Analysis

  • max time kernel
    150s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2024, 10:30

General

  • Target

    6a30b320446a423c14f5c2eb1e69bde8.exe

  • Size

    946KB

  • MD5

    6a30b320446a423c14f5c2eb1e69bde8

  • SHA1

    5eb9991fbdd44574984b569498eb71586cde8c9b

  • SHA256

    9a9d814c6d40bb1f2b5b1efb69041afff09b3c41fc618bd79bb8053205a08a24

  • SHA512

    ea43756d7a3d1b55d9cc86cec0bba3e8bd4e7a59a8841d29ddfc53091791c1e61e3e66c55c17adfddc510892f518685f4b4e1984ed6350191d5f85c2f9172140

  • SSDEEP

    12288:mUmKtThdsnPbLoTXPThJj9Hjdv5c6Z4EvZq0qcaSB0KdqgSdzRrrB5zMPq39zivZ:DtnsnPHohJj90nEvpuYqggVrrTYPhx

Malware Config

Extracted

Family

darkcomet

Botnet

rsman

C2

internetconnection.no-ip.info:8889

Mutex

DCMIN_MUTEX-FKV7NNB

Attributes
  • gencode

    sdDYWLgbyDpT

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a30b320446a423c14f5c2eb1e69bde8.exe
    "C:\Users\Admin\AppData\Local\Temp\6a30b320446a423c14f5c2eb1e69bde8.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Windows\InstallDir\help.exe
      C:\Windows\InstallDir\help.exe
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Windows\SysWOW64\cmd.exe
        /c net stop MpsSvc
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3052
        • C:\Windows\SysWOW64\net.exe
          net stop MpsSvc
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2596
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop MpsSvc
            5⤵
              PID:2708
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2116
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2704
        • C:\Windows\InstallDir\help.exe
          C:\Windows\InstallDir\help.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1168

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            252B

            MD5

            ea5664d6e5bbacf32b86a7895bbe06a8

            SHA1

            c476af990ebcea8df47fc2196f62da6e8b25e149

            SHA256

            58408b59062440d7354affd690d72da1e5cd8aa80fec2389c2e99f858a4b5ecb

            SHA512

            7ab8e005f9f9a71bbcd89520d6d001679ce66ad25b3fe8d9a4ee1eaba240fc17b416c661203dfaf1c017ac8c62eddc91aa2decd96599cb0548cd1ef98822aa30

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d7ff72b5c07e070bba6c88b22fdf38a9

            SHA1

            b41905b4c096178f3779dd9ef6cf2796988e014d

            SHA256

            b331d71b91f62d409aaa7cac6a4dcec5482a22a409c53eac8578e890fed0a9d4

            SHA512

            3423d635ce1d6b3d53069f0ec7db61572e3fd5b98549cd93284b5d85db535499260dfb3e050ad2bfceaf806faa1ddd9b482dd72a1bdc8e626f7976b66d70c6ee

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            efeedd1f85030b1fafc1eefc71b85ff4

            SHA1

            6f2e2c2736c8ab552bd2a413d64cf57f033aad83

            SHA256

            0254b72a41342e4fa727118dfd10dc69c54a0e97aa968b3270d5cbc6a5ca781c

            SHA512

            64a94233174b7dccf6e0964919372339ad016faee7120eba8258548e005faeab68730517cdfa8280c23d042481c6c7475408610b54ade04060a453fa6057766b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            accba1109338bec2c9e0662b56bdcd07

            SHA1

            f52f9dbc2e035f3b0ab7c7e1593d778f11a26f1a

            SHA256

            cd75aedc79606816d4439f907a04a961b72d11243034ed16cb668aa44bb31aaa

            SHA512

            ef5fb4112312c85ed843d87e09bbe7aa7c43abb026d5789fc14d286c16e0c1d7ceeeefd5c0b0d039f4839705160cfbe8e75306207f6654cee1064f0d918b12cc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            dbb05b64c67a1d3b31ddc4d8f4bbb1b8

            SHA1

            7653d6f741542c9586a14a412c007ad0d3b2c289

            SHA256

            e697a66a92e424c9ae9ead7350e2e7dce58ede6617263aab8c2fdf20442b7d43

            SHA512

            da68fd0d347c17096b89d79292d6b7826adee9a361504629624a971d311b58374eb25c80c07a9378ed6c3e9dd39cc3a001101acfc1cc24f15bd37932dc23a3f0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            c347d2e38640493513fc584a4ed162f4

