Malware Analysis Report

2024-11-30 11:36

Sample ID 240219-1ccfjaeb48
Target 2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside
SHA256 f01909eee3dec5474a5a845deea3f8fb5502ac006f65060a7e945f91c966e266
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f01909eee3dec5474a5a845deea3f8fb5502ac006f65060a7e945f91c966e266

Threat Level: Known bad

The file 2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Lockbit family

Rule to detect Lockbit 3.0 ransomware Windows payload

Renames multiple (582) files with added filename extension

Renames multiple (281) files with added filename extension

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Deletes itself

Loads dropped DLL

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: RenamesItself

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 21:29

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 21:29

Reported

2024-02-19 21:32

Platform

win7-20231129-en

Max time kernel

121s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe"

Signatures

Renames multiple (281) files with added filename extension

ransomware

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\1F72.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\1F72.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3470981204-343661084-3367201002-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3470981204-343661084-3367201002-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\1F72.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe"

C:\ProgramData\1F72.tmp

"C:\ProgramData\1F72.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1F72.tmp >> NUL

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x148

Network

N/A

Files

memory/1712-0-0x00000000000E0000-0x0000000000120000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3470981204-343661084-3367201002-1000\desktop.ini

MD5 06e53da0b4316c41ee311e70d1c96b17
SHA1 14cb0c9f0ea632c60f80d28fae95bbe29abd05a4
SHA256 588ffb08e9ecf6807d52be6d328070db8754ce1a137719a58f5722abd2a23cc1
SHA512 0c9ad1238ba552ad4d9cf6dd8ed89d1bc0640bbc393c6c5072d85e5dd71b1d9f490d9aaa7554c71370d227827db78b3db22acd533048e844bf0140ba8cb61117

C:\7fpKwvu5x.README.txt

MD5 8b35dc9ed788e8c30c3ed8ab02206566
SHA1 3628e18728c8c4690c13c695b2d918e1d021a65f
SHA256 398ac25676ca35a2799093e964fae1ab4615285d7051db92fe2540b4b8718a36
SHA512 5f268672fc244359fd6a25065ede92c77683cde9d5f8daf55df5ca6b9dd5be6c4b200bcea7fbc8e0dccefa8c66d823015cdef5e3ada434108d34fca098325dc1

F:\$RECYCLE.BIN\S-1-5-21-3470981204-343661084-3367201002-1000\DDDDDDDDDDD

MD5 beef9c4f43dcedfb04182c60ba9a91f3
SHA1 57aee938544dc8cb69d204b4637267c245714cac
SHA256 099a0326d521c8e3332cb4f8d73c2d6d65eac71e9bd5fe8899f4713df6bdc510
SHA512 0a3fef3cf9a1d8cfcc4ab814603618513db9699f72aab7cbeb9e7512efb9c9d1c7affa649baa6391c6ff178aee131a5e6e5ef67a695106eb12c48a5b15fc4866

\ProgramData\1F72.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/1716-785-0x0000000000400000-0x0000000000407000-memory.dmp

memory/1716-787-0x00000000004A0000-0x00000000004E0000-memory.dmp

memory/1716-791-0x000000007EF80000-0x000000007EF81000-memory.dmp

memory/1716-793-0x000000007EF20000-0x000000007EF21000-memory.dmp

memory/1716-795-0x000000007EFA0000-0x000000007EFA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

MD5 953321b2b94607dbef5ec84a81707159
SHA1 2fe09b13215631282275c6625c1ead5a20d86024
SHA256 7675b9118ebaf13d6ae48f4f3148e11a50314b81e173d4d838541aaace465bd4
SHA512 304ac3760816163ccc296f3ce8b4a51556c6ff4a815cca4eaab038e3fdef7f87738a5a032c360fcb995dfa2c614ddf072acd6a93bd4f82c858bcd57a9de93901

memory/1716-819-0x000000007EF40000-0x000000007EF41000-memory.dmp

memory/1716-820-0x000000007EF60000-0x000000007EF61000-memory.dmp

memory/1716-821-0x0000000000400000-0x0000000000407000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-19 21:29

