darkcomet | 29e7af74c058023ada93e20484abf4c4e56e9d97d2b95bd61d6afcd9bfa042e0

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe
Size

774KB
MD5

80b57fded2545f6117d2bb61c4f1abc3
SHA1

0759097ed2ffdf783d6d62aecdee4cac62a917c3
SHA256

29e7af74c058023ada93e20484abf4c4e56e9d97d2b95bd61d6afcd9bfa042e0
SHA512

de9f1ab6ffd7c9c3def72e6f512387b2132a6e36c69f5b5d3fada6af21c74a373fbc8639c140f23a4e8b43c67efe0f06100bb84e231c7556af8f86956eff2590
SSDEEP

12288:nLneYlTwlTdwjfzDROheKRPtbQtzSSG/5NhFrJQMaL2Evn0vCNC1X4hWHw9v:nLF2mBOhe+CC51JQfvn0lREgw

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

fifou-rien.sytes.net:1604

Mutex

DC_MUTEX-QM0YRRP

Attributes

gencode
Gq$T�9niz*CK
install
false
offline_keylogger
false
persistence
false

rc4.plain

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe

Executes dropped EXE 3 IoCs

pid	Process
5428	crss.exe
768	rrMOO.exe
3728	BRDej1.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSE = "C:\\Users\\Admin\\AppData\\Local\\Temp\\javaw.exe"	crss.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4652 set thread context of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	crss.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rrMOO.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRDej1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe
3728	BRDej1.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeDebugPrivilege	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe
Token: SeIncreaseQuotaPrivilege	768	rrMOO.exe
Token: SeSecurityPrivilege	768	rrMOO.exe
Token: SeTakeOwnershipPrivilege	768	rrMOO.exe
Token: SeLoadDriverPrivilege	768	rrMOO.exe
Token: SeSystemProfilePrivilege	768	rrMOO.exe
Token: SeSystemtimePrivilege	768	rrMOO.exe
Token: SeProfSingleProcessPrivilege	768	rrMOO.exe
Token: SeIncBasePriorityPrivilege	768	rrMOO.exe
Token: SeCreatePagefilePrivilege	768	rrMOO.exe
Token: SeBackupPrivilege	768	rrMOO.exe
Token: SeRestorePrivilege	768	rrMOO.exe
Token: SeShutdownPrivilege	768	rrMOO.exe
Token: SeDebugPrivilege	768	rrMOO.exe
Token: SeSystemEnvironmentPrivilege	768	rrMOO.exe
Token: SeChangeNotifyPrivilege	768	rrMOO.exe
Token: SeRemoteShutdownPrivilege	768	rrMOO.exe
Token: SeUndockPrivilege	768	rrMOO.exe
Token: SeManageVolumePrivilege	768	rrMOO.exe
Token: SeImpersonatePrivilege	768	rrMOO.exe
Token: SeCreateGlobalPrivilege	768	rrMOO.exe
Token: 33	768	rrMOO.exe
Token: 34	768	rrMOO.exe
Token: 35	768	rrMOO.exe
Token: 36	768	rrMOO.exe
Token: SeDebugPrivilege	3728	BRDej1.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 2592	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	85
PID 4652 wrote to memory of 2592	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	85
PID 4652 wrote to memory of 2592	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	85
PID 2592 wrote to memory of 5168	2592	csc.exe	88
PID 2592 wrote to memory of 5168	2592	csc.exe	88
PID 2592 wrote to memory of 5168	2592	csc.exe	88
PID 4652 wrote to memory of 5428	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	90
PID 4652 wrote to memory of 5428	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	90
PID 4652 wrote to memory of 5428	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	90
PID 4652 wrote to memory of 3736	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	91
PID 4652 wrote to memory of 3736	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	91
PID 4652 wrote to memory of 3736	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	91
PID 3736 wrote to memory of 2064	3736	csc.exe	93
PID 3736 wrote to memory of 2064	3736	csc.exe	93
PID 3736 wrote to memory of 2064	3736	csc.exe	93
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 768	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	94
PID 4652 wrote to memory of 3728	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	95
PID 4652 wrote to memory of 3728	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	95
PID 4652 wrote to memory of 3728	4652	JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe	95