            SHA1

            138fe1231f09f571ff5d3088a7b33b1bac805f73

            SHA256

            61f39e810fee3477d2be0c69c5f738dcfe50d637285e41a27e81169634ffe970

            SHA512

            3448331b3468ae6fbdfc6eebc41cc410b41e14dbecda03c1c799c745929239c6baa52913ebfa26c3ff348c56ff4aa32ca963ccce5a2df56e66949e4495fbb28e

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a42d45cf957c326e78ed915abc99611a

            SHA1

            c5e6684c3331ee276b8f9b23d51c35f641ef3685

            SHA256

            d774bdca0ed1f10e9bcc3d177f8d70478ea1a999557135093beb4da5da25496d

            SHA512

            a846d9d4e32cf12310e26e686d9561e98bada4d8466075c6517e4425a68ebb60df760686009ce7f38fd421f52aeb7a673d99b20e51f2b9e74ddfca0cfb0ea99b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            ad091bde8c5f03ccf66dc5a42f47ce75

            SHA1

            232abc8e16aee379338e685acea7a257d9ca7b1f

            SHA256

            7d15d59ef24d68020be59636a28d86ed3ab66fd17fb691f5532e80823aba3fe8

            SHA512

            2ad740d3b76d44fa133f079836bd20d4df67996f8ab4dc63d210ffb981ff899cd710b685259c461d95ac8ee988f167f7f19d2818319d04be1eb5df51a6896de8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            9b124c90ab748cab710e2a24d3542741

            SHA1

            726e6f83e8fa1940dcbe6f0b41dfb4a305aadb04

            SHA256

            f06416e900f08d2618c01c9615fa7ab365c1a724f739e35ee8a23d5e6c837132

            SHA512

            38a2a0fbc79843e71b4a4c0878014967144da3db9fb7a7452c4e0fd5ee039a710b96b5a2e618c5730c16f55c88fcc2e95eaf261df0ae709f00a155774f594b86

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            665aa24c84222e82855ee5e9dab22eef

            SHA1

            4db024dd84cc1e94a2732852fccf6e0259671f16

            SHA256

            8644d8b4de8a5b1790d40f68a58963f7bcad083b0d79c4c47e74cbd79c88f892

            SHA512

            d395c2dd1b0019ad0c7231d7424bf28957bf9496759a0bf2cab8c3cff3940e81b6c9e1fe3de5445339357b1085cde8b3c8998ea878bb0551f7813ff23692f863

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            66f5aa08caeac3120051b70f5ec26aae

            SHA1

            81119ae239164631fe53a5c8c998ac361e9d52c0

            SHA256

            8960baa7f0024542b3c94e11748d051744924e610e18f4dad9b6b077cb9b311c

            SHA512

            688f2259bf44e9ac33c2bc568c280729ca48c2be228634bd59dc5a1d7f4c01bb8eaafed5e45517bfcd7994245ae5ea6ccfd8f11220c84457d0203dfe8ae78172

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            a71e953b3ea31e45ef77a1a4cc2ee6a0

            SHA1

            6e92733b7425b9c44511bbcb9715554254b252fa

            SHA256

            afc236a453a226eeb2fe15c796a48e43c811a2659575d513074545c66417cdc9

            SHA512

            0caa79c13d3e7a9abb1ba75d6901d4c5780b25d687ae96df1d82ff12927db7da721b845b190f545d96ada75189b53ce8770a8233c970fff8918d60f1530e1437

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1fe38369eebf773a65f3e0fb9ca440d3

            SHA1

            8bf668bed4c1221e5340282a0a63590f7c2e82f5

            SHA256

            2a8eb72a23c17d2e1a60815699e96a54a098b1d4c26df51b4480fb493d59b996

            SHA512

            561ee123019459f8c5d285fbc9ac1f06e5d652bfb6b249800a2754bae2867f71ceec6983c71eb15d3e3c60c9ce7633124bbf08ad42f90777524025a4eaa06ec9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            683d84636a6063c00de6551ead176350

