Overview

overview

10

Static

static

3

JaffaCakes...51.exe

windows7-x64

10

JaffaCakes...51.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2025, 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_106ba4150b011aaf40d8b947225e3f51.exe

  • Size

    2.6MB

  • MD5

    106ba4150b011aaf40d8b947225e3f51

  • SHA1

    ffd99ea0c9478e060ae60faf1d4fbd7a88edaf9f

  • SHA256

    3f5e37013f992b218c16685e981bdba82886cd7f521ad2aff42a0a5a30579497

  • SHA512

    75c11bbf5742c9233431569e903b3f6e27b36bc690a146272b987d4c0fe9eaee407af9897893ad1368b1f2c8edbeec1bb36dd61709e8cafc6736f12a562ff5dd

  • SSDEEP

    24576:z4nxVWjypb0lNU0ayYuu8LyLMIqiKkkhHGGJpVhQKOgoKgX+N1yPNZjSs4fy6uib:+8XlxhvLJp/+nlFZjSzXExessnkLY7N

Score
10/10
darkcomet2012discoverypersistenceprivilege_escalationrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

2012

C2

xtremedata1990.myvnc.com:200

Mutex

DC_MUTEX-4JZV5EN

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    YEgMKA1D2a4a

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    rundll32

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 26 IoCs
  • Loads dropped DLL 44 IoCs
  • Modifies system executable filetype association 2 TTPs 4 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106ba4150b011aaf40d8b947225e3f51.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_106ba4150b011aaf40d8b947225e3f51.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Users\Admin\AppData\Local\Temp\App\Winrar.exe
      C:\Users\Admin\AppData\Local\Temp\\App\Winrar.exe
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2976
      • C:\Users\Admin\AppData\Local\Temp\MSDCSC\msdcsc.exe
        "C:\Users\Admin\AppData\Local\Temp\MSDCSC\msdcsc.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2856
    • C:\Users\Admin\AppData\Local\Temp\winrar-64Bit-400.exe
      "C:\Users\Admin\AppData\Local\Temp\winrar-64Bit-400.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Program Files\WinRAR\uninstall.exe
        "C:\Program Files\WinRAR\uninstall.exe" /setup
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies system executable filetype association
        • Drops file in Program Files directory
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of WriteProcessMemory
        PID:1628
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2600
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1084
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:576
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1484
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1676
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1600
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2300
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2960
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2168
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2688
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2968
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2296
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1152
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1424
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2604
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2996
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1272
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2768
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1408
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:700
        • C:\Program Files\WinRAR\WinRAR.exe
          "C:\Program Files\WinRAR\WinRAR.exe"
          4⤵
          • Executes dropped EXE
          PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\Formats\7z.fmt
    Filesize

    87KB

    MD5

    2fceddec262a4908915508754bc34876

    SHA1

    a6aa640749193ccea5d08f45f1109da3883dbba5

    SHA256

    e1fc78a32c9fb5e35a525e45e9a44b6f79063b830bc0941c62193727b7102cfa

    SHA512

    3652946b19540cabfa1c3711d53c9bc560c142555653b4f43990b0741a7c9f1f04fc1dff5b30b40eaf45a39cb5c520a03709b8b8dc648641fbfe5362e330f28e

    Download Submit

  • C:\Program Files\WinRAR\Formats\arj.fmt
    Filesize

    78KB

    MD5

    14f21001ff104a3d5e58b8850a94cc92

    SHA1

    ce59125f3aa2f3c8c0166c65ec0083bc03a4f898

    SHA256

    f89ab03f2638c3094aa79cfa51f6b818d4161b55ff354ff7fa7f75761a159b7a

    SHA512

    711b46db4c0219f6ac83d9bb1166b98b6824a451a1110d6021af6a1f961a2cfcc80ec6580c47cf05b5a8dc28e2515914555b0ae7e89ff5df98ed4a1a968108b8

    Download Submit

  • C:\Program Files\WinRAR\Formats\bz2.fmt
    Filesize

    85KB

    MD5

    3c85c52d9be2ca338a0fe525e6c32a30

    SHA1

    d8315d4e88d873615257bfb7c4262b628cdb661c

    SHA256

    7bc17144ae1d6581124323f700c9cc0260e91b893fcd383ff74bd50f2489a827

    SHA512

    4bd6e1da766ca0e2e5d6575b3043f87c86e5d1cdb661174281e20176f6b878ea62f6c64f4519c338feda77015be1f0daa62ced68287785d0b9591000566b5c80

    Download Submit

  • C:\Program Files\WinRAR\Formats\gz.fmt
    Filesize

    74KB

    MD5

    a1544369106f62919ec4eecd29d176dd

    SHA1

    f2f3a2947a829e2ff4fd80528b52a5f1dca22f1f

    SHA256

    a66942c8a2d50e4c93c9edc4ec1fa71edbe81d9209c704350a8d3b9443e06f85

    SHA512

    de5972b26e3f77c01840fc8ba16f7cb2dd7173801fbc6a3e5a3d5df320c55c12738d23b577dad7a638e3d6622792b4d2f006234d9c65298c17f1d0a3e7c42f92

