darkcomet | 6128b275e49380b582d28428f617e1445462408b8bf79c12c1fcfbdfbb71e974

Analysis

max time kernel
1799s
max time network
1690s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28-06-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.txt
Size

69B
MD5

5c207a599a8a193a7bce72ce40ff109d
SHA1

15f533c6328d566ffee35bd51c5eeca4621cece2
SHA256

6128b275e49380b582d28428f617e1445462408b8bf79c12c1fcfbdfbb71e974
SHA512

57401929d5f55b9cb0b4c973b374dd1a2cb4e7922bf984469c9486dce32dfe60c8068de01710e5d74312959dee2ee385fcf99256cac8f850aeaf9b69f62ff44d

Score

10^/10

darkcomet rat trojan upx

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 4 IoCs

Processes:

upnp.exeupnp.exeupnp.exeUPX.exe

pid process

2088 upnp.exe
3592 upnp.exe
2552 upnp.exe
4576 UPX.exe

pid	process
2088	upnp.exe
3592	upnp.exe
2552	upnp.exe
4576	UPX.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\upnp.exe	upx
behavioral1/memory/2088-299-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/2088-320-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/3592-321-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/2552-324-0x0000000000400000-0x000000000040D000-memory.dmp	upx
C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\UPX.exe	upx
behavioral1/memory/4576-342-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/memory/4576-346-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/memory/4576-353-0x0000000000400000-0x000000000057E000-memory.dmp	upx

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640797081547992"	chrome.exe

Modifies registry class 32 IoCs

Processes:

DarkComet.exechrome.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	DarkComet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	DarkComet.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

516 chrome.exe
516 chrome.exe
4236 chrome.exe
4236 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

DarkComet.exe

pid process

4860 DarkComet.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

516 chrome.exe
516 chrome.exe
516 chrome.exe
516 chrome.exe

pid	process
4860	DarkComet.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe
Token: SeShutdownPrivilege	516	chrome.exe
Token: SeCreatePagefilePrivilege	516	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

chrome.exeDarkComet.exe

pid	process
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
516	chrome.exe
4860	DarkComet.exe
4860	DarkComet.exe
4860	DarkComet.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

DarkComet.exe

pid process

4860 DarkComet.exe
4860 DarkComet.exe

pid	process
4860	DarkComet.exe
4860	DarkComet.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 516 wrote to memory of 668	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 668	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 1532	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 3872	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 3872	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe
PID 516 wrote to memory of 372	516	chrome.exe	chrome.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
1⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7fff191f9758,0x7fff191f9768,0x7fff191f9778
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:2
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:3872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:1
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:1
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:1
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4736 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:1
2⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=888 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1620 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:8
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3144 --field-trial-handle=1592,i,16789140205180396435,15855475390645641003,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4468

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4860

C:\Users\Admin\AppData\Local\Temp\upnp.exe
"C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.210 1605 1605 TCP
2⤵
- Executes dropped EXE
PID:2088

C:\Users\Admin\AppData\Local\Temp\upnp.exe
"C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.210 2222 2222 TCP
2⤵
- Executes dropped EXE
PID:3592

C:\Users\Admin\AppData\Local\Temp\upnp.exe
"C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.210 1604 1604 TCP
2⤵
- Executes dropped EXE
PID:2552

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\UPX.exe
"C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\UPX.exe" --ultra-brute "C:\Users\Admin\Documents\These.docx.exe"
2⤵
- Executes dropped EXE
PID:4576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f0
1⤵
PID:4124

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
ad83d0f81bb93cb6629b50ae3d355f25

SHA1
2e0a14fddb3f711cd737f81ef2dca8f0e632caa5

SHA256
42d822f238705fe2e3f1aeaf56097db12daf2c40da5eaf9adff3f25ffcb028eb

SHA512
38c4c041453959d6c05185755b9fd2ce7bd29335587c2db40769b4ab98420141a3b1874953d9365aed477d462d3f8f83db0144109122feed153184ed8a42c6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
02eeffb159997fe5babcfe7497329951

SHA1
1c508e5c49665c19301cfad09aa3da9029f95067

SHA256
d3cff5302a8e4dbb6ab2247b6d862d39ac258f8d13ed43d45bd42b746e7bf1a9

SHA512
d23be0a9f2dd347854b590b1bbf2ed7f4397fb4722c5041a02b5da172cd11b1a9755bfd3bbb19e9d3b05cf751a714f541f49c13ed1fa18f94cb7b85525b86fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
532B

MD5
31c5c4b1bf28a5a619ec21f27bfb43ec

SHA1
6cd1046531ce2a3997d8c6db4a300ee03c73bd0f

SHA256
727ae795a4f5139b499828af20ec5cc6e354dd2e468165ddade290867f7ec0c8

SHA512
5222e291a7488804e6262ac4910d208ca269f94b38845dd3d12b41d5f4ba56be9a299e24c33be5a243fdbd69466e8bfd5d7c2bc624c78b54128b890bf089fbbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f4233cac8aecadfb2892af637ca7ebe8