            SHA1

            c6b31189a57f1bd918d5523d9ba5d7bf2101eaeb

            SHA256

            f12b4b050533167acc2acbe784ee477b022e26e8341c663c9666cad4aed00cf2

            SHA512

            0c21fe24a90f768fb8f0926bd9531b96a4700eff029fbf587be68975f575fd0aeb1320e3053a52fe62f6dadb2a0a17221ceb896ed1da22df36de606db75810b9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            b55f936432b095389baf253171be8d3a

            SHA1

            c318b217962b1d276964a4284f00fe1bd777fe03

            SHA256

            5e6510a934f16591655cd194125bf625399e2a903cdd37f8a469e111c5874bde

            SHA512

            f5143fa288a379b8050314d9fdf3082c78e3e984bde4a13ee402d993c0099d3b3eb1834a5507cfdc51197be9e3b36db95e90d8f9951f8958abee935d042591bd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            33b92d8c4606a89b6dac6998250e4b04

            SHA1

            3943c9719370e6c97cc099251ba3f05a6ebbe409

            SHA256

            ab4ff412188b6067fd6fd41aa131ec168f82bb724f7be248e013cdcb2b47e087

            SHA512

            ec316e0d5c9780d7d6a9170eae3198ea51c392b5d2cd9528d270c5560cc5e8c237a00a0d788e64c3308081188bdf20357aae77e6ba61b73215e1e994057271d8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            7239e61b04035c74d8eb6414b4a1ab80

            SHA1

            34e5bc57b983e5c909a7f84287fa644bb4a086b4

            SHA256

            ed038a599ce6e7e712b115093a4eb46592556de13358f52741de2a3758163b8b

            SHA512

            3fd0033b0ed6c796f994256aba73314cbc20d5301244d518d81c2e003965b09c6418e4786e0368c996a23aad8b03c7b27aaf52c4fe91dc7bc6bf349e78efda02

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            55a7c3e86d7dd5628af518086a30f840

            SHA1

            2a826d7d260c519b6aafdd0e84b0a6655f175aaa

            SHA256

            50288f60ba1a9195e2dc1e90dbcba7d85518b6e8683e3c8938d97add5ee8e826

            SHA512

            18fc0a6551bf14fc66831c54ee16967bb3de0759cb49ac9fea35de8aaabb05c4ce6e7bc0219a7690b3caf87e1ad287c4332c542234553cb40293db33b6ad0bc9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            62acc775bceeeca5d3953ec420eb7a0f

            SHA1

            a9e59d6d51206253cef38e580243b1755cac3217

            SHA256

            ccb6f1a154152dc4bd5d96e093bbe9da3c2928d38fec3db42999f4ab1bde39de

            SHA512

            a97e8f4f5d30252d3833ebba4e9c671ba7f9b037cd84abac14e5181d76390a6525318cf248adea6cbcd7479682c2b1071e2510f0b28477e474554a99a02a602b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6d24cde1475b7772218da9729fa11dde

            SHA1

            eb4d0cc3024d63308b56d05c3145a0a25db91e58

            SHA256

            c25857f9507ae7a4a05b41f6e1394188147c75c06e9d9abf672d2a1754676f11

            SHA512

            6235306b4109815aa753fce96f46577e16a6bc65e98cfb5daa6665b52f0599963c4ee55321f40f6d4e0694e2e45ac5493b6425d9c320d25e611d67e7b1a2e3ba

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            242B

            MD5

            b7a358b683f73254a64b4d9fa1774699

            SHA1

            a96e91d44602c15dbb92447b43de815bfb96de76

            SHA256

            350c78154fe1d6a4674c765664dfa3bb925ee8a385206ddd13680db8475678fc

            SHA512

            ca4c06bdaf8036f435ae178134a3d2d117606a3fdf123660fb9d6ba144c1b303d499dc29518ff62d4bc137d3cec9177dd7e5b6a3f22abe02b1339c99a7e97d26

          • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

            Filesize

            4KB

            MD5

            da597791be3b6e732f0bc8b20e38ee62

            SHA1

            1125c45d285c360542027d7554a5c442288974de

            SHA256

            5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

            SHA512

            d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          • C:\Users\Admin\AppData\Local\Temp\Cab283A.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\Tar2996.tmp

