darkcomet | 55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919

Analysis

max time kernel
148s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Size

1.6MB
MD5

e7881724e1d97b8004f05d94b99f15aa
SHA1

6e35acbf488e569a2b23d2fac9abd1fdc76a010e
SHA256

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919
SHA512

418156d64454b6587c21ab3e89b21c39d4f1c702f8530ea93a62694f63253e7487e2c80dd5151159b9e5e16bf204299669a057f9520cb6c39256bc9f0ccdb721
SSDEEP

24576:6tb20pkaCqT5TBWgNQ7ad0AtBp5tncdp5JdL8JDOFrksduEIdN6A:nVg5tQ7ad7J5tKjJdL8ikuNIz5

Score

10^/10

darkcomet infected persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Infected

rattingfordays.no-ip.biz:100

Mutex

DC_MUTEX-3K6C68T

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
JDBdm8s85Wwr
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe

Executes dropped EXE 3 IoCs

Processes:

msdcsc.exemsdcsc.exemsdcsc.exe

pid process

4304 msdcsc.exe
3276 msdcsc.exe
4412 msdcsc.exe

pid	process
4304	msdcsc.exe
3276	msdcsc.exe
4412	msdcsc.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exemsdcsc.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	msdcsc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exemsdcsc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Users\\Admin\\Documents\\MSDCSC\\msdcsc.exe"	msdcsc.exe

AutoIT Executable 4 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe	autoit_exe
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe	autoit_exe
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe	autoit_exe
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe	autoit_exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exemsdcsc.exemsdcsc.exe

description	pid	process	target process
PID 4152 set thread context of 1780	4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 3276 set thread context of 4412	3276	msdcsc.exe	msdcsc.exe
PID 4412 set thread context of 1512	4412	msdcsc.exe	iexplore.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exemsdcsc.exe

pid	process
4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
3276	msdcsc.exe
3276	msdcsc.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exemsdcsc.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeSecurityPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeTakeOwnershipPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeLoadDriverPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeSystemProfilePrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeSystemtimePrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeProfSingleProcessPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeIncBasePriorityPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeCreatePagefilePrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeBackupPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeRestorePrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeShutdownPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeDebugPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeSystemEnvironmentPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeChangeNotifyPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeRemoteShutdownPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeUndockPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeManageVolumePrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeImpersonatePrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeCreateGlobalPrivilege	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: 33	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: 34	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: 35	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: 36	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
Token: SeIncreaseQuotaPrivilege	4412	msdcsc.exe
Token: SeSecurityPrivilege	4412	msdcsc.exe
Token: SeTakeOwnershipPrivilege	4412	msdcsc.exe
Token: SeLoadDriverPrivilege	4412	msdcsc.exe
Token: SeSystemProfilePrivilege	4412	msdcsc.exe
Token: SeSystemtimePrivilege	4412	msdcsc.exe
Token: SeProfSingleProcessPrivilege	4412	msdcsc.exe
Token: SeIncBasePriorityPrivilege	4412	msdcsc.exe
Token: SeCreatePagefilePrivilege	4412	msdcsc.exe
Token: SeBackupPrivilege	4412	msdcsc.exe
Token: SeRestorePrivilege	4412	msdcsc.exe
Token: SeShutdownPrivilege	4412	msdcsc.exe
Token: SeDebugPrivilege	4412	msdcsc.exe
Token: SeSystemEnvironmentPrivilege	4412	msdcsc.exe
Token: SeChangeNotifyPrivilege	4412	msdcsc.exe
Token: SeRemoteShutdownPrivilege	4412	msdcsc.exe
Token: SeUndockPrivilege	4412	msdcsc.exe
Token: SeManageVolumePrivilege	4412	msdcsc.exe
Token: SeImpersonatePrivilege	4412	msdcsc.exe
Token: SeCreateGlobalPrivilege	4412	msdcsc.exe
Token: 33	4412	msdcsc.exe
Token: 34	4412	msdcsc.exe
Token: 35	4412	msdcsc.exe
Token: 36	4412	msdcsc.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exemsdcsc.exemsdcsc.exemsdcsc.exe

