darkcomet | 21a8bcc1b3175e1388f76c38f9c9ca55815989f9d8cb81139ea9033b467dbbf8

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16/03/2025, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
Size

2.3MB
MD5

79177807ca02ab91118156ed7da95cb1
SHA1

03eeaca2b6f69044fbec25324ac184b44a135e59
SHA256

21a8bcc1b3175e1388f76c38f9c9ca55815989f9d8cb81139ea9033b467dbbf8
SHA512

0bacdc44c2706ece383b09f4f52a69ad943235a9bc520711cfe919d8804d14121fb14fcc92318e8f7e314678b1225e4d0faf66cfc8e04267509339e8bfdc22d8
SSDEEP

49152:5GNXcWomAEPyHL2Bt0CE5T5b1bqqKGbo+ik/MdXlLIbGkssf+qI:5GNsZmAEPvoCGT1lx/MdVLwGfslI

Score

10^/10

darkcomet latentbot fortune bypass defense_evasion discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Fortune Bypass

duckling232.zapto.org:100

Mutex

DC_MUTEX-57EV568

Attributes

gencode
+w9i6zlUS#k1
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

latentbot

duckling232.zapto.org

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot

Executes dropped EXE 5 IoCs

pid	Process
2264	ƳǣպƱƒ.exe
2636	svchost.exe
2724	EpicBotCracked 520.exe
1712	EpicBotCracked 520.exe
864	cookieman.exe

Loads dropped DLL 5 IoCs

pid	Process
2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
2724	EpicBotCracked 520.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Essentials = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MsMpEng.exe"	ƳǣպƱƒ.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicBotCracked 520.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicBotCracked 520.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2788 set thread context of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ƳǣպƱƒ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EpicBotCracked 520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EpicBotCracked 520.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	EpicBotCracked 520.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2724	EpicBotCracked 520.exe
2724	EpicBotCracked 520.exe
1712	EpicBotCracked 520.exe
1712	EpicBotCracked 520.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1712	EpicBotCracked 520.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: SeDebugPrivilege	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
Token: SeIncreaseQuotaPrivilege	2636	svchost.exe
Token: SeSecurityPrivilege	2636	svchost.exe
Token: SeTakeOwnershipPrivilege	2636	svchost.exe
Token: SeLoadDriverPrivilege	2636	svchost.exe
Token: SeSystemProfilePrivilege	2636	svchost.exe
Token: SeSystemtimePrivilege	2636	svchost.exe
Token: SeProfSingleProcessPrivilege	2636	svchost.exe
Token: SeIncBasePriorityPrivilege	2636	svchost.exe
Token: SeCreatePagefilePrivilege	2636	svchost.exe
Token: SeBackupPrivilege	2636	svchost.exe
Token: SeRestorePrivilege	2636	svchost.exe
Token: SeShutdownPrivilege	2636	svchost.exe
Token: SeDebugPrivilege	2636	svchost.exe
Token: SeSystemEnvironmentPrivilege	2636	svchost.exe
Token: SeChangeNotifyPrivilege	2636	svchost.exe
Token: SeRemoteShutdownPrivilege	2636	svchost.exe
Token: SeUndockPrivilege	2636	svchost.exe
Token: SeManageVolumePrivilege	2636	svchost.exe
Token: SeImpersonatePrivilege	2636	svchost.exe
Token: SeCreateGlobalPrivilege	2636	svchost.exe
Token: 33	2636	svchost.exe
Token: 34	2636	svchost.exe
Token: 35	2636	svchost.exe
Token: SeIncreaseQuotaPrivilege	1712	EpicBotCracked 520.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1712	EpicBotCracked 520.exe
1712	EpicBotCracked 520.exe
2636	svchost.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2748	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	30
PID 2788 wrote to memory of 2748	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	30
PID 2788 wrote to memory of 2748	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	30
PID 2788 wrote to memory of 2748	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	30
PID 2748 wrote to memory of 2832	2748	csc.exe	32
PID 2748 wrote to memory of 2832	2748	csc.exe	32
PID 2748 wrote to memory of 2832	2748	csc.exe	32
PID 2748 wrote to memory of 2832	2748	csc.exe	32
PID 2788 wrote to memory of 2264	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	33
PID 2788 wrote to memory of 2264	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	33
PID 2788 wrote to memory of 2264	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	33
PID 2788 wrote to memory of 2264	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	33
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2636	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	34
PID 2788 wrote to memory of 2724	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	35
PID 2788 wrote to memory of 2724	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	35
PID 2788 wrote to memory of 2724	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	35
PID 2788 wrote to memory of 2724	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	35
PID 2788 wrote to memory of 2724	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	35
PID 2788 wrote to memory of 2724	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	35
PID 2788 wrote to memory of 2724	2788	JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe	35
PID 2724 wrote to memory of 1712	2724	EpicBotCracked 520.exe	36
PID 2724 wrote to memory of 1712	2724	EpicBotCracked 520.exe	36
PID 2724 wrote to memory of 1712	2724	EpicBotCracked 520.exe	36
PID 2724 wrote to memory of 1712	2724	EpicBotCracked 520.exe	36
PID 2724 wrote to memory of 1712	2724	EpicBotCracked 520.exe	36
PID 2724 wrote to memory of 1712	2724	EpicBotCracked 520.exe	36
PID 2724 wrote to memory of 1712	2724	EpicBotCracked 520.exe	36