            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif

            Filesize

            946KB

            MD5

            fce0e8e57d87a9797f0b3d81a08c0776

            SHA1

            4a72aa0562c6bf4fb008c505ed19f1501cbbc585

            SHA256

            c88d248e006c8ed150cfca68f5a1b9ba1c2dc679001b5f2136780f42df9b8555

            SHA512

            5c08ca673c3b02c58ec3d55b2fcd719d83c718306312e1cdf70b80e8044775875dac1622655b995023758f8ebe3cb3e88e135b71882b675658557a076e45f2b4

          • C:\Windows\InstallDir\help.exe

            Filesize

            128KB

            MD5

            6a4f89674d668df1e3a77f0280713a4b

            SHA1

            908f436a6b8ae31e52ea29f992ee4e87b1836ba5

            SHA256

            6ebac90a59fa8abd3e977f68876ba3185c264432293977b1daa39c8becae38c6

            SHA512

            d321fa2ca76fca22896c6c0e835016df07dfe15089970881cc111de918ab3e66d41e9ead6a569c16b6a8e2f86357effee0e40c27d73205283c1cec9476a87d3f

          • C:\Windows\InstallDir\help.exe

            Filesize

            128KB

            MD5

            dd6030fb7c38259342f4126a9a134769

            SHA1

            10d05928aae92c22eb2349cfc4796dbff5470d9a

            SHA256

            1186da9bda4db829fae0fe40f00eaa5642541d132d3fa5b2c3b429019b54b497

            SHA512

            e8d0d58f723fd653ffbdbe0e4f9727c15bd03888508a19f6d9491ecde4fb30e9d8e734db751708feb348f43dc4fb2ba550fd9e6c52e6ca4f1d092766c6f13490

          • C:\Windows\InstallDir\help.exe

            Filesize

            140KB

            MD5

            f224613e7b89f62322a29c43e1b3e5ec

            SHA1

            7253ccf10f263c15ed45018c51da19ef7b1b514b

            SHA256

            f83781b473a464d63dd0583e75a982cbc20575a12e2ae557101aa20f95168fe1

            SHA512

            aedb137f7ea3e7b722cf680baf8efc26a263c80f64738212f3d8dee927f7b59841c1b1260c35291c2714cd33da88c5168e6892e9be9caa95520bf90c4b6895a7

          • C:\Windows\InstallDir\help.exe

            Filesize

            946KB

            MD5

            6a30b320446a423c14f5c2eb1e69bde8

            SHA1

            5eb9991fbdd44574984b569498eb71586cde8c9b

            SHA256

            9a9d814c6d40bb1f2b5b1efb69041afff09b3c41fc618bd79bb8053205a08a24

            SHA512

            ea43756d7a3d1b55d9cc86cec0bba3e8bd4e7a59a8841d29ddfc53091791c1e61e3e66c55c17adfddc510892f518685f4b4e1984ed6350191d5f85c2f9172140

          • \Windows\InstallDir\help.exe

            Filesize

            320KB

            MD5

            6fb91119e6b33310404a75f94f12f3b3

            SHA1

            946698e1c2316d0216821ef762d245ccf648a606

            SHA256

            daad2901f22dbcd7d83a9a0bab69c5b49c69414bec162b619b1a9c80fe95ec07

            SHA512

            efe1eacc80b8734e46fbdccf6fe28ba7ad57055e239dee74d7496bf1ffe67198b17f28641a0a0a8f0111d2008690905e201bdd8f90e8c6607a7c476b2f2aec52

          • memory/1168-31-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

          • memory/1168-23-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-35-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-27-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1223-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-25-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-40-0x0000000000280000-0x0000000000281000-memory.dmp

            Filesize

            4KB

          • memory/1168-21-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-618-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-619-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-620-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-621-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-622-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-623-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-36-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1222-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-41-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-39-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-37-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-15-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-17-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-19-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-29-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-38-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1216-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1217-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1218-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1219-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1220-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/1168-1221-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/2116-14-0x0000000000400000-0x00000000004B2000-memory.dmp

            Filesize

            712KB

          • memory/3044-0-0x00000000003E0000-0x00000000003E6000-memory.dmp

            Filesize

            24KB