description	pid	process	target process
PID 3156 wrote to memory of 4152	3156	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 3156 wrote to memory of 4152	3156	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 3156 wrote to memory of 4152	3156	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 4152 wrote to memory of 1780	4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 4152 wrote to memory of 1780	4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 4152 wrote to memory of 1780	4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 4152 wrote to memory of 1780	4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 4152 wrote to memory of 1780	4152	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
PID 1780 wrote to memory of 4304	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	msdcsc.exe
PID 1780 wrote to memory of 4304	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	msdcsc.exe
PID 1780 wrote to memory of 4304	1780	55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe	msdcsc.exe
PID 4304 wrote to memory of 3276	4304	msdcsc.exe	msdcsc.exe
PID 4304 wrote to memory of 3276	4304	msdcsc.exe	msdcsc.exe
PID 4304 wrote to memory of 3276	4304	msdcsc.exe	msdcsc.exe
PID 3276 wrote to memory of 4412	3276	msdcsc.exe	msdcsc.exe
PID 3276 wrote to memory of 4412	3276	msdcsc.exe	msdcsc.exe
PID 3276 wrote to memory of 4412	3276	msdcsc.exe	msdcsc.exe
PID 3276 wrote to memory of 4412	3276	msdcsc.exe	msdcsc.exe
PID 3276 wrote to memory of 4412	3276	msdcsc.exe	msdcsc.exe
PID 4412 wrote to memory of 1512	4412	msdcsc.exe	iexplore.exe
PID 4412 wrote to memory of 1512	4412	msdcsc.exe	iexplore.exe
PID 4412 wrote to memory of 1512	4412	msdcsc.exe	iexplore.exe
PID 4412 wrote to memory of 1512	4412	msdcsc.exe	iexplore.exe
PID 4412 wrote to memory of 1512	4412	msdcsc.exe	iexplore.exe

C:\Users\Admin\AppData\Local\Temp\55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
"C:\Users\Admin\AppData\Local\Temp\55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Users\Admin\AppData\Local\Temp\55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
  "C:\Users\Admin\AppData\Local\Temp\55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe" /AutoIt3ExecuteScript "C:\Users\Admin\AppData\Local\Temp\592396" "C:\Users\Admin\AppData\Local\Temp\55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Users\Admin\AppData\Local\Temp\55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe
    "C:\Users\Admin\AppData\Local\Temp\55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919.exe"
    3⤵
    - Modifies WinLogon for persistence
    - Checks computer location settings
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1780
  - - C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
      "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Suspicious use of WriteProcessMemory
      PID:4304
    - - C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
        
        "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe" /AutoIt3ExecuteScript "C:\Users\Admin\AppData\Local\Temp\612376" "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3276
      - C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
        
        "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4412
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1512

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\592396

Filesize
15KB

MD5
7040a16aaf3f6e910659af3636bbe6be

SHA1
c4d72a1cf968da2ab274c8d9dc2b13a55223be64

SHA256
2b88e2d0b5ee95843e6bba987097ad42dc0c2715ea2adf47289f676795454aee

SHA512
199d43e845d7c6d394cae98a133c7fff96b71bdef8437aeb6651d44d6731a71efa2e23991384a9e1a3f66c7a38c9fcd71d7e16e2513e8148d21dd2b2bbc3e479

Download Submit
C:\Users\Admin\AppData\Local\Temp\612376

Filesize
15KB

MD5
7040a16aaf3f6e910659af3636bbe6be

SHA1
c4d72a1cf968da2ab274c8d9dc2b13a55223be64

SHA256
2b88e2d0b5ee95843e6bba987097ad42dc0c2715ea2adf47289f676795454aee

SHA512
199d43e845d7c6d394cae98a133c7fff96b71bdef8437aeb6651d44d6731a71efa2e23991384a9e1a3f66c7a38c9fcd71d7e16e2513e8148d21dd2b2bbc3e479

Download Submit
C:\Users\Admin\AppData\Local\Temp\incl1

Filesize
12KB

MD5
fcaa757b4fc32b9c0c66fe31b0de5376

SHA1
472bc2e27449278786857bfe609c868127606c3f

SHA256
c413b175de5a10cc23eff47d24279b269b3caf5e45d0f1de1ca645c4381fbac9

SHA512
ef6186305b43fc0e42cebaac82f123b83be7077a5dd1004bb9b4f82c95da57230b35a24f787ee8e63ed397e91660cfb40c1338f69c68bc7dbce381b53fe4f61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\incl1

Filesize
12KB

MD5
fcaa757b4fc32b9c0c66fe31b0de5376

SHA1
472bc2e27449278786857bfe609c868127606c3f

SHA256
c413b175de5a10cc23eff47d24279b269b3caf5e45d0f1de1ca645c4381fbac9

SHA512
ef6186305b43fc0e42cebaac82f123b83be7077a5dd1004bb9b4f82c95da57230b35a24f787ee8e63ed397e91660cfb40c1338f69c68bc7dbce381b53fe4f61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\incl2