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_80b57fded2545f6117d2bb61c4f1abc3.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zvmh0s9k.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5B02.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5B01.tmp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5168
- C:\Users\Admin\AppData\Local\Temp\crss.exe
  "C:\Users\Admin\AppData\Local\Temp\crss.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:5428
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\65sh8sze.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3736
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5E0F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5E0E.tmp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2064
- C:\Users\Admin\AppData\Local\Temp\rrMOO.exe
  C:\Users\Admin\AppData\Local\Temp\rrMOO.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:768
- C:\Users\Admin\AppData\Local\Temp\BRDej1.exe
  "C:\Users\Admin\AppData\Local\Temp\BRDej1.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BRDej1.exe

Filesize
20KB

MD5
ce134196dbc8a7a627a0e88fe272f9d0

SHA1
2282c2567c1ae2b6af291090e247aeca771c462c

SHA256
b155f73d9698e0021541cb973b3f5d7f3ab0e90fd4cb7b4b0cad6e40ad1f6f5f

SHA512
e59aff0d0392b65996041cb0faa3a69d9feec65ebc120e8a50fc731d1f78f0210855803f693f4c33215c42f693989e37971e7db6648c5281307e86646627df50

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES5B02.tmp

Filesize
1KB

MD5
6eed3b8d0db0cd8846dcc4470f0a4e98

SHA1
0cf89db3de178211861eff26fd273d73484d290b

SHA256
510c22145be93d0dfc2f92e4bcae2d8f55926c5958b7db780d49e7d8cb38b405

SHA512
464b1fa247a9ba85659b039f1566c91bd1e684547400ffe22f986b5ba1a04367c18d16f06549a525993f778347934efd9b10a6c2878182aa800543e865e5747a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES5E0F.tmp

Filesize
1KB

MD5
b0d2cc10ca87c4d1fa3f7e12b67ce585

SHA1
6a386dfc3083772055407d82f79d3e57a79a9fc2

SHA256
42660096bb2237f510c73e56768193087ea6785538751a0edaa3f90386e6ece2

SHA512
bf6c6f3f14184008254d88051a5c560373730f5f2f9c50bcaf1704c463c436204116013be550294bdfadd60065ad25ce744f74893aa11cb75f8f64de2f71bdaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\crss.exe

Filesize
4KB

MD5
04b83be42d7181ba0eee8365522fe932

SHA1
761bcff88575ca4fae658f785b7c5d6c86cb5be3

SHA256
d11b6025a1e13e8f7e5cccb654ab742e4a048b4eb63453d85c6df84aabd49cae

SHA512
10418ca164eea468588659392ebcbec16245b1ad3c484af4be34b459615ba43f7eec205dd6c72fafa31859a89ba50b35063f7069576ac42f3503f29825ed4121

Download Submit
C:\Users\Admin\AppData\Local\Temp\rrMOO.exe

Filesize
34KB

MD5
e118330b4629b12368d91b9df6488be0

SHA1
ce90218c7e3b90df2a3409ec253048bb6472c2fd

SHA256
3a0f2936b8c45e8ba3458d69d7859a63844469e698652e15fb56639d32f40cc9

SHA512
ac91c04cb20223dbaaf594440cb778dff36e857921be427c8528ba4c6cdb3e8bf8e71e1ae8af7bde9c04ff5b97b379231625bc1a2b66aba2f98cd340cd8a94b0

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\65sh8sze.0.cs

Filesize
4KB

MD5
72e04b4d33b14457e99ee8f0b63e28d4

SHA1
6a90e5fdaf6987c00cce301fc3106d62d8d31d5e

SHA256
ffbe8995651b8801572eca15ee19fa7c55c5b17b42c8e7e49dcc8f2f14c73de6

SHA512
17f3ebfa9da8300386bfe2769d2dbf6b65fa9b6fb9b0b33c1a4e9a52d24d9535611c5c1fb2e657bc1df89e0133f53232f1f4392985c80affb3ea7c1a35f82a92