SHA1
a9828bc9760cb3211b121edff459cae2409ebdef

SHA256
a12de96e3a6236d6c0d6f64bf46b6132b38743b821ba43176d99a6b8d32344eb

SHA512
54452aec3dc1f982cb24c3f60f01b301741208b6bf0e5587ae8b01666dd5dc11cc5538b5e57b63ecce56305876569f0235b66c710ba40efbb1594f02a7786136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a171516e944fcc403497f5d0502454be

SHA1
7080deac91fe7cde51a33523a6aa45207f0b7757

SHA256
47ee9ae66cc7ecde4eab46e755ece7434d6ea83ec0fc73544139971f5b8c234a

SHA512
94e1dd4eecf2f3a053287e1d97fd91ce7b5905d7551b6d4af2292d9be59155badbc34eea989b1c4e4084c92dce911b138e0636571996f79b699be5cc82ba9127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
18d44d302872846e9197ba52007f0657

SHA1
8b181d3ad883fe8688696d77dc331b1f05a16592

SHA256
6414facf8c750a604f753bdf830c4bcae7db639a0a2afaff1f768a040053e012

SHA512
854e624bd968d9d6e7ebc8c158b3864413bc4a6c99ccc7ecfbe117d392ff190c3d3d198594e6daeaab88edb4af2db2872b9105653dde7fe605f1dfd7125fe760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
267179e7f238735cafad00876febdace

SHA1
ce153b64867811dc740dce95a436daa15e486be0

SHA256
a9f8efc42f1b241551c80b2937c74af8f6e740867202ff96d7e41a9267839895

SHA512
13ad3fdbe1d079037ae47263356ab705f8f5b881cfb4715cf5be4823364b2c93f8b12879b8302d58c8b2f2c6249b6a99539b1350ff3a8ac78aac6e465897d1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
2c77895264b15a2efcfa03f6a86eb252

SHA1
669bba0076362da2f0e4b075b21d71459d230825

SHA256
9fd71c47308be7f1f693bdc6fe5a545ebd15df7d77859ec8f43e1029288c6465

SHA512
32c0b27e3ee6df35d7ce8d8a06f8cd7f7b7ae70cf459be3ef1d316e950e190d03496446bf83da01cec943227d987ba9ea6d54c0df8322bcd7917ff04fb4c1e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2c166fe67d49e8cb801e349921289a516d8e7b5b\d9c24bc3-7986-4979-a1bf-4b7bcee2975e\index-dir\the-real-index
Filesize
840B

MD5
f0dcf34d6122633017e2f19dcb1c1e17

SHA1
e83da24e794ee8eb58696f691a7c150a3f763943

SHA256
5f1dd207b79200c74d16cda73a4d092c49c02a34715953cefa28d3025bf91b41

SHA512
d7740d0bf2defe90036e821220dc72582ef46820a0786180fcbadf7f791f477ecae20fd129eb1699742e332c330f944c5f453b27b90e126ebcf655e5b4da194d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2c166fe67d49e8cb801e349921289a516d8e7b5b\d9c24bc3-7986-4979-a1bf-4b7bcee2975e\index-dir\the-real-index~RFe57d9d5.TMP
Filesize
48B

MD5
6e80312df3d19492f2a4f53654c07bab

SHA1
5b1836573888e26ef33d36ffdb220e6910c65cdd

SHA256
ee1dd18cc629083e9f0c74f2924f0e3ba5bc635b6c1b173a25aa5756536ae8ab

SHA512
a5a25566d9a7509f391729b43cdaf5bd90f39780a90e472a4383d4ef1dce1b55c64264170ae8e4e5e6a563727d23c4565d957f6d592f7435139dd078c870b5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2c166fe67d49e8cb801e349921289a516d8e7b5b\index.txt
Filesize
104B

MD5
508d37f0cf9502c738726cd5b9c69fa7

SHA1
0c2add0bfcb50fd55a019d26ca4494d463649208

SHA256
ee8e9eb774577f04f06db8756c0d8f12d4d552b2bf076ceb70f2a621f53cb936

SHA512
f58ffcdc6b4aab4164496b3ea9b1888c404395a2103a83b06ccdb04b202388d2f0f13ca1789f7441071acd77b111560c39c2e9bab592bc121f0462d558b19454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2c166fe67d49e8cb801e349921289a516d8e7b5b\index.txt~RFe57da14.TMP
Filesize
109B