    Download Submit

  • C:\Program Files\WinRAR\Formats\iso.fmt
    Filesize

    93KB

    MD5

    97e0ca6d1cf55140646f0395ac89f845

    SHA1

    2b40376d766a70dd4fe7f5981be25daafad13b63

    SHA256

    bc07d568dcdda5ec96725a954731e41a78b9733e50141f50786af3435e73a339

    SHA512

    aa0c421fc6a14aa46a65fbcfe53d4d79d154d600d84cdd8a4389f9ed8199fb0898ba89bc4fa8573fbd708ab245328832ec82ff15146c277b9613f604d6ec5928

    Download Submit

  • C:\Program Files\WinRAR\Formats\lzh.fmt
    Filesize

    94KB

    MD5

    eaa1e2e687463d98bdff429b44e42831

    SHA1

    7ed9874c37cf0f0484aaf141f43f101824c0a84e

    SHA256

    c49bdb0ebd5c83c000b7297a7fcc7befe5393f4a36e9365ffbcc47b26112c160

    SHA512

    e68bf3d4c2c1be429bc3e6586d6b9854a6a10a6a5d9ab8c4a98a961548b339225fce5c7d14316375245587258dc1979f2208f39a987b58a46cf5d4d4bea31eb7

    Download Submit

  • C:\Program Files\WinRAR\Formats\tar.fmt
    Filesize

    65KB

    MD5

    739cfc487e6e1fe830ada0a4ae7af551

    SHA1

    10f9b970249f533681cebd708cb865da5377acdb

    SHA256

    947de56951e45db26c412a017ddc1d84205bad2195d64bda02e293da53eb6265

    SHA512

    4c01feed1338a588f4a68269a2b22fce3f1f9da7c6d88f43760cd615cd15c332e783fc02f5e2f9e55aa8ae303dbb14adc35cbf069b3700aa4387bc41640280dd

    Download Submit

  • C:\Program Files\WinRAR\Formats\uue.fmt
    Filesize

    69KB

    MD5

    57daa10579ec5f8f5842d2644cff71bd

    SHA1

    219b670a078baf97810ab6ce3be9be657c723b65

    SHA256

    310a0b74233dc589bebbb1c297bbb1431434e0cf44691905f7952f7072354133

    SHA512

    5b13953adad9d6ddbdcabb1cb89010c6feafc72dbf8a9ccd9e0f9dde26aa09fdff094e3a24c4f2706707457a1ad20e2eed053ff79367b0b65e48523bfc35b470

    Download Submit

  • C:\Program Files\WinRAR\Formats\z.fmt
    Filesize

    70KB

    MD5

    28231c1a151cb0789874720c2e6b79c2

    SHA1

    e786bff9d8227eabe86cb1d4821ea1e9c0ffb063

    SHA256

    2fafe477f4ddb175744b2b00e79c196c76b1bf9a70ba3cf53ff5583407291e29

    SHA512

    4588496e03f564c46f7bd2635239e2d4967749e94bafcfb39dd84a53a4485ad2b7b04b73e62d0f2ebc4fcd998351b18bca8190bf0a0055b0462857f1113bebbf

    Download Submit

  • C:\Program Files\WinRAR\Order.htm
    Filesize

    3KB

    MD5

    61e5a38df9c011a6b2ff6a1c8128e250

    SHA1

    8b107abce8f96ee4684c81687a87241e489de6b0

    SHA256

    f87e3bb7115718592a56e5699bb5f51bf21db332d3588b7d9f59e8092c2c3556

    SHA512

    3d580f9efe1534d36ceb9ce833ff65b9a1ddb52cfd0b8474e72bd71e7c6605444c3ea5d517c91f940043bcbfc9538e70efa35c28ab1c45f8f66ec55b0f59beba

    Download Submit

  • C:\Program Files\WinRAR\Rar.exe
    Filesize

    408KB

    MD5

    138c0bdafb922e66246691a37ab6bb21

    SHA1

    f5dd998958aebc5e00599faa59128780bf3192ce

    SHA256

    786bfb826fd4871943676bdb784b7da300620c3d0373663dfb04be8a8d78ea14

    SHA512

    c7622a85034b41197af291b718b27ab594e60d5155ac1664ac94b1093a2cf05e6c27e9099412200abee9130f2fe5dbe71983c3a9a772b65ef2de861c61c5dfbe

    Download Submit

  • C:\Program Files\WinRAR\Rar.txt
    Filesize

    76KB

    MD5

    224586396df8a52aaeabb1f653c50ae7

    SHA1

    d81615ad110ed68389e60b10d14e8d3cf07271e2

    SHA256

    3da007605d5098328c23da5bcc50135645ba6a7c90a8565c5497f8a59e8257b8

    SHA512

    c40728bbf4ab3a2badfbc09c7c2d5da88a78250b9e364d3b00c35aef4bc9d6c52b42493d34ef95b8ef419d828b0efe6cc97b87d955073ff5888bdcd9b80570e1

