darkcomet | 0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe
Size

2.7MB
MD5

84bf54351957e900ffed47bec794bad7
SHA1

99c2985eec7c242cc0b574138af08ae2f2d9c0ac
SHA256

0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25
SHA512

aafcfb2c36eb42b5e52d26c88a4e004bb89a1127a04714c245bdd09ad49d22f3bcfdbaf42aeed4d9932646e39422d66605149e858a4f35c9e8f59270e6751ba2
SSDEEP

49152:bkwkn9IMHeae6S5VuaVP1L3TQ/8hdROmzdL0zy4tEwdHO5BIPbSj+XC2Qg9aPCS:IdnV5MVuQt7TQEh7OmJxw0MPWj+XC2FL

Score

10^/10

darkcomet guest16_min persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

verydark25.no-ip.biz:100

Mutex

DCMIN_MUTEX-QPZZXFD

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
0GZSgZY5XLqM
install
true
offline_keylogger
true
persistence
false
reg_key
Chrome Updater

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

613.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\DCSCMIN\\IMDCSC.exe"	613.exe

Executes dropped EXE 4 IoCs

Processes:

613.exe613.exeIMDCSC.exeIMDCSC.exe

pid process

1712 613.exe
1688 613.exe
916 IMDCSC.exe
1068 IMDCSC.exe

pid	process
1712	613.exe
1688	613.exe
916	IMDCSC.exe
1068	IMDCSC.exe

Loads dropped DLL 13 IoCs

Processes:

0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe613.exe613.exeWerFault.exe

pid	process
1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe
1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe
1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe
1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe
1712	613.exe
1688	613.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

613.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Chrome Updater = "C:\\Users\\Admin\\Documents\\DCSCMIN\\IMDCSC.exe"	613.exe

AutoIT Executable 19 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
C:\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
C:\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
C:\Users\Admin\AppData\Local\Temp\613\613.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe	autoit_exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

613.exe

description pid process target process

PID 1712 set thread context of 1688 1712 613.exe 613.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

748 916 WerFault.exe IMDCSC.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

613.exeIMDCSC.exe

pid process

1712 613.exe
916 IMDCSC.exe

description	pid	process	target process
PID 1712 set thread context of 1688	1712	613.exe	613.exe

pid	pid_target	process	target process
748	916	WerFault.exe	IMDCSC.exe

pid	process
1712	613.exe
916	IMDCSC.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

613.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1688	613.exe
Token: SeSecurityPrivilege	1688	613.exe
Token: SeTakeOwnershipPrivilege	1688	613.exe
Token: SeLoadDriverPrivilege	1688	613.exe
Token: SeSystemProfilePrivilege	1688	613.exe
Token: SeSystemtimePrivilege	1688	613.exe
Token: SeProfSingleProcessPrivilege	1688	613.exe
Token: SeIncBasePriorityPrivilege	1688	613.exe
Token: SeCreatePagefilePrivilege	1688	613.exe
Token: SeBackupPrivilege	1688	613.exe
Token: SeRestorePrivilege	1688	613.exe
Token: SeShutdownPrivilege	1688	613.exe
Token: SeDebugPrivilege	1688	613.exe
Token: SeSystemEnvironmentPrivilege	1688	613.exe
Token: SeChangeNotifyPrivilege	1688	613.exe
Token: SeRemoteShutdownPrivilege	1688	613.exe
Token: SeUndockPrivilege	1688	613.exe
Token: SeManageVolumePrivilege	1688	613.exe
Token: SeImpersonatePrivilege	1688	613.exe
Token: SeCreateGlobalPrivilege	1688	613.exe
Token: 33	1688	613.exe
Token: 34	1688	613.exe
Token: 35	1688	613.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe613.exe613.exeIMDCSC.exe