Filesize
756KB

MD5
7b0aeacc3ec46411d355c090e84a2267

SHA1
df573a32519a78edaf37ef2b4d858b031976dc2d

SHA256
4b866c78b96f4f82dea55d9864195e8915b666c5e4e070196ac31fbec6510cd1

SHA512
8b697dbad9a709193555ab1ede5402f74f788500311d9a319fd164732c5be9b3c7038dc16bb1a6b1c565b60aa86bf2af57585ea065c15cbd2733bb03c758e2a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\incl2

Filesize
756KB

MD5
7b0aeacc3ec46411d355c090e84a2267

SHA1
df573a32519a78edaf37ef2b4d858b031976dc2d

SHA256
4b866c78b96f4f82dea55d9864195e8915b666c5e4e070196ac31fbec6510cd1

SHA512
8b697dbad9a709193555ab1ede5402f74f788500311d9a319fd164732c5be9b3c7038dc16bb1a6b1c565b60aa86bf2af57585ea065c15cbd2733bb03c758e2a7

Download Submit
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe

Filesize
1.6MB

MD5
e7881724e1d97b8004f05d94b99f15aa

SHA1
6e35acbf488e569a2b23d2fac9abd1fdc76a010e

SHA256
55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919

SHA512
418156d64454b6587c21ab3e89b21c39d4f1c702f8530ea93a62694f63253e7487e2c80dd5151159b9e5e16bf204299669a057f9520cb6c39256bc9f0ccdb721

Download Submit
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe

Filesize
1.6MB

MD5
e7881724e1d97b8004f05d94b99f15aa

SHA1
6e35acbf488e569a2b23d2fac9abd1fdc76a010e

SHA256
55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919

SHA512
418156d64454b6587c21ab3e89b21c39d4f1c702f8530ea93a62694f63253e7487e2c80dd5151159b9e5e16bf204299669a057f9520cb6c39256bc9f0ccdb721

Download Submit
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe

Filesize
1.6MB

MD5
e7881724e1d97b8004f05d94b99f15aa

SHA1
6e35acbf488e569a2b23d2fac9abd1fdc76a010e

SHA256
55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919

SHA512
418156d64454b6587c21ab3e89b21c39d4f1c702f8530ea93a62694f63253e7487e2c80dd5151159b9e5e16bf204299669a057f9520cb6c39256bc9f0ccdb721

Download Submit
C:\Users\Admin\Documents\MSDCSC\msdcsc.exe

Filesize
1.6MB

MD5
e7881724e1d97b8004f05d94b99f15aa

SHA1
6e35acbf488e569a2b23d2fac9abd1fdc76a010e

SHA256
55fbc8f96b54789e032d9d79bb766592e4ccc54c8e7eacbd16142f7f9d529919

SHA512
418156d64454b6587c21ab3e89b21c39d4f1c702f8530ea93a62694f63253e7487e2c80dd5151159b9e5e16bf204299669a057f9520cb6c39256bc9f0ccdb721

Download Submit
memory/1780-144-0x0000000000F00000-0x0000000000FCA000-memory.dmp

Filesize
808KB

Download
memory/1780-137-0x0000000000F00000-0x0000000000FCA000-memory.dmp

Filesize
808KB

Download
memory/1780-136-0x0000000000000000-mapping.dmp

Download
memory/1780-138-0x0000000000F00000-0x0000000000FCA000-memory.dmp

Filesize
808KB

Download
memory/1780-140-0x0000000000F00000-0x0000000000FCA000-memory.dmp

Filesize
808KB

Download
memory/1780-139-0x0000000000F00000-0x0000000000FCA000-memory.dmp

Filesize
808KB

Download
memory/3276-145-0x0000000000000000-mapping.dmp

Download
memory/4152-132-0x0000000000000000-mapping.dmp

Download
memory/4304-141-0x0000000000000000-mapping.dmp

Download
memory/4412-150-0x0000000000000000-mapping.dmp

Download
memory/4412-151-0x0000000001000000-0x00000000010CA000-memory.dmp

Filesize
808KB

Download
memory/4412-153-0x0000000001000000-0x00000000010CA000-memory.dmp

Filesize
808KB

Download
memory/4412-154-0x0000000001000000-0x00000000010CA000-memory.dmp

Filesize
808KB

Download
memory/4412-155-0x0000000001000000-0x00000000010CA000-memory.dmp

Filesize
808KB

Download
memory/4412-156-0x0000000001000000-0x00000000010CA000-memory.dmp

Filesize
808KB

Download