darkcomet | 8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
Size

520KB
MD5

42bf129f0e8e8684a73343957010c260
SHA1

08a53f4ec0df529165714bad851c348d064bf18d
SHA256

8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001
SHA512

b370798551811e508a96d0fbf71f796f38a272ac6b31269a358d4325d1a0de4499b6d068d826dd51eba6a7dd59d9b20e643407a39ab2169283fc3421d82df022
SSDEEP

6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbQ:f9fC3hh29Ya77A90aFtDfT5IMbQ

Score

10^/10

darkcomet privateeye persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

PrivateEye

ratblackshades.no-ip.biz:1604

Mutex

DC_MUTEX-ACC1R98

Attributes

gencode
8GG5LVVGljSF
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 3 IoCs

Processes:

winupd.exewinupd.exewinupd.exe

pid process

2604 winupd.exe
2784 winupd.exe
2304 winupd.exe
Loads dropped DLL 2 IoCs

Processes:

8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe

pid process

2120 8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
2120 8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe

pid	process
2604	winupd.exe
2784	winupd.exe
2304	winupd.exe

pid	process
2120	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
2120	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2304-51-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-56-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-60-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-58-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-53-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-73-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-70-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-71-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-72-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-75-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-74-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-80-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-81-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-82-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-83-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-84-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-85-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-86-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-87-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-88-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-89-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-90-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-91-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-92-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-93-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2304-94-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdate = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\winupd.exe -notray"	reg.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exewinupd.exe

description	pid	process	target process
PID 1620 set thread context of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 2604 set thread context of 2784	2604	winupd.exe	winupd.exe
PID 2604 set thread context of 2304	2604	winupd.exe	winupd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

2456 ipconfig.exe
Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2684 reg.exe

pid	process
2456	ipconfig.exe

pid	process
2684	reg.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

winupd.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2304	winupd.exe
Token: SeSecurityPrivilege	2304	winupd.exe
Token: SeTakeOwnershipPrivilege	2304	winupd.exe
Token: SeLoadDriverPrivilege	2304	winupd.exe
Token: SeSystemProfilePrivilege	2304	winupd.exe
Token: SeSystemtimePrivilege	2304	winupd.exe
Token: SeProfSingleProcessPrivilege	2304	winupd.exe
Token: SeIncBasePriorityPrivilege	2304	winupd.exe
Token: SeCreatePagefilePrivilege	2304	winupd.exe
Token: SeBackupPrivilege	2304	winupd.exe
Token: SeRestorePrivilege	2304	winupd.exe
Token: SeShutdownPrivilege	2304	winupd.exe
Token: SeDebugPrivilege	2304	winupd.exe
Token: SeSystemEnvironmentPrivilege	2304	winupd.exe
Token: SeChangeNotifyPrivilege	2304	winupd.exe
Token: SeRemoteShutdownPrivilege	2304	winupd.exe
Token: SeUndockPrivilege	2304	winupd.exe
Token: SeManageVolumePrivilege	2304	winupd.exe
Token: SeImpersonatePrivilege	2304	winupd.exe
Token: SeCreateGlobalPrivilege	2304	winupd.exe
Token: 33	2304	winupd.exe
Token: 34	2304	winupd.exe
Token: 35	2304	winupd.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exewinupd.exewinupd.exewinupd.exe

pid	process
1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
2120	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
2604	winupd.exe
2784	winupd.exe
2304	winupd.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exewinupd.exewinupd.exeipconfig.execmd.exe

description	pid	process	target process
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 1620 wrote to memory of 2120	1620	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
PID 2120 wrote to memory of 2604	2120	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	winupd.exe
PID 2120 wrote to memory of 2604	2120	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	winupd.exe
PID 2120 wrote to memory of 2604	2120	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	winupd.exe
PID 2120 wrote to memory of 2604	2120	8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2784	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2604 wrote to memory of 2304	2604	winupd.exe	winupd.exe
PID 2784 wrote to memory of 2456	2784	winupd.exe	ipconfig.exe
PID 2784 wrote to memory of 2456	2784	winupd.exe	ipconfig.exe
PID 2784 wrote to memory of 2456	2784	winupd.exe	ipconfig.exe
PID 2784 wrote to memory of 2456	2784	winupd.exe	ipconfig.exe
PID 2784 wrote to memory of 2456	2784	winupd.exe	ipconfig.exe
PID 2784 wrote to memory of 2456	2784	winupd.exe	ipconfig.exe
PID 2456 wrote to memory of 1360	2456	ipconfig.exe	cmd.exe
PID 2456 wrote to memory of 1360	2456	ipconfig.exe	cmd.exe
PID 2456 wrote to memory of 1360	2456	ipconfig.exe	cmd.exe
PID 2456 wrote to memory of 1360	2456	ipconfig.exe	cmd.exe
PID 1360 wrote to memory of 2684	1360	cmd.exe	reg.exe
PID 1360 wrote to memory of 2684	1360	cmd.exe	reg.exe
PID 1360 wrote to memory of 2684	1360	cmd.exe	reg.exe
PID 1360 wrote to memory of 2684	1360	cmd.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620

C:\Users\Admin\AppData\Local\Temp\8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8e41a1f9b8d1af6933a29a5864130f5d9f30dd8a8bd6571cd208fc20db473001_NeikiAnalytics.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe -notray
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\system32\ipconfig.exe"
5⤵
- Gathers network information
- Suspicious use of WriteProcessMemory
PID:2456

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VXNHAFMV.bat" "
6⤵
- Suspicious use of WriteProcessMemory
PID:1360

C:\Windows\SysWOW64\reg.exe
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v WinUpdate /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe -notray" /f
7⤵
- Adds Run key to start application
- Modifies registry key
PID:2684

C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2304

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VXNHAFMV.bat
Filesize
151B

MD5
cac890d00365d07b9ca89def17cc3a36

SHA1
6fa99679ede791c16b5d3e6d243a98e8bbdb7eab

SHA256
4f98ddee89760080a5c8a93666d2f5c97be52b741265ef4d1ce9aaebf05f12da

SHA512
124dc0b18e13425bde43bcbbe2a99005928e398bffcb458d498aac9e754bc5b92b703270667800876c60b0801343f2de8c6b9a1eebafd80bb4f6d5dc295dd9f1

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
Filesize
520KB

MD5
0dcd659623aaedbd8c9d5bb9fb309271

SHA1
77a0bddc53ca0f73b9228eaeb0c167734d672060

SHA256
3afccf0e6b832ffecbe50acb85ed909578d630def15d05c4c0bcfe6e877bec67

SHA512
44e5299fe78d1b4fc538f6d7782d570e099cb28816f567100c3bfea985f58a7913d7182d77abd72c9ab88212f95fbd311c205b678825b03225c5acff9f334bcd

Download Submit
memory/1620-21-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1620-16-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1620-14-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1620-20-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1620-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2120-22-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2120-5-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2120-3-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2120-64-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2120-7-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2120-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2120-13-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2304-70-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-86-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-60-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-94-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-58-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-53-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-49-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-73-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-56-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-93-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-71-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-72-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-75-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-74-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-51-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-92-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-80-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-81-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-82-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-83-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-84-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-85-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-91-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-87-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-88-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-89-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2304-90-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2456-68-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2604-61-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2604-59-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2784-79-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download