    Download Submit

  • C:\Program Files\WinRAR\WinRAR.chm
    Filesize

    259KB

    MD5

    e10f2ddc395fa3ba7166c28af16db0a2

    SHA1

    6ce8d95b24a1bba51fcdcd5ab25ea7a4ca74243d

    SHA256

    553336429f414066ccd0ece397ecf286f6efe218c1de2e72c71a335a2cb79bd9

    SHA512

    5341ee8b4823b15b1cc0e01ea04e526e5d4d18471d590e71d81512e9e0855659aa493a4cec4af6a375c78b91381694ae84f1c37f017deca136d8356fb79fb3ef

    Download Submit

  • C:\Program Files\WinRAR\WinRAR.exe
    Filesize

    1.1MB

    MD5

    fdbc0d6979ae4127dd939e030167cb9b

    SHA1

    3cea1a43e9d9a89481318f7febe7daa9aa1e74a2

    SHA256

    7673192f068c9ec011eb9c7dcaff47420035615dae723c5010eee32f9bf8d9ad

    SHA512

    7f569c1770199fc1b02b09f9bd3d64b045240f91f62327d36f533225456fd7a9eddb3ea6a3c8ce75849509636e74e8785b4b8b83c0bd5bbe60531af241e2a18c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\winrar-64Bit-400.exe
    Filesize

    1.5MB

    MD5

    18198f0d8d195bfe22edbdc78ae3c227

    SHA1

    efa8f7aa0484a73d0a0a3195a9a7f231adb4c993

    SHA256

    1703c2c8754c9c1857e3ac1ab399badc1085e7a288007e58348e0e74b677b42e

    SHA512

    25b51d78eee52da53a4249b5f8e81c2f8d8021c40472c9bebc14dae10d3e1712df02b23ceda10639e973456bc81079d609c7b9f359a153a44d63e847e31e7986

    Download Submit

  • C:\Users\Admin\AppData\Roaming\WinRAR\version.dat
    Filesize

    12B

    MD5

    3eaaaa24be561e53ef7de2809e467590

    SHA1

    bdb399ede5d0266a804dac77fef4cf5bd1de3d95

    SHA256

    2f15f52f014e544018bb9723b486d21291b74f1d40fe0179365e13b840cc1b26

    SHA512

    373997bacbc0d7c00dbce9411dc78e8b206fc597febb3bc493af6c0f54d30b495eecb4a9896626b94dc202acde1204ab1434f90c8ac563f2e1c2cb5235636958

    Download Submit

  • \Program Files\WinRAR\Formats\ace.fmt
    Filesize

    92KB

    MD5

    b08de7aa5ec4cc5c8c963dca1c09ba8c

    SHA1

    18525f111c941306b4e90a855ab5fd3d24ed049f

    SHA256

    727221cf41ad5098ab6ce7305598e590b3b42a4cb1bb1d9b225d26902c761796

    SHA512

    1333d7a48678c65f58aef45a84fc2c8b2840b6ce23d13cbac5d343d9dbb76f388772afe72174d3ee2cf927db1b4ad6ad5e9de9adf595e576744f70eb8fdae6f7

    Download Submit

  • \Program Files\WinRAR\Formats\cab.fmt
    Filesize

    65KB

    MD5

    d473360d6b5f6f245a9bc9c56ffe39be

    SHA1

    6ff7238168ba22d3d95120b1ea06431f7961df18

    SHA256

    115dfd965c089c13088c5397e1777a4c1a3a8256ccfdfd76310ef5e95ccf4d52

    SHA512

    98c9590be8b5b8b91b34e617d93eba77e563698aff8b292173bc63c8b724e9b06db38ddb193553796a02911fde980002b79f087bd76687ed39586894cdc50e33

    Download Submit

  • \Program Files\WinRAR\Uninstall.exe
    Filesize

    129KB

    MD5

    732c1d74ffdd9ba7799979005a987e30

    SHA1

    de4ccbbcd853fac05bf7a8d8b274a77bc4b96f72

    SHA256

    292272a23c932ffcd4fa49afc5a0548a72f41c26abb88b0dc656498cdfca5ab0

    SHA512

    8e95d75651ed95213885ecc6490ef8533c155227f8e1d05a212bfef6a7f04d57e8f2b6a118a6a140bc6f33c1f0e251ed4eff05fec2ccb36fcd730fab94b14d00

    Download Submit

  • \Users\Admin\AppData\Local\Temp\App\Winrar.exe
    Filesize

    1.1MB

    MD5

    34aa912defa18c2c129f1e09d75c1d7e

    SHA1

    9c3046324657505a30ecd9b1fdb46c05bde7d470

    SHA256

    6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

    SHA512

    d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

    Download Submit

  • memory/2280-2-0x0000000074AE0000-0x000000007508B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2280-1-0x0000000074AE0000-0x000000007508B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2280-135-0x0000000074AE0000-0x000000007508B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2280-43-0x0000000074AE0000-0x000000007508B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2280-0-0x0000000074AE1000-0x0000000074AE2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2976-18-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-44-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-12-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-27-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-14-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-13-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-25-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-15-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-17-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-16-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-19-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2976-21-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-24-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-23-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2976-10-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download