darkcomet | 94981406a2aa1c6dc1b198a2281efe4464aa3d9bf9923e7c8bd3e6f81198cd4a

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
18-02-2025 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
Size

1.3MB
MD5

0113bc0a759a370a3fef7c88354cee99
SHA1

6978508b1711a6024d4ba068955b6869ee6be718
SHA256

94981406a2aa1c6dc1b198a2281efe4464aa3d9bf9923e7c8bd3e6f81198cd4a
SHA512

9e6c828f68f64b5f09dd3e5ca0306d3011c73457d0787357a48cdfa41f1cdf84dabb2db52bcb5d6a64c2b44b939aab5e1b74730fbfce1d1b281e264c9369da3c
SSDEEP

24576:1OTeITnkOPoEykf34/fLsl4CG7VBlB85KxCXBv5WmJa4:0T1mEy/hn85E

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

gospish.no-ip.biz:1604

Mutex

DC_MUTEX-3SPJBTE

Attributes

gencode
NsfPWgwSw=/�
install
false
offline_keylogger
false
persistence
false

rc4.plain

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	vbc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	vbc.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe

Executes dropped EXE 2 IoCs

pid	Process
4712	RUNESCAPE ULTIMATE PIN GENERATOR.EXE
3244	RUNESCAPE ULTIMATE PIN GENERATOR.EXE

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Messenger = "\"C:\\Users\\Admin\\AppData\\Roaming\\inid.exe\""	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 452 set thread context of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 4032 set thread context of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RUNESCAPE ULTIMATE PIN GENERATOR.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RUNESCAPE ULTIMATE PIN GENERATOR.EXE

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	vbc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	vbc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vbc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	vbc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	vbc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	vbc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vbc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	vbc.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	vbc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	vbc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeDebugPrivilege	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
Token: SeDebugPrivilege	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
Token: SeIncreaseQuotaPrivilege	1776	vbc.exe
Token: SeSecurityPrivilege	1776	vbc.exe
Token: SeTakeOwnershipPrivilege	1776	vbc.exe
Token: SeLoadDriverPrivilege	1776	vbc.exe
Token: SeSystemProfilePrivilege	1776	vbc.exe
Token: SeSystemtimePrivilege	1776	vbc.exe
Token: SeProfSingleProcessPrivilege	1776	vbc.exe
Token: SeIncBasePriorityPrivilege	1776	vbc.exe
Token: SeCreatePagefilePrivilege	1776	vbc.exe
Token: SeBackupPrivilege	1776	vbc.exe
Token: SeRestorePrivilege	1776	vbc.exe
Token: SeShutdownPrivilege	1776	vbc.exe
Token: SeDebugPrivilege	1776	vbc.exe
Token: SeSystemEnvironmentPrivilege	1776	vbc.exe
Token: SeChangeNotifyPrivilege	1776	vbc.exe
Token: SeRemoteShutdownPrivilege	1776	vbc.exe
Token: SeUndockPrivilege	1776	vbc.exe
Token: SeManageVolumePrivilege	1776	vbc.exe
Token: SeImpersonatePrivilege	1776	vbc.exe
Token: SeCreateGlobalPrivilege	1776	vbc.exe
Token: 33	1776	vbc.exe
Token: 34	1776	vbc.exe
Token: 35	1776	vbc.exe
Token: 36	1776	vbc.exe
Token: SeIncreaseQuotaPrivilege	3232	vbc.exe
Token: SeSecurityPrivilege	3232	vbc.exe
Token: SeTakeOwnershipPrivilege	3232	vbc.exe
Token: SeLoadDriverPrivilege	3232	vbc.exe
Token: SeSystemProfilePrivilege	3232	vbc.exe
Token: SeSystemtimePrivilege	3232	vbc.exe
Token: SeProfSingleProcessPrivilege	3232	vbc.exe
Token: SeIncBasePriorityPrivilege	3232	vbc.exe
Token: SeCreatePagefilePrivilege	3232	vbc.exe
Token: SeBackupPrivilege	3232	vbc.exe
Token: SeRestorePrivilege	3232	vbc.exe
Token: SeShutdownPrivilege	3232	vbc.exe
Token: SeDebugPrivilege	3232	vbc.exe
Token: SeSystemEnvironmentPrivilege	3232	vbc.exe
Token: SeChangeNotifyPrivilege	3232	vbc.exe
Token: SeRemoteShutdownPrivilege	3232	vbc.exe
Token: SeUndockPrivilege	3232	vbc.exe
Token: SeManageVolumePrivilege	3232	vbc.exe
Token: SeImpersonatePrivilege	3232	vbc.exe
Token: SeCreateGlobalPrivilege	3232	vbc.exe
Token: 33	3232	vbc.exe
Token: 34	3232	vbc.exe
Token: 35	3232	vbc.exe
Token: 36	3232	vbc.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 1776	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	87
PID 452 wrote to memory of 4032	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	88
PID 452 wrote to memory of 4032	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	88
PID 452 wrote to memory of 4032	452	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	88
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 4032 wrote to memory of 3232	4032	JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe	89
PID 3232 wrote to memory of 4712	3232	vbc.exe	90
PID 3232 wrote to memory of 4712	3232	vbc.exe	90
PID 3232 wrote to memory of 4712	3232	vbc.exe	90
PID 1776 wrote to memory of 3244	1776	vbc.exe	91
PID 1776 wrote to memory of 3244	1776	vbc.exe	91
PID 1776 wrote to memory of 3244	1776	vbc.exe	91