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_79177807ca02ab91118156ed7da95cb1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gsdh4vq0.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8BDC.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8BDB.tmp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2832
- C:\Users\Admin\AppData\Local\Temp\ƳǣպƱƒ.exe
  "C:\Users\Admin\AppData\Local\Temp\ƳǣպƱƒ.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:2264
- C:\Users\Admin\AppData\Local\Temp\svchost.exe
  C:\Users\Admin\AppData\Local\Temp\svchost.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2636
- C:\Users\Admin\AppData\Local\Temp\EpicBotCracked 520.exe
  "C:\Users\Admin\AppData\Local\Temp\EpicBotCracked 520.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\EpicBotCracked 520.exe
    "C:\Users\Admin\AppData\Local\Temp\EpicBotCracked 520.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_52f2c23a0"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1712
  - - C:\Users\Admin\AppData\LocalLow\cookieman.exe
      "C:\Users\Admin\AppData\LocalLow\cookieman.exe" /mode=read installiq.com
      4⤵
      Executes dropped EXE
      PID:864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\cookie.ini

Filesize
34B

MD5
3f4519b56cb1e006dfe4341e72112913

SHA1
0ff5675d359c898b6a6bdc1dff10f71097bc9927

SHA256
125adf4924899f2026436c0919853bb78b718c7cb6f2187148b01938b79388a2

SHA512
78c0961f0828f32032c643f0e6ab59d1ca8b96bb891a74b0b255e1a1a63a0c581f486e9e16b070399e6365d1fb53464eb2b723932480b41a2df5e9f1eb89ab40

Download Submit
C:\Users\Admin\AppData\LocalLow\cookieman.exe

Filesize
45KB

MD5
a454a73e220aaff19b302365e2ffc566

SHA1
19821874dce5c11e5963fdb5a2a990694ef474dd

SHA256
89285bd50134b0b1844c6e1bdf541cd104639de1b170d492e76562fc2f80763d

SHA512
645988bde2e0a75e16c0fa5b12ee6fd7e632443be7c4df5ae0842230398b81d2e6fe04707f2413bb98e901a606a3a6a8d1e74a7fef6e89935afa944e561b4bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\EpicBotCracked 520.exe

Filesize
1.6MB

MD5
8964bf8a3bd9e77e49ff8c90e3a0d14d

SHA1
461d19ef136235f23f8ffb5adc74a6e9aa59df10

SHA256
348ac5a4e71e8cc077b5d08acfaa6b53d2d4f38d46613569b52e6254b407ff7a

SHA512
c1dbce797cf891ff3650846c4ea1bd104bab44dddb7d07484ad00fcb06bd36c14227065229b224a681bf5d1d94fd3fbc85182ff3d2cf627cecc3cadc76f6533c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES8BDC.tmp

Filesize
1KB

MD5
b3605e4a00cba2e13a2a3e142bfd3e49

SHA1
716c91da5582312291f46835a799b9463190fee0

SHA256
d6d3ab250a19b73f7828a28bbd3f288be6ee4854efb40abaf7742df76341674c

SHA512
fe3f9e4356d2444b20b248b81b5cc1ec07644bf7beacb366b261add84ece46bd29a9a8c3ba10f38b41b299ec13562410e54f34a3324810d2d30a01e55bc041fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_52f2c23a0\autorun.txt

Filesize
114B

MD5
c819368178ce1e40fd55c813340a597a

SHA1
81aef3fd883c52de4fe211f3e43f70137cbccdf6

SHA256
1334449583ff7823df9ba97e57bed51eaaba21eed4551e25b07794f1d48c3e31

SHA512
753ce58ed7b76de63f8d68bf95949dfd772e805d0ab514f2706d72b2d504fb53e9beadaed0d34d933fee4f98d3ea13172c8b3a0e391bcab639c3d70003ec71a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_52f2c23a0\wrapper.xml