Reported

2024-02-19 21:32

Platform

win10v2004-20231215-en

Max time kernel

142s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe"

Signatures

Renames multiple (582) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation C:\ProgramData\C796.tmp N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\C796.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\C796.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-983843758-932321429-1636175382-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-983843758-932321429-1636175382-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\C796.tmp N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe

"C:\Users\Admin\AppData\Local\Temp\2024-02-19_33c2a1189c2d5716f3e89f9ab0179675_darkside.exe"

C:\ProgramData\C796.tmp

"C:\ProgramData\C796.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C796.tmp >> NUL

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.78.177.227:80 www.microsoft.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
GB 104.78.177.227:80 www.microsoft.com tcp
US 8.8.8.8:53 227.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 193.78.101.95.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 214.80.50.20.in-addr.arpa udp

Files

memory/3512-0-0x0000000002C40000-0x0000000002C50000-memory.dmp

memory/3512-1-0x0000000002C40000-0x0000000002C50000-memory.dmp

memory/3512-2-0x0000000002C40000-0x0000000002C50000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-983843758-932321429-1636175382-1000\desktop.ini

MD5 28f48e9bc1370204235f21fa0d397951
SHA1 5ae62015893f71e5bd5a6b9225ef06a1a4b81908
SHA256 294af59fd946c2367f21b4f0747ef4bd964df256236054697276ea0cea601cf5
SHA512 22442aebac854c19a63fe654690b769a67e9a742a7f6bcbd781efa2cb7a689778920e705410508bb905c5c154d385a827edc1dd6a6e93de18ae514cdee47d86c

C:\7fpKwvu5x.README.txt

MD5 5591feeb6b8425ab4538af7a9c9b2dcc
SHA1 1abc5bb79730ddea096e48b10f9a491515bb7012
SHA256 11818078762c50ebf5b9f9f2113aadd3295cb0525aaa600a8f3326eab0682cec
SHA512 41dfb2440a53dde34c4171de019b9bca1e9583f47e4acb551eb6c72140e8b428918207e6fabeb68c35e085218a07a8515931890eae16847fb48b2894a69d6506

F:\$RECYCLE.BIN\S-1-5-21-983843758-932321429-1636175382-1000\DDDDDDDDDDD

MD5 f8661091e0ecc47c7e3f384be0043c03
SHA1 da62058291f4a5fb7ebf4311e3b08639664d54ba
SHA256 4c541b2e1e2757b875627fd801db9dd3ba3eec40542e558dc7efa9f57a5c895f
SHA512 54bfa49e0741c95eafc617d9bfb3e457057489e9214aee657947eebdc870e589c8682e4faf718c564bea0a6e52104d11fbe75af8ce6345bdf2e65b605185d834

C:\ProgramData\C796.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/3512-2725-0x0000000002C40000-0x0000000002C50000-memory.dmp

memory/3512-2726-0x0000000002C40000-0x0000000002C50000-memory.dmp

memory/4040-2728-0x000000007FE40000-0x000000007FE41000-memory.dmp

memory/3512-2727-0x0000000002C40000-0x0000000002C50000-memory.dmp

memory/4040-2731-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/4040-2729-0x00000000023A0000-0x00000000023B0000-memory.dmp

memory/4040-2730-0x00000000023A0000-0x00000000023B0000-memory.dmp

memory/4040-2732-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

MD5 5e9e83f64eec8551dd41b794a84d137d
SHA1 bc5171281668dc62bd832c29b420298add9bb6a5
SHA256 54df08cab5240d8a55cd8287a56419c4023c8492b75ddbab1b580ea0377d2d56
SHA512 afd73905108cbbbb7b08df1778139d85b533b570afff75404f194744f5dd8fd33daf6e6fa6c12a956a4116478b1ba8354fa019e501eb03252658c5ce1cc84da6

memory/4040-2761-0x000000007FDE0000-0x000000007FDE1000-memory.dmp

memory/4040-2762-0x000000007FE00000-0x000000007FE01000-memory.dmp