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Checks BIOS information in registry
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\RUNESCAPE ULTIMATE PIN GENERATOR.EXE
    "C:\Users\Admin\AppData\Local\Temp\RUNESCAPE ULTIMATE PIN GENERATOR.EXE"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3244
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0113bc0a759a370a3fef7c88354cee99.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4032
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    3⤵
    - Checks BIOS information in registry
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\RUNESCAPE ULTIMATE PIN GENERATOR.EXE
      "C:\Users\Admin\AppData\Local\Temp\RUNESCAPE ULTIMATE PIN GENERATOR.EXE"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RUNESCAPE ULTIMATE PIN GENERATOR.EXE

Filesize
158KB

MD5
4647f89054afa2db4446d0c7a38ccd23

SHA1
23a356d108c10a4a57dc701fefbedba0a5aa23c7

SHA256
477a7ea7a5b570917515548fcad6afd66b3aa5030735300c0d11cc7204b9261c

SHA512
2edc1de41b49720d1f45768e654d684447a1248ed8a46530f5ce9c3978bf46a9d5b86d6210d3b81272bb626784129f273e1d8802b8bbe825f2a84a4c1ec9e560

Download Submit
C:\Users\Admin\AppData\Roaming\inid.exe

Filesize
1.3MB

MD5
0113bc0a759a370a3fef7c88354cee99

SHA1
6978508b1711a6024d4ba068955b6869ee6be718

SHA256
94981406a2aa1c6dc1b198a2281efe4464aa3d9bf9923e7c8bd3e6f81198cd4a

SHA512
9e6c828f68f64b5f09dd3e5ca0306d3011c73457d0787357a48cdfa41f1cdf84dabb2db52bcb5d6a64c2b44b939aab5e1b74730fbfce1d1b281e264c9369da3c

Download Submit
memory/452-1-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/452-2-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/452-39-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/452-38-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/452-37-0x0000000074772000-0x0000000074773000-memory.dmp

Filesize
4KB

Download
memory/452-0-0x0000000074772000-0x0000000074773000-memory.dmp

Filesize
4KB

Download
memory/1776-31-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-47-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-13-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-56-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-16-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-55-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-54-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-53-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-52-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-51-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-30-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-50-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-49-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-48-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-46-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-6-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-4-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-5-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-45-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-44-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-42-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1776-43-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/3232-17-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/3232-34-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/3232-18-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4032-40-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/4032-15-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/4032-7-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/4032-41-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/4712-32-0x0000000004E70000-0x0000000004E7A000-memory.dmp

Filesize
40KB

Download
memory/4712-28-0x0000000005380000-0x0000000005924000-memory.dmp

Filesize
5.6MB

Download
memory/4712-27-0x0000000004D30000-0x0000000004DCC000-memory.dmp

Filesize
624KB

Download
memory/4712-26-0x0000000000450000-0x0000000000480000-memory.dmp

Filesize
192KB

Download
memory/4712-29-0x0000000004DD0000-0x0000000004E62000-memory.dmp

Filesize
584KB

Download
memory/4712-33-0x0000000005020000-0x0000000005076000-memory.dmp

Filesize
344KB

Download