Filesize
942B

MD5
5c292748257ad5905629464778294451

SHA1
60881f97bf759d87c42fe388d35aca0f8d2164f4

SHA256
ef43feb50e5bb1775195ca8c44f2af90661a6c06703c0a70c8e191bf9931c1a8

SHA512
b1769d551421f119f92b62e5717565bb72e41f0288a0cc6f81621fd3a540dfc5370c7944c106499a0b474f50eeb6be8dbee5d3dc2618a8802ac90b73fde7aaca

Download Submit
C:\Users\Admin\AppData\Local\Temp\ƳǣպƱƒ.exe

Filesize
4KB

MD5
482232894ceb8e4ea8020a6bbb5a63db

SHA1
d834d0b812c2a4c4c05ec97b55ef23e6d3fe7d9b

SHA256
3a530b008c461b4213a2ea3d9025180a71d9d84c2bbfc8d6ebd4805637349cef

SHA512
f8adf919be69c672d800dc059bfc372265050dfaf22edccb6cd3638231b0ded1d1db7fb3c0723ceb1e39e44918376702ad9d2a9a18d3257a5b086493024c2695

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC8BDB.tmp

Filesize
636B

MD5
27b71e0b64e514653bf6a5682ace29e2

SHA1
87104c1ead6310c7b5c94a42aeaaa970f487f509

SHA256
e9514606a14bf12a938b47e129f6d0850bd6430f11079b19d6f07ec07d5a221e

SHA512
7d867527ceb96aae747f74794bead9e9a5759b5ed2e9be78889338792ef184c9d0ad818544c339d3a5f73581c70c2703e35b4c221fcd3694e4a664463adf779d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\gsdh4vq0.0.cs

Filesize
1KB

MD5
aa0bbfcea85c7590ea7c15f3e9d033b1

SHA1
8022ff3f723b7372d4dd39dc6611e489466e7fd9

SHA256
5b2ee2df80bdd2999b28a576052439d18de2d47c893b21ed062b86edf03910c3

SHA512
3e3ff768d598b8ee6e09b4bc3b9d27f51b15c99b25b01fe2fdee308396010dbec1756114ba9a933aa4697c6283e582d6e140832e602dff41cf81ce4274b1a6fa

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\gsdh4vq0.cmdline

Filesize
263B

MD5
a434c17728d1edb929bca77786053b80

SHA1
04cf811651976458011649777e51718e441d44d5

SHA256
380822f5b30349456bfba1bfe0a92fa8c82007dd8e8395ea8ff4365280d0b504

SHA512
b78d859c09940b2a0532c9366d2d6f23753106e64fed10f7755c91c6ab4ff101f0f3d173dc6bdf66811a814d680b48339d052ec5ccd83a65bc8547be691a4646

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
31KB

MD5
ed797d8dc2c92401985d162e42ffa450

SHA1
0f02fc517c7facc4baefde4fe9467fb6488ebabe

SHA256
b746362010a101cb5931bc066f0f4d3fc740c02a68c1f37fc3c8e6c87fd7cb1e

SHA512
e831a6ff987f3ef29982da16afad06938b68eddd43c234ba88d1c96a1b5547f2284baf35cbb3a5bfd75e7f0445d14daa014e0ba00b4db72c67f83f0a314c80c2

Download Submit
memory/2636-33-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-130-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-42-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-41-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2636-37-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-39-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-138-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-137-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-52-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-136-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-35-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-135-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-31-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-29-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-27-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-25-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-105-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-104-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-134-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-133-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-125-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-126-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-127-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-128-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-129-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-45-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-131-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2636-132-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/2748-8-0x0000000074A50000-0x0000000074FFB000-memory.dmp

Filesize
5.7MB

Download
memory/2748-15-0x0000000074A50000-0x0000000074FFB000-memory.dmp

Filesize
5.7MB

Download
memory/2788-1-0x0000000074A50000-0x0000000074FFB000-memory.dmp

Filesize
5.7MB

Download
memory/2788-2-0x0000000074A50000-0x0000000074FFB000-memory.dmp

Filesize
5.7MB

Download
memory/2788-0-0x0000000074A51000-0x0000000074A52000-memory.dmp

Filesize
4KB

Download
memory/2788-51-0x0000000074A50000-0x0000000074FFB000-memory.dmp

Filesize
5.7MB

Download