MD5
77812813bc2860851b96cb9862e83d01

SHA1
4ad8c4bc50a828d07bd0471c7dfa84636926464d

SHA256
c369397f01a47e4f2f8f5186171a7e64a17858820cf360f4890c47492d026ea8

SHA512
411b90b61ea09438ac3d38c31edcb5c386ea44f4214f9de436f801dd70f67aabcbd1806aee7e35df1f3b41f3903b4d0af90a3b0ef3c38affeaebac595259ef0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
9fbba0d7df79cebaa2332b9263d78f21

SHA1
502f4807d5e11e3eca90d287a0cbd6c2ed5b4a6d

SHA256
b4df3e7532ba8dd58482ff5e0b7e2c41ae130791a11ebb0307ea49c1f09c033f

SHA512
0c8b72700759da4772c4f59a7cb0d6c44ab0dd4e74cbca59b675225ad80ae7243c082fa8f6dd3417b375725790da71bcd5f6f8733bf104a424b76c523209f7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d810.TMP
Filesize
48B

MD5
3d80cfdb64224055537e57fe3f60afba

SHA1
176bc33137b10178256bea6043729812544f608c

SHA256
443deb02aea2fed37b6d633378df12de360b5b40d9ab649df82e8fb6beb2b345

SHA512
798e355377c0ce9ba9caf142fe87a4168067a3ed9002ac36e6cdc689df3eee4d844aaa2f51c6dc92da99243d416fe83e0d1dd9044e722b043f0f7ba2df9b6235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
289KB

MD5
c7cf61c1b7ff693bf535ac60bf96d887

SHA1
05fe22dcdcc212af03d97029002686ae06e87424

SHA256
ab48c5af538d84f717fde62febc54db0e540fb5a994bf4b3f05be786b8f3e907

SHA512
e6147a3dfa43d868dce0f54587a18e4bea2c0e8c695704695c5cae679765cf64dae080ee6ca06947c4b7352c1a08b2d751a09078bbd6f8803ee20a9b57d97aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
0274cf8066b11a77daad99aa684d0cc0

SHA1
e10ff5aa437c1d4e2a9329aee1a80e7694c15dc3

SHA256
dced6b13999399cf24dd8729ae0283d7e5dffe00f3559d148ee20291a73b5e97

SHA512
926b419be4959431e8188e4c7f403bd4eb02225e5e4eae6a4a9d5b10760fd02d6be8225d24626f0e36992c790d63142fd790c2cd71c1aae872520db704ec9914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589778.TMP
Filesize
100KB

MD5
64a200ebff8d2b5e2d4af9a8c80ce407

SHA1
8c60a4e14454881f50976407ca37507575676e94

SHA256
08e30a65b06e3377f0ed1e1e8a8055a11246c97faebdb199759ca809ca6cd2ac

SHA512
84d1519ff9d229c15bb13ea1588e8f52c02c1e123eb40a6011d126da0f2ddf1ab41141eeb083e3a18c6802f204f64b8b77eee08177234f2bbd72cf0421d51158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\upnp.exe
Filesize
12KB

MD5
13804f8dc4e72ba103d5e34de895c9db

SHA1
03d7a0500ccb2fef3222ed1eb55f2cbedbb8b8c5

SHA256
da659d8c05cfcb5f0abe167191665359123643000d12140836c28d204294ceb6

SHA512
9abb98795a1b1c142c50c7c110966b4249972de5b1f40445b27d70c3127140b0ddaaada1d92297e96ffd71177b12cd87749953ffdcf6e5da7803b9f9527d7652

Download Submit
C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\UPX.exe
Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\config.ini
Filesize
682B

MD5
d621a3ac059b8f4c0bb5c2fc304ddf90

SHA1
cfcd95c45958f4fc8c8a13246b9551fd8de9356b

SHA256
8855fcf4e70309bed17a5885293950816601f1871cab5f57c97c78512315934a

SHA512
a773fb5786e863421fd028d0e3c768d11f3e406ea773942b84732b9bcdb5de4a44ff763e14aef0ee26dfff7ff00033a5a395e85ac9cf6b9a42a44939c83463e7

Download Submit
C:\Users\Admin\Documents\These.docx.exe
Filesize
657KB

MD5
34960f869aa933675a70c0c7c17addfe

SHA1
b01ec370b3571d70a2d111f35d5514cc7a18d422

SHA256
9343339fadfe0f62d6fd46c6131ed9fdf01978d817192984e69a8bbecfb406d2

SHA512
5993de154bc0f5db448a243a3d0ec7929e968823b24ae256226e2d8e82f1d50d62977e5a21a2b775cd422416d8656ed0dec103b850a58633b12bec074a4f58d5

Download Submit
\??\pipe\crashpad_516_TOUUKGFZAUQTUFSK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2088-299-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2088-320-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2552-324-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3592-321-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4576-353-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/4576-346-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/4576-342-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/4860-331-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-332-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-328-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-327-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-345-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-326-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-348-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-325-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-355-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4860-356-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download