darkcomet | 0ea3fa5df88df15b8201c18de2f11f942bf6b327f458232511f1edc43292039d

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
21/03/2025, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Size

1.5MB
MD5

8364e860e726367d6d78b13bd3972b67
SHA1

db0daadc7badb43a748c267e1ea9276354f14416
SHA256

0ea3fa5df88df15b8201c18de2f11f942bf6b327f458232511f1edc43292039d
SHA512

4a8bb84593f0624acf0830bf366793b56e1cc4c4a540680ac27644b04cd1239e48f08491871dbd99973f7e3a8e6bdfd418b32609f9a810bac5011fb44cb0fa86
SSDEEP

24576:6vp6xBF77xC6GI8K6FFcY4w1LsTwTRtFS2tWVbRkamUKyJmqv0IM+8CGfHO:6iGIS7BRWwTRXtWRRkUpj0IHfn

Score

10^/10

darkcomet gamer discovery persistence rat themida trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Gamer

avg007.zapto.org:1177

Mutex

DCMIN_MUTEX-7AD3XJ7

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
tTie1MLzrlbp
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

rc4.plain

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\DCSCMIN\\IMDCSC.exe"	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe

Executes dropped EXE 2 IoCs

pid	Process
3016	IMDCSC.exe
2792	IMDCSC.exe

Loads dropped DLL 3 IoCs

pid	Process
2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
3016	IMDCSC.exe

Themida packer 55 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2312-16-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-39-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-41-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-38-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-37-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-36-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-35-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-34-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-32-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-31-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-30-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-29-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-28-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-27-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-25-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-24-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-23-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-22-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-21-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-20-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-43-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-42-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-19-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-18-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-14-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-10-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-8-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-6-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-40-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-33-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-26-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-4-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-17-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-44-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-45-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-46-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-47-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-50-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-52-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-51-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-49-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-48-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2312-66-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-133-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-143-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-142-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-144-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-147-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-148-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-149-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-150-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-151-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-153-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-154-0x0000000000400000-0x0000000000713000-memory.dmp	themida
behavioral1/memory/2792-155-0x0000000000400000-0x0000000000713000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Windows\CurrentVersion\Run\DarkComet RAT = "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\DCSCMIN\\IMDCSC.exe"	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1996 set thread context of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 3016 set thread context of 2792	3016	IMDCSC.exe	32

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IMDCSC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IMDCSC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
2792	IMDCSC.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeSecurityPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeTakeOwnershipPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeLoadDriverPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeSystemProfilePrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeSystemtimePrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeProfSingleProcessPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeIncBasePriorityPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeCreatePagefilePrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeBackupPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeRestorePrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeShutdownPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeDebugPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeSystemEnvironmentPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeChangeNotifyPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeRemoteShutdownPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeUndockPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeManageVolumePrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeImpersonatePrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeCreateGlobalPrivilege	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: 33	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: 34	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: 35	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
Token: SeIncreaseQuotaPrivilege	2792	IMDCSC.exe
Token: SeSecurityPrivilege	2792	IMDCSC.exe
Token: SeTakeOwnershipPrivilege	2792	IMDCSC.exe
Token: SeLoadDriverPrivilege	2792	IMDCSC.exe
Token: SeSystemProfilePrivilege	2792	IMDCSC.exe
Token: SeSystemtimePrivilege	2792	IMDCSC.exe
Token: SeProfSingleProcessPrivilege	2792	IMDCSC.exe
Token: SeIncBasePriorityPrivilege	2792	IMDCSC.exe
Token: SeCreatePagefilePrivilege	2792	IMDCSC.exe
Token: SeBackupPrivilege	2792	IMDCSC.exe
Token: SeRestorePrivilege	2792	IMDCSC.exe
Token: SeShutdownPrivilege	2792	IMDCSC.exe
Token: SeDebugPrivilege	2792	IMDCSC.exe
Token: SeSystemEnvironmentPrivilege	2792	IMDCSC.exe
Token: SeChangeNotifyPrivilege	2792	IMDCSC.exe
Token: SeRemoteShutdownPrivilege	2792	IMDCSC.exe
Token: SeUndockPrivilege	2792	IMDCSC.exe
Token: SeManageVolumePrivilege	2792	IMDCSC.exe
Token: SeImpersonatePrivilege	2792	IMDCSC.exe
Token: SeCreateGlobalPrivilege	2792	IMDCSC.exe
Token: 33	2792	IMDCSC.exe
Token: 34	2792	IMDCSC.exe
Token: 35	2792	IMDCSC.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
3016	IMDCSC.exe
2792	IMDCSC.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 1996 wrote to memory of 2312	1996	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	30
PID 2312 wrote to memory of 3016	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	31
PID 2312 wrote to memory of 3016	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	31
PID 2312 wrote to memory of 3016	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	31
PID 2312 wrote to memory of 3016	2312	JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe	31
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32
PID 3016 wrote to memory of 2792	3016	IMDCSC.exe	32

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
  C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8364e860e726367d6d78b13bd3972b67.exe
  2⤵
  - Modifies WinLogon for persistence
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe
    "C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe
      "C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\DCSCMIN\IMDCSC.exe

Filesize
1.5MB

MD5
8364e860e726367d6d78b13bd3972b67

SHA1
db0daadc7badb43a748c267e1ea9276354f14416

SHA256
0ea3fa5df88df15b8201c18de2f11f942bf6b327f458232511f1edc43292039d

SHA512
4a8bb84593f0624acf0830bf366793b56e1cc4c4a540680ac27644b04cd1239e48f08491871dbd99973f7e3a8e6bdfd418b32609f9a810bac5011fb44cb0fa86

Download Submit
memory/2312-2-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-16-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-39-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-41-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-38-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-37-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-36-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-35-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-34-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-32-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-31-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-30-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-29-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-28-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-27-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-25-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-24-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-23-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-22-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-21-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-20-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-43-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-42-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-19-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-18-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-14-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2312-10-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-8-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-6-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-40-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-33-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-26-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-4-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-17-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-44-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-45-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-46-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-47-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-50-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-52-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-51-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-49-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-48-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2312-66-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-133-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-143-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-142-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-144-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-147-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-148-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-149-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-150-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-151-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-153-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-154-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download
memory/2792-155-0x0000000000400000-0x0000000000713000-memory.dmp

Filesize
3.1MB

Download