darkcomet | 80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607

Analysis

max time kernel
32s
max time network
184s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
Size

820KB
MD5

335348bdde8b7504a4c4fc5ac784cdff
SHA1

4bb83a1aad1dbd89ccb0278a002b4914923ae1f3
SHA256

80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607
SHA512

da87e3ee0bd5bd2f55dfe292034df51ee8ff41b57ba739ea2ba3492045bfd3cede36fa5bdad8ae365a9f86703cda55e13b30f35ee2245491fa88615984c3a024
SSDEEP

24576:/L+CsgR8Qn8TFJe48USD6gMmGo7O4gKgulRBm:D+Cv8+6Fk4dSQm97gK9g

Score

10^/10

darkcomet xvjsdkf persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

xvjsdkf

74.109.119.83:1905

Mutex

DCMIN_MUTEX-D1LGNER

Attributes

gencode
fasCeqn8BZ5i
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/940-67-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/940-71-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/940-69-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/1952-74-0x0000000000400000-0x0000000000495000-memory.dmp	upx
behavioral1/memory/940-81-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/940-77-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/1952-87-0x0000000000400000-0x0000000000495000-memory.dmp	upx
behavioral1/memory/940-89-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/940-92-0x0000000000400000-0x000000000040B000-memory.dmp	upx
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
behavioral1/memory/1340-135-0x0000000000400000-0x0000000000495000-memory.dmp	upx
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
behavioral1/memory/1340-154-0x0000000000400000-0x0000000000495000-memory.dmp	upx
behavioral1/memory/1052-158-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/940-156-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe	upx
behavioral1/memory/1052-181-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\Key Name = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\cssrss.exe"	reg.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe

description	pid	process	target process
PID 1952 set thread context of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 set thread context of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

svchost.exe

pid	process
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe
960	svchost.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exesvchost.exe80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe

pid	process
1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
960	svchost.exe
940	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe

Suspicious use of WriteProcessMemory 26 IoCs

Processes:

80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.execmd.exe

description	pid	process	target process
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 960	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	svchost.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 1952 wrote to memory of 940	1952	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
PID 940 wrote to memory of 1308	940	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	cmd.exe
PID 940 wrote to memory of 1308	940	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	cmd.exe
PID 940 wrote to memory of 1308	940	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	cmd.exe
PID 940 wrote to memory of 1308	940	80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe	cmd.exe
PID 1308 wrote to memory of 1000	1308	cmd.exe	reg.exe
PID 1308 wrote to memory of 1000	1308	cmd.exe	reg.exe
PID 1308 wrote to memory of 1000	1308	cmd.exe	reg.exe
PID 1308 wrote to memory of 1000	1308	cmd.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
"C:\Users\Admin\AppData\Local\Temp\80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe
"C:\Users\Admin\AppData\Local\Temp\80c01eb5095f443ee91733e875ca3ad9f208453792ce6f3f7825555993e77607.exe"
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:940

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CFRSN.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:1308

C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Key Name" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe" /f
4⤵
- Adds Run key to start application
PID:1000

C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe"
3⤵
PID:1340

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
4⤵
PID:1664

C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe"
4⤵
PID:1052

C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe"
4⤵
PID:636

C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
5⤵
PID:1948

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CFRSN.bat
Filesize
146B

MD5
cc36e099183b70217507be8aadac3beb

SHA1
932fe51dee3ceb3b5e7f0da22cef40c1a2fc1db5

SHA256
235b6a8af2f453d969a30bd9fc3ae952426090e6321c6e495a058a89b56105f2

SHA512
af1d6336563d434708f3da081ffd75e1b605ec2f527acb04119d3ebc2e49ae6518abd17d06757acfe128147c0e3caac53c81d32732bcdfcce0581984c582f558

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\cssrss.exe
Filesize
820KB

MD5
409f7c23d02d6ab2c5f90f8f9062974e

SHA1
d9bf86e2ac559543db602222e3217515b0fac153

SHA256
b5eb13dc17f5aa10755be186eec222a9786f2477ae132887dfb4ce85f2c45def

SHA512
865c471234e600dff0417376b067a21276e4f6edee416be69b904ff8b6bef45325c875b3c363f37c028228e60282dd713db693870d46372ceb72f14f97273ebd

Download Submit
memory/636-142-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/636-147-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/636-149-0x00000000004013F8-mapping.dmp

Download
memory/636-136-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/636-133-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/636-179-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/940-81-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-103-0x0000000002CA0000-0x0000000002D35000-memory.dmp

Filesize
596KB

Download
memory/940-77-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-73-0x00000000004085D0-mapping.dmp

Download
memory/940-109-0x0000000002CA0000-0x0000000002D35000-memory.dmp

Filesize
596KB

Download
memory/940-107-0x0000000002CA0000-0x0000000002D35000-memory.dmp

Filesize
596KB

Download
memory/940-105-0x0000000002CA0000-0x0000000002D35000-memory.dmp

Filesize
596KB

Download
memory/940-89-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-90-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/940-102-0x0000000002CA0000-0x0000000002D35000-memory.dmp

Filesize
596KB

Download
memory/940-92-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-69-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-71-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-67-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-66-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/940-156-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/960-88-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-56-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-62-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-91-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-72-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-63-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-57-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-64-0x000000000040B000-mapping.dmp

Download
memory/960-59-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-61-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/960-70-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1000-95-0x0000000000000000-mapping.dmp

Download
memory/1052-158-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1052-129-0x00000000004085D0-mapping.dmp

Download
memory/1052-181-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1308-93-0x0000000000000000-mapping.dmp

Download
memory/1340-150-0x00000000026A0000-0x00000000026A2000-memory.dmp

Filesize
8KB

Download
memory/1340-148-0x0000000002690000-0x0000000002698000-memory.dmp

Filesize
32KB

Download
memory/1340-153-0x00000000026B0000-0x00000000026B2000-memory.dmp

Filesize
8KB

Download
memory/1340-146-0x0000000001E40000-0x0000000001E42000-memory.dmp

Filesize
8KB

Download
memory/1340-154-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1340-135-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1340-138-0x00000000004F0000-0x00000000004F2000-memory.dmp

Filesize
8KB

Download
memory/1340-101-0x0000000000000000-mapping.dmp

Download
memory/1340-143-0x0000000001E30000-0x0000000001E32000-memory.dmp

Filesize
8KB

Download
memory/1340-140-0x0000000000500000-0x0000000000502000-memory.dmp

Filesize
8KB

Download
memory/1664-118-0x000000000040B000-mapping.dmp

Download
memory/1664-115-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1664-184-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1664-124-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1664-113-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1664-117-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1664-116-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1664-155-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1948-163-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-177-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-185-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-160-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-161-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-183-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-165-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-167-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-170-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-169-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-172-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-174-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1948-175-0x000000000048F888-mapping.dmp

Download
memory/1952-83-0x00000000005F0000-0x00000000005F2000-memory.dmp

Filesize
8KB

Download
memory/1952-78-0x0000000000570000-0x0000000000572000-memory.dmp

Filesize
8KB

Download
memory/1952-87-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1952-85-0x0000000001D90000-0x0000000001D98000-memory.dmp

Filesize
32KB

Download
memory/1952-76-0x0000000000550000-0x0000000000552000-memory.dmp

Filesize
8KB

Download
memory/1952-74-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1952-80-0x00000000005A0000-0x00000000005A2000-memory.dmp

Filesize
8KB

Download