darkcomet | 1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362

Analysis

max time kernel
9s
max time network
142s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
Size

1.5MB
MD5

4bb315fbc47de30e0bb3f0f3551b4970
SHA1

b60c0cc43d6255b70217875acff1ab7f7732a71f
SHA256

1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362
SHA512

cd16b6d52da9863f50432019c2028c5c1ea73cb1f3ec5f6e0a30a54af32aced27ef6c40395edc72ed69cbada85527eb81da09465cf427344566de80f6ac42fa9

Score

10^/10

darkcomet runescape persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

Runescape

mrsnickers03.no-ip.biz:340

Mutex

DC_MUTEX-6ZFK11A

Attributes

gencode
uNwew4gojxtu
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 1 IoCs

Processes:

ichader.exe

pid process

1160 ichader.exe

pid	process
1160	ichader.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1784-39-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/1784-40-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/1108-95-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/1108-100-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/1108-102-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Loads dropped DLL 5 IoCs

Processes:

1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe

pid	process
1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\java = "C:\\Users\\Admin\\AppData\\Roaming\\IDM\\ichader.exe"	reg.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe

description	pid	process	target process
PID 844 set thread context of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 set thread context of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

svchost.exe

pid	process
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe
1652	svchost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exesvchost.exe1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exeichader.exe

pid	process
844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
1652	svchost.exe
1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
1160	ichader.exe

Suspicious use of WriteProcessMemory 30 IoCs

Processes:

1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.execmd.exe

description	pid	process	target process
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1652	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	svchost.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 844 wrote to memory of 1784	844	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
PID 1784 wrote to memory of 1472	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	cmd.exe
PID 1784 wrote to memory of 1472	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	cmd.exe
PID 1784 wrote to memory of 1472	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	cmd.exe
PID 1784 wrote to memory of 1472	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	cmd.exe
PID 1472 wrote to memory of 1504	1472	cmd.exe	reg.exe
PID 1472 wrote to memory of 1504	1472	cmd.exe	reg.exe
PID 1472 wrote to memory of 1504	1472	cmd.exe	reg.exe
PID 1472 wrote to memory of 1504	1472	cmd.exe	reg.exe
PID 1784 wrote to memory of 1160	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	ichader.exe
PID 1784 wrote to memory of 1160	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	ichader.exe
PID 1784 wrote to memory of 1160	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	ichader.exe
PID 1784 wrote to memory of 1160	1784	1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe	ichader.exe

C:\Users\Admin\AppData\Local\Temp\1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
"C:\Users\Admin\AppData\Local\Temp\1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:844

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe
"C:\Users\Admin\AppData\Local\Temp\1cc3c44cb2987e697a2c4e3f2b48dfe5555b774dc86efcb06d15f64a9ab14362.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1784

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XCNKJ.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:1472

C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "java" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\IDM\ichader.exe" /f
4⤵
- Adds Run key to start application
PID:1504

C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
"C:\Users\Admin\AppData\Roaming\IDM\ichader.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\XCNKJ.bat
MD5
92353035f01403e26aa2ff51c3963238

SHA1
d13f167c73bfce23a2deab8ce7c4ce9f78759ff4

SHA256
2e72a8542f8f809bfb1e4adfb481c7c5e6dc00dda7970c74692ba8d83ea0a870

SHA512
74560e33477caae3c7bc13914e4ae3c6911bbcfe257b2833155c236a158db0aca17478beb9d97f648ff1ea566005260f511361771c74203195107f4e82cce7df

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
8e143ac14b9ae196f70b51f597abab5f

SHA1
51070ebe93eee1df9e94f123c392b4580c406d56

SHA256
db6f5e17c3c07c2fe6a28f324c4caef78dd5bc572c39beab079b8903dcfc6db0

SHA512
4e9e17e0c8384105e857e69e501de659dbad7b52980b84571d7750059cc10c7c281de50191e26bffc1016ef513222dd0640d3410ccba14ee78ac735048178a5f

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
8e143ac14b9ae196f70b51f597abab5f

