darkcomet | 166c477928d3f10104edbb3a44e7922567c70a8bf58f51a76fa971fd2ad8194c

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2024 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Size

850KB
MD5

6b5228408867c1a250c177ce49489273
SHA1

a1ad3579cb3666025008484d288b23c5907db80a
SHA256

166c477928d3f10104edbb3a44e7922567c70a8bf58f51a76fa971fd2ad8194c
SHA512

66843e1a618b9908448124bdc6c9b930c5435fa2929186ea613c859d3b4b243e35d4a5b96beb6af348740793159d5ee1d17493142d05f8bd75133365a3d74aed
SSDEEP

24576:OnukqBdH2BuGCZg/vBcOAJaaktmSqvv/IOuAT:m4KBBCgvAJHktmS8vQOuA

Score

10^/10

darkcomet guest16 evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

6.tcp.ngrok.io:10371

Mutex

DC_MUTEX-VHZPBK5

Attributes

gencode
iXnzmGbAY8jT
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Sets file to hidden 1 TTPs 1 IoCs
Modifies file attributes to stop it showing in Explorer etc.
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

4876 attrib.exe

pid	process
4876	attrib.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

14 6.tcp.ngrok.io
151 6.tcp.ngrok.io
156 6.tcp.ngrok.io

flow	ioc
14	6.tcp.ngrok.io
151	6.tcp.ngrok.io
156	6.tcp.ngrok.io

Suspicious use of SetThreadContext 1 IoCs

Processes:

6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

description	pid	process	target process
PID 1028 set thread context of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

pid	process
1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

Processes:

6b5228408867c1a250c177ce49489273_JaffaCakes118.exe6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeSecurityPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeSystemtimePrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeBackupPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeRestorePrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeShutdownPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeDebugPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeUndockPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeManageVolumePrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeImpersonatePrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: 33	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: 34	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: 35	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
Token: 36	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

pid process

396 6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

pid	process
396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 43 IoCs

Processes:

6b5228408867c1a250c177ce49489273_JaffaCakes118.exe6b5228408867c1a250c177ce49489273_JaffaCakes118.execmd.exe

description	pid	process	target process
PID 1028 wrote to memory of 3544	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 3544	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 3544	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 1028 wrote to memory of 396	1028	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
PID 396 wrote to memory of 4276	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	cmd.exe
PID 396 wrote to memory of 4276	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	cmd.exe
PID 396 wrote to memory of 4276	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	cmd.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 396 wrote to memory of 2492	396	6b5228408867c1a250c177ce49489273_JaffaCakes118.exe	notepad.exe
PID 4276 wrote to memory of 4876	4276	cmd.exe	attrib.exe
PID 4276 wrote to memory of 4876	4276	cmd.exe	attrib.exe
PID 4276 wrote to memory of 4876	4276	cmd.exe	attrib.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

4876 attrib.exe

pid	process
4876	attrib.exe

C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1028

C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe"
2⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe"
2⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:396

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe" +s +h
3⤵
- Suspicious use of WriteProcessMemory
PID:4276

C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\AppData\Local\Temp\6b5228408867c1a250c177ce49489273_JaffaCakes118.exe" +s +h
4⤵
- Sets file to hidden
- Views/modifies file attributes
PID:4876

C:\Windows\SysWOW64\notepad.exe
notepad
3⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4172 --field-trial-handle=2588,i,14229658658073991926,6938034815163866135,262144 --variations-seed-version /prefetch:8
1⤵
PID:2856

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/396-39-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-73-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-11-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-12-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-13-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/396-90-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/396-81-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-74-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-38-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-72-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-15-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-71-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-70-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-69-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-68-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-16-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-17-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-18-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-19-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-20-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-21-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-22-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-23-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-24-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-25-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-26-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-27-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-28-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-29-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-30-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-31-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-32-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-33-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-34-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-35-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-36-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-49-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-9-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-65-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-40-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-41-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-42-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-43-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-44-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-45-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-46-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-47-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-48-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-37-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-50-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-51-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-52-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-53-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-54-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-55-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-56-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-57-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-58-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-59-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-60-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-61-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-62-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-63-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-64-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-7-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-66-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/396-67-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1028-10-0x0000000075100000-0x00000000758B0000-memory.dmp

Filesize
7.7MB

Download
memory/1028-6-0x000000000A8A0000-0x000000000A8AA000-memory.dmp

Filesize
40KB

Download
memory/1028-5-0x000000000A930000-0x000000000A9C2000-memory.dmp

Filesize
584KB

Download
memory/1028-4-0x000000000ACC0000-0x000000000B264000-memory.dmp

Filesize
5.6MB

Download
memory/1028-3-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/1028-2-0x0000000002A80000-0x0000000002A86000-memory.dmp

Filesize
24KB

Download
memory/1028-1-0x0000000075100000-0x00000000758B0000-memory.dmp

Filesize
7.7MB

Download
memory/1028-0-0x0000000000760000-0x000000000083C000-memory.dmp

Filesize
880KB

Download
memory/2492-14-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download