description	pid	process	target process
PID 1752 wrote to memory of 1712	1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe	613.exe
PID 1752 wrote to memory of 1712	1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe	613.exe
PID 1752 wrote to memory of 1712	1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe	613.exe
PID 1752 wrote to memory of 1712	1752	0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe	613.exe
PID 1712 wrote to memory of 1688	1712	613.exe	613.exe
PID 1712 wrote to memory of 1688	1712	613.exe	613.exe
PID 1712 wrote to memory of 1688	1712	613.exe	613.exe
PID 1712 wrote to memory of 1688	1712	613.exe	613.exe
PID 1712 wrote to memory of 1688	1712	613.exe	613.exe
PID 1712 wrote to memory of 1688	1712	613.exe	613.exe
PID 1688 wrote to memory of 916	1688	613.exe	IMDCSC.exe
PID 1688 wrote to memory of 916	1688	613.exe	IMDCSC.exe
PID 1688 wrote to memory of 916	1688	613.exe	IMDCSC.exe
PID 1688 wrote to memory of 916	1688	613.exe	IMDCSC.exe
PID 916 wrote to memory of 1068	916	IMDCSC.exe	IMDCSC.exe
PID 916 wrote to memory of 1068	916	IMDCSC.exe	IMDCSC.exe
PID 916 wrote to memory of 1068	916	IMDCSC.exe	IMDCSC.exe
PID 916 wrote to memory of 1068	916	IMDCSC.exe	IMDCSC.exe
PID 916 wrote to memory of 748	916	IMDCSC.exe	WerFault.exe
PID 916 wrote to memory of 748	916	IMDCSC.exe	WerFault.exe
PID 916 wrote to memory of 748	916	IMDCSC.exe	WerFault.exe
PID 916 wrote to memory of 748	916	IMDCSC.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe
"C:\Users\Admin\AppData\Local\Temp\0ed85fa7d62a79306a7e52a321de3d1880afd9ef5ba376569f528e7f52047f25.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1752

C:\Users\Admin\AppData\Local\Temp\613\613.exe
"C:\Users\Admin\AppData\Local\Temp\613\613.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1712

C:\Users\Admin\AppData\Local\Temp\613\613.exe
"C:\Users\Admin\AppData\Local\Temp\613\613.exe"
3⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
"C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:916

C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
"C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe"
5⤵
- Executes dropped EXE
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 372
5⤵
- Loads dropped DLL
- Program crash
PID:748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\res.ico

Filesize
658KB

MD5
07c4d7f2b2cfa8ab7b39a250429bfa78

SHA1
dc0e4ca81efbef25aa53d08dbc7fd24008b790b9

SHA256
0076395fd58ddcfaa73dcce59a05eb3b45d7116f671f32b5077846bddf3c16b2

SHA512
2a806c450f58e3e583f956a0c4a756e71a87c9e6ebce12d9ff5fa01f5724ee5823f22183d73ca0cba5fed772139c576bdf883b237f3b8897fc5264cdc68aa005

Download Submit
C:\Users\Admin\AppData\Local\Temp\res.ico2

Filesize
658KB

MD5
07c4d7f2b2cfa8ab7b39a250429bfa78

SHA1
dc0e4ca81efbef25aa53d08dbc7fd24008b790b9

SHA256
0076395fd58ddcfaa73dcce59a05eb3b45d7116f671f32b5077846bddf3c16b2

SHA512
2a806c450f58e3e583f956a0c4a756e71a87c9e6ebce12d9ff5fa01f5724ee5823f22183d73ca0cba5fed772139c576bdf883b237f3b8897fc5264cdc68aa005

Download Submit
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\AppData\Local\Temp\613\613.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
e3db605b6b773ae7ed7fe8596abae583

SHA1
2b573adfe3e3a2edc68936a3e864d7a9a909f12d

SHA256
53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f

SHA512
a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b

Download Submit
memory/748-81-0x0000000000000000-mapping.dmp

Download
memory/916-73-0x0000000000000000-mapping.dmp

Download
memory/1688-77-0x00000000000C0000-0x0000000000172000-memory.dmp

Filesize
712KB

Download
memory/1688-71-0x00000000000C0000-0x0000000000172000-memory.dmp

Filesize
712KB

Download
memory/1688-69-0x00000000000C0000-0x0000000000172000-memory.dmp

Filesize
712KB

Download
memory/1688-67-0x000000000014F888-mapping.dmp

Download
memory/1688-66-0x00000000000C0000-0x0000000000172000-memory.dmp

Filesize
712KB

Download
memory/1688-64-0x00000000000C0000-0x0000000000172000-memory.dmp

Filesize
712KB

Download
memory/1712-59-0x0000000000000000-mapping.dmp

Download
memory/1752-54-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download