SHA1
51070ebe93eee1df9e94f123c392b4580c406d56

SHA256
db6f5e17c3c07c2fe6a28f324c4caef78dd5bc572c39beab079b8903dcfc6db0

SHA512
4e9e17e0c8384105e857e69e501de659dbad7b52980b84571d7750059cc10c7c281de50191e26bffc1016ef513222dd0640d3410ccba14ee78ac735048178a5f

Download Submit
\Users\Admin\AppData\Roaming\IDM\ichader.exe

Download Submit
\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
8e143ac14b9ae196f70b51f597abab5f

SHA1
51070ebe93eee1df9e94f123c392b4580c406d56

SHA256
db6f5e17c3c07c2fe6a28f324c4caef78dd5bc572c39beab079b8903dcfc6db0

SHA512
4e9e17e0c8384105e857e69e501de659dbad7b52980b84571d7750059cc10c7c281de50191e26bffc1016ef513222dd0640d3410ccba14ee78ac735048178a5f

Download Submit
\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
8e143ac14b9ae196f70b51f597abab5f

SHA1
51070ebe93eee1df9e94f123c392b4580c406d56

SHA256
db6f5e17c3c07c2fe6a28f324c4caef78dd5bc572c39beab079b8903dcfc6db0

SHA512
4e9e17e0c8384105e857e69e501de659dbad7b52980b84571d7750059cc10c7c281de50191e26bffc1016ef513222dd0640d3410ccba14ee78ac735048178a5f

Download Submit
\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
8e143ac14b9ae196f70b51f597abab5f

SHA1
51070ebe93eee1df9e94f123c392b4580c406d56

SHA256
db6f5e17c3c07c2fe6a28f324c4caef78dd5bc572c39beab079b8903dcfc6db0

SHA512
4e9e17e0c8384105e857e69e501de659dbad7b52980b84571d7750059cc10c7c281de50191e26bffc1016ef513222dd0640d3410ccba14ee78ac735048178a5f

Download Submit
\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
8e143ac14b9ae196f70b51f597abab5f

SHA1
51070ebe93eee1df9e94f123c392b4580c406d56

SHA256
db6f5e17c3c07c2fe6a28f324c4caef78dd5bc572c39beab079b8903dcfc6db0

SHA512
4e9e17e0c8384105e857e69e501de659dbad7b52980b84571d7750059cc10c7c281de50191e26bffc1016ef513222dd0640d3410ccba14ee78ac735048178a5f

Download Submit
memory/844-25-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-2-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-16-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-18-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-17-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-19-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-22-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-23-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-24-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-3-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-26-0x0000000000638000-0x0000000000639000-memory.dmp

Filesize
4KB

Download
memory/844-27-0x0000000000638000-0x0000000000639000-memory.dmp

Filesize
4KB

Download
memory/844-29-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-28-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-30-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-9-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-10-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-4-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-8-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-11-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-7-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-5-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-13-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-6-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/844-12-0x0000000000636000-0x0000000000637000-memory.dmp

Filesize
4KB

Download
memory/1108-95-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1108-96-0x00000000004B5210-mapping.dmp

Download
memory/1108-100-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1108-102-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1160-79-0x00000000002B8000-0x00000000002B9000-memory.dmp

Filesize
4KB

Download
memory/1160-72-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-77-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-82-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-56-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-55-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-57-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-58-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-59-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-60-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-62-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-63-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-64-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-65-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-66-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-61-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-69-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-70-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-71-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-51-0x0000000000000000-mapping.dmp

Download
memory/1160-75-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-76-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-78-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-83-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1160-80-0x00000000002B8000-0x00000000002B9000-memory.dmp

Filesize
4KB

Download
memory/1160-81-0x00000000002B6000-0x00000000002B7000-memory.dmp

Filesize
4KB

Download
memory/1472-43-0x0000000000000000-mapping.dmp

Download
memory/1504-45-0x0000000000000000-mapping.dmp

Download
memory/1652-33-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1652-31-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1652-36-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1652-32-0x000000000040B000-mapping.dmp

Download
memory/1784-39-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1784-34-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1784-35-0x00000000004085D0-mapping.dmp

Download
memory/1784-40-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1904-84-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1904-86-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1904-85-0x000000000040B000-mapping.dmp

Download
memory/1944-89-0x00000000004085D0-mapping.dmp

Download