490dffa03bc5aeb908c243ed4392c309c5c240f3e3d8be6c09b5a42dc9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
95fe7a01ee6fd87ff3bdeeeb2174ac7c

SHA1
557b7a96430a582a50079a695a5d3ae083f1a3a2

SHA256
b498b6838774856cd9c53b7586c48691f38ab00f93766c51ffae0afe9a79855f

SHA512
93d4381bcc15733051a45fe65d131d015daf1e741d2507ebe514b650361acfdef59a9a81be81e0077bf29dd879660ae90449b679e7111e11ffdc04d68917b461

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
62b55a15fd6e72cf70e113fa02cd0500

SHA1
0ef5bb5d3d4289b65c126ad22373c3c25341c7ac

SHA256
bf3e471e561952534e246d6c02329351052e4d8c27013c23cc0706132c653c1b

SHA512
f034b9e7c2993b8d384a35d2ffc87d62b7d4d8a8086573f916ad52592fde9756e6cc3767303882b9d950e27c7f122b91478fbc8ed094722b86391ba394385a6b

Download Submit
memory/2968-47-0x0000000005010000-0x0000000005018000-memory.dmp

Filesize
32KB

Download
memory/2968-72-0x0000000005010000-0x0000000005018000-memory.dmp

Filesize
32KB

Download
memory/2968-127-0x0000000004DE0000-0x0000000004DE8000-memory.dmp

Filesize
32KB

Download
memory/2968-148-0x0000000004DE0000-0x0000000004DE8000-memory.dmp

Filesize
32KB

Download
memory/2968-150-0x0000000004E10000-0x0000000004E18000-memory.dmp

Filesize
32KB

Download
memory/2968-126-0x0000000004E80000-0x0000000004E88000-memory.dmp

Filesize
32KB

Download
memory/2968-163-0x0000000004BA0000-0x0000000004BA8000-memory.dmp

Filesize
32KB

Download
memory/2968-125-0x0000000004E70000-0x0000000004E78000-memory.dmp

Filesize
32KB

Download
memory/2968-171-0x0000000004E10000-0x0000000004E18000-memory.dmp

Filesize
32KB

Download
memory/2968-173-0x0000000004DE0000-0x0000000004DE8000-memory.dmp

Filesize
32KB

Download
memory/2968-124-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

Filesize
32KB

Download
memory/2968-123-0x0000000004C40000-0x0000000004C48000-memory.dmp

Filesize
32KB

Download
memory/2968-120-0x0000000004C40000-0x0000000004C48000-memory.dmp

Filesize
32KB

Download
memory/2968-112-0x0000000004BA0000-0x0000000004BA8000-memory.dmp

Filesize
32KB

Download
memory/2968-111-0x0000000004B80000-0x0000000004B88000-memory.dmp

Filesize
32KB

Download
memory/2968-140-0x0000000004BA0000-0x0000000004BA8000-memory.dmp

Filesize
32KB

Download
memory/2968-70-0x0000000005140000-0x0000000005148000-memory.dmp

Filesize
32KB

Download
memory/2968-62-0x0000000004CC0000-0x0000000004CC8000-memory.dmp

Filesize
32KB

Download
memory/2968-49-0x0000000005140000-0x0000000005148000-memory.dmp

Filesize
32KB

Download
memory/2968-0-0x0000000000400000-0x00000000009B3000-memory.dmp

Filesize
5.7MB

Download
memory/2968-39-0x0000000004CC0000-0x0000000004CC8000-memory.dmp

Filesize
32KB

Download
memory/2968-26-0x0000000005010000-0x0000000005018000-memory.dmp

Filesize
32KB

Download
memory/2968-25-0x00000000051A0000-0x00000000051A8000-memory.dmp

Filesize
32KB

Download
memory/2968-24-0x00000000052A0000-0x00000000052A8000-memory.dmp

Filesize
32KB

Download
memory/2968-22-0x0000000004D40000-0x0000000004D48000-memory.dmp

Filesize
32KB

Download
memory/2968-23-0x0000000005000000-0x0000000005008000-memory.dmp

Filesize
32KB

Download
memory/2968-19-0x0000000004D80000-0x0000000004D88000-memory.dmp

Filesize
32KB

Download
memory/2968-17-0x0000000004CC0000-0x0000000004CC8000-memory.dmp

Filesize
32KB

Download
memory/2968-16-0x0000000004CA0000-0x0000000004CA8000-memory.dmp

Filesize
32KB

Download
memory/2968-9-0x00000000041F0000-0x0000000004200000-memory.dmp

Filesize
64KB

Download
memory/2968-3-0x0000000004050000-0x0000000004060000-memory.dmp

Filesize
64KB

Download
memory/2968-601-0x0000000000400000-0x00000000009B3000-memory.dmp

Filesize
5.7MB

Download