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\65sh8sze.cmdline

Filesize
319B

MD5
de878d08def9505956431d23f333ccf0

SHA1
5a267c8746a89a777cadce899117afaf6d6577ed

SHA256
87bad452042a6fe2d6555e4a30d376848eba02e169583d123d9ea63d7e12913e

SHA512
54da0fb3927cf7841c1d2f20b41dd6a3b18119cbdbc56620545440a5c0f3154e3e51cdac4608347a7ed98205b47bb4498c009bb01d254180cfc29f01fd8cf293

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC5B01.tmp

Filesize
636B

MD5
c8c25f9346d8f994362fd8112f852c56

SHA1
a2697059cc8f7b3ae707d7728eaa87b93938371d

SHA256
67ab7a6bf53032421711a620f7897305c05d28ff24434fc2abf0f43ccba6c7a1

SHA512
cc07a8719de0ab4a356d689cc51bb47a629d388dca1a57bf32fff4b8f2354b05ec7b38d015516f7387e4448cebe3239400ffa207f690f2a92e5df1823d2bb7f3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC5E0E.tmp

Filesize
644B

MD5
cf3aba5f9a0eb4d13aa6deff24496b3e

SHA1
058ff65be7a45daa06156a78ad17c0780db19b63

SHA256
5b3bcaaaa5b6a9e1a8124ffeb49c9a40fd892d2322ec096f253db9390b47626c

SHA512
e1024c204d3990d7409087d2491df5b01806cd173564db028e19e6e8a81f7a27550978911c11fe36fc12c994cb3798d5486a23e5d80a699f5ffc882c691efcd5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\resource.resources

Filesize
15KB

MD5
743ca8ab205b33dc0db664158142f1fb

SHA1
11abed72e6e441fc66186d6e539875b1180ac44e

SHA256
71cde899f4b695bbf35fc606e9ea2ab65ad58a5d7fb31403abfbba2175da0f36

SHA512
6accfee833cce9d9994b17fc5740461ff27555f239c35c6b862b40592e233545f8e8f55fb6edf28c8734543bcfa3bc0a9b810907f21fb1efc8c9d824080d3dd9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zvmh0s9k.0.cs

Filesize
1KB

MD5
69f0076b82b8f15f22c3a20e0a1b1645

SHA1
ca6eca9e20380f86c4dc97af6e2fe3794d66df7f

SHA256
cb972c445e5d5db444eb74294bcec10b305c196fbd36ec16df76cd503df68839

SHA512
001059096ed771fb132a799fb4b1fd401b4ad95dfc65a3e57fbf9c418792c8ee7a7ddb2714b070809b6782d3c3e5d76677c2e13083a6dbed87f1c709263259f0

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\zvmh0s9k.cmdline

Filesize
257B

MD5
8c296ddefd82e62ae6dfa8b58db89716

SHA1
a3e52caf5d201787c1e73091ab97aecc3dd4cae7

SHA256
7a169ede321736f30ffd6172cfb171e44db2d8cff7bc6e9b29163a9b6d18b443

SHA512
59336b971e25048986a37e4c06f46e78b2acd4236b550bcb0f20a3df7d42556a1c9d9de525883cb65a4918cfa575b2b82c547d87f22cdcab9b07f1edd844a92c

Download Submit
memory/768-55-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-62-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-67-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-66-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-59-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-58-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-57-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-56-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-65-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-64-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-45-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-47-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-42-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-50-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-49-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-63-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-60-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-54-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/768-61-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/2592-8-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/2592-15-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/3736-37-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/3736-32-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/4652-2-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/4652-0-0x0000000075472000-0x0000000075473000-memory.dmp

Filesize
4KB

Download
memory/4652-52-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/4652-1-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/4652-26-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/5428-53-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/5428-20-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download
memory/5428-21-0x0000000075470000-0x0000000075A21000-memory.dmp

Filesize
5.7MB

Download