darkcomet | 6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb

Analysis

max time kernel
153s
max time network
94s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
Size

932KB
MD5

7e80342ffb90f453028d8606d219711c
SHA1

01994770e9fa0ed87157ae1f621c5d4e54fe2c72
SHA256

6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb
SHA512

1e2b172c941583ed5ae395f34301e0d982d397a940d01b548e803c2533a6f289c81631543d5998b7e1b1162ab0e764cfd8f1e301c356bc9ae13b33a0c7dc4f29
SSDEEP

12288:lDKoo9n4dhg6XpkikDinEo4ccilYWkPLk8+IPfI7oRn6xXBIedJ/RRo:7OnWg6Z3k049WwLk8G7ol6dBIeM

Score

10^/10

darkcomet deupdate persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

DEUPDATE

xdarkx.zapto.org:1604

Mutex

DC_MUTEX-5HAFWPD

Attributes

gencode
h7Ba7QTpm8E6
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 2 IoCs

Processes:

JavaControl.exeJavaControl.exe

pid process

1720 JavaControl.exe
572 JavaControl.exe

pid	process
1720	JavaControl.exe
572	JavaControl.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/972-113-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/972-115-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/972-116-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/972-119-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/972-120-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/972-123-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/972-137-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/572-159-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/972-177-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/572-182-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Loads dropped DLL 5 IoCs

Processes:

6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe

pid	process
972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\JavaControl = "C:\\Users\\Admin\\AppData\\Roaming\\JavaControl\\JavaControl.exe"	reg.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exeJavaControl.exe

description	pid	process	target process
PID 1836 set thread context of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1720 set thread context of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 set thread context of 1484	1720	JavaControl.exe	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

JavaControl.exesvchost.exe

description	pid	process
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeIncreaseQuotaPrivilege	1484	svchost.exe
Token: SeSecurityPrivilege	1484	svchost.exe
Token: SeTakeOwnershipPrivilege	1484	svchost.exe
Token: SeLoadDriverPrivilege	1484	svchost.exe
Token: SeSystemProfilePrivilege	1484	svchost.exe
Token: SeSystemtimePrivilege	1484	svchost.exe
Token: SeProfSingleProcessPrivilege	1484	svchost.exe
Token: SeIncBasePriorityPrivilege	1484	svchost.exe
Token: SeCreatePagefilePrivilege	1484	svchost.exe
Token: SeBackupPrivilege	1484	svchost.exe
Token: SeRestorePrivilege	1484	svchost.exe
Token: SeShutdownPrivilege	1484	svchost.exe
Token: SeDebugPrivilege	1484	svchost.exe
Token: SeSystemEnvironmentPrivilege	1484	svchost.exe
Token: SeChangeNotifyPrivilege	1484	svchost.exe
Token: SeRemoteShutdownPrivilege	1484	svchost.exe
Token: SeUndockPrivilege	1484	svchost.exe
Token: SeManageVolumePrivilege	1484	svchost.exe
Token: SeImpersonatePrivilege	1484	svchost.exe
Token: SeCreateGlobalPrivilege	1484	svchost.exe
Token: 33	1484	svchost.exe
Token: 34	1484	svchost.exe
Token: 35	1484	svchost.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe
Token: SeDebugPrivilege	572	JavaControl.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exeJavaControl.exeJavaControl.exesvchost.exe

pid	process
1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
1720	JavaControl.exe
572	JavaControl.exe
1484	svchost.exe

Suspicious use of WriteProcessMemory 41 IoCs

Processes:

6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.execmd.exeJavaControl.exe

description	pid	process	target process
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 1836 wrote to memory of 972	1836	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
PID 972 wrote to memory of 1728	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	cmd.exe
PID 972 wrote to memory of 1728	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	cmd.exe
PID 972 wrote to memory of 1728	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	cmd.exe
PID 972 wrote to memory of 1728	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	cmd.exe
PID 1728 wrote to memory of 1332	1728	cmd.exe	reg.exe
PID 1728 wrote to memory of 1332	1728	cmd.exe	reg.exe
PID 1728 wrote to memory of 1332	1728	cmd.exe	reg.exe
PID 1728 wrote to memory of 1332	1728	cmd.exe	reg.exe
PID 972 wrote to memory of 1720	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	JavaControl.exe
PID 972 wrote to memory of 1720	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	JavaControl.exe
PID 972 wrote to memory of 1720	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	JavaControl.exe
PID 972 wrote to memory of 1720	972	6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 572	1720	JavaControl.exe	JavaControl.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe
PID 1720 wrote to memory of 1484	1720	JavaControl.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
"C:\Users\Admin\AppData\Local\Temp\6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1836

C:\Users\Admin\AppData\Local\Temp\6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe
"C:\Users\Admin\AppData\Local\Temp\6186ade7a5119083d12d73295f5d6e1247cfb1a23d5144dc7ff5eb4ff1be78bb.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MLYFO.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "JavaControl" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe" /f
4⤵
- Adds Run key to start application
PID:1332

C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
"C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720

C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
"C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:572

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1484

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MLYFO.bat
Filesize
156B

MD5
fcd9c59b7c066039276c7eaed1f56616

SHA1
da17afd2b6104ba093e86b0a197e9e0e9100f4d0

SHA256
68ce6fd4b029c2cd2e4c6084ce14fe110ca6171640e5fed398f68b04b97dc8f3

SHA512
052ae24272bb877f0c89354ab6e10cc2a9475bc7d3c481c9ad39af5f578a2d4dd615a1183833e18e70673e24ec95195d47b36d5fc98c477336e748bc990ea69b

Download Submit
C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
C:\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
\Users\Admin\AppData\Roaming\JavaControl\JavaControl.exe
Filesize
932KB

MD5
fb19dee47e0d70735394441cf0e86edc

SHA1
40f57f4cc13133a9650f1a7ccc2200a8a3883d88

SHA256
84381ac61c5371280a30bce6f7c100a054531874607149b26a545843e1c84a47

SHA512
fb9d1dfa0f539f73e7d5fa6accf7ad460f9ec729af321b7d3a106ba34e0b8e97d9d06bb2140b15447e19dcaeb3f9c592681d30f717ddeb4b2cb3a8e4e1c38d38

Download Submit
memory/572-149-0x00000000004085D0-mapping.dmp

Download
memory/572-159-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/572-182-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-119-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-124-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download
memory/972-123-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-177-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-120-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-117-0x00000000004085D0-mapping.dmp

Download
memory/972-116-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-137-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-115-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-113-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/972-112-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1332-127-0x0000000000000000-mapping.dmp

Download
memory/1484-169-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-175-0x0000000000490888-mapping.dmp

Download
memory/1484-183-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-181-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-160-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-161-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-163-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-165-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-167-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-180-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-170-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-172-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-174-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1484-176-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1720-141-0x00000000028F0000-0x00000000029C6000-memory.dmp

Filesize
856KB

Download
memory/1720-133-0x0000000000000000-mapping.dmp

Download
memory/1720-138-0x0000000000950000-0x0000000000954000-memory.dmp

Filesize
16KB

Download
memory/1720-140-0x0000000000950000-0x0000000000954000-memory.dmp

Filesize
16KB

Download
memory/1728-125-0x0000000000000000-mapping.dmp

Download
memory/1836-107-0x00000000028F0000-0x00000000029C6000-memory.dmp

Filesize
856KB

Download