Malware Analysis Report

2025-04-13 23:18

Sample ID 240223-a41pbshe56
Target Darkcomet RAT 5.3.1.zip
SHA256 bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d
Tags
darkcomet rat trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d

Threat Level: Known bad

The file Darkcomet RAT 5.3.1.zip was found to be: Known bad.

Malicious Activity Summary

darkcomet rat trojan upx

Darkcomet family

Darkcomet

UPX packed file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Unsigned PE

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 00:46

Signatures

Darkcomet family

darkcomet

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 00:46

Reported

2024-02-23 00:54

Platform

win10v2004-20240221-de

Max time kernel

367s

Max time network

354s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1.zip"

Signatures

Darkcomet

trojan rat darkcomet

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Darkcomet RAT 5.3.1.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Darkcomet RAT 5.3.1(1).zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1544 wrote to memory of 4064 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 1544 wrote to memory of 4064 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 1544 wrote to memory of 4064 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 1544 wrote to memory of 3020 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 1544 wrote to memory of 3020 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 1544 wrote to memory of 3020 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3020 wrote to memory of 3300 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 3020 wrote to memory of 3300 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4628 wrote to memory of 1648 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4564 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1648 wrote to memory of 4780 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1.zip"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.0.1810743050\517142993" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b9e54f-aa75-4673-9245-e9d687381e6c} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 1964 25d537eae58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.1.1165087849\916036607" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 20707 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51da25ef-2dc3-4918-b11c-b41d50113e30} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 2364 25d536ef958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.2.953311346\771657136" -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 20810 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99db66ed-09ea-4c54-9815-0b1a4e5132bf} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 3168 25d578b8158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.3.1724942994\76980126" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72b59bdc-5de6-4406-a9d2-0ff69dee63d6} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 3588 25d561f5e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.4.1636790662\2039307379" -childID 3 -isForBrowser -prefsHandle 4028 -prefMapHandle 4048 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e84160-ae5c-4659-bf73-1963bca6afb4} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 4084 25d587ac658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.7.2125379276\1418553559" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 26126 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d72612f5-2026-4c64-91c8-3e1b3cd03490} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 5496 25d59f27e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.6.965825783\2016034221" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26126 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a25a2a12-5a88-430a-8c7d-a43e4209a08f} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 5312 25d59f24258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.5.1224176288\699294006" -childID 4 -isForBrowser -prefsHandle 1688 -prefMapHandle 1684 -prefsLen 26126 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe40545f-d858-43e2-9317-32cbb08d5d76} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 5144 25d59f26c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.8.1695301244\686815571" -childID 7 -isForBrowser -prefsHandle 2808 -prefMapHandle 5860 -prefsLen 26285 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9964bffe-d1c7-4551-a10f-778aa12bf0d5} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 5868 25d59888658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.9.1514641192\306854191" -childID 8 -isForBrowser -prefsHandle 5208 -prefMapHandle 5192 -prefsLen 26725 -prefMapSize 233414 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41fa3ac0-db1d-4041-91cb-4d5b81ae841d} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 5292 25d536eea58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.10.984368524\1873300777" -parentBuildID 20221007134813 -prefsHandle 6072 -prefMapHandle 6104 -prefsLen 26725 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9c42c0c-fb32-4b7c-8856-ab01bed3dc55} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 6060 25d58cf8f58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1648.11.1652239451\165555000" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6132 -prefMapHandle 4964 -prefsLen 26725 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9abbef84-7b35-4a46-9cba-0f40491d3962} 1648 "\\.\pipe\gecko-crash-server-pipe.1648" 6148 25d5b9c6d58 utility

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe

"C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe"

C:\Users\Admin\AppData\Local\Temp\upnp.exe

"C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.11 1604 1604 TCP

C:\Users\Admin\AppData\Local\Temp\upnp.exe

"C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.11 1604 1604 TCP

C:\Users\Admin\AppData\Local\Temp\upnp.exe

"C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.11 1604 1604 TCP

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe

"C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe"

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe

"C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe"

C:\Users\Admin\AppData\Local\Temp\upnp.exe

"C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.11 1604 1604 TCP

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 wmploc.dll udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
N/A 127.0.0.1:60609 tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.227.167.82:443 shavar.services.mozilla.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
N/A 127.0.0.1:60616 tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.253.116.51.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:80 github.com tcp
DE 140.82.121.3:80 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 56bda7d7f846b25cc64592758ced283e
SHA1 920e9c226aaf32e1d32ba73ab03443e0a0d5dfad
SHA256 443106b3170cff8398bafbf5493b3278661e290b988653b160bc7e06b5e0cc9b
SHA512 1587e04a0e5e1c63f2b8267dcaed47c4c877a1ab503bf940bd08f32323391ba7ca80f4c8f8a339ee16a64564698fe3a10475bd58ca9bafc836295aa06de25a56

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 f7856b997ed9a93d71a5f26dd6040bec
SHA1 685d16b21138481e613f84b3a1ab85b1c7e8086e
SHA256 858f762a15f040a4e0b6ada00ed5fb733d84e7ad95e2a4dfaedb97af038d8678
SHA512 83f9099677408adae9f62f865ec415a7f9bd1b1986093eb7edb7eb7b15a4d1ff27b8f637d110ad21881b1d8b77a4385dc62f4a30c4c5a2ca89ac69987498ab47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\3e203e71-63c2-4c2f-aafe-3529a212669b

MD5 f74a7e913d3a61ee9dbb48099cff4fc5
SHA1 daed528b36267d294488a8590d7ba8fd5d8d2129
SHA256 ddb191ca383ce1ca397442d15a9d35b23cd85c5bc7900eab55ff0950bc1163f8
SHA512 21df080fbae534688522245b63806463e2782be24a628748b128eb7d9fddee43188555bab14e37219578fb9680e243b552073324f7a6a5adba8acefd815a37a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\db\data.safe.bin

MD5 5c3fbe707cc053207201e8a24d699967
SHA1 208cb4f401a6d74fe31708f1c869b5690886719d
SHA256 778a6343ac4b93cef5a184807876d6b8c438bab03045f26cb2022f50d17e9b1c
SHA512 63801b5b5fcb80ce58db946ed14e0ff44e9a584acd80158d91af921d2adb7fc0651a8e2d496182d2a39bd180b40864f517aebe570384171fd9e6f3a97f7f1e8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs.js

MD5 3cb6e3311d54b879908aec1deb3f5f7c
SHA1 1e5e39e29a4df6cfcdc6d3ee5eb563e2aec5c455
SHA256 86e05eed6bc435c5206fe9535eb8835a27bb9abf6fcbd94132c7eaab40355af9
SHA512 e0eca00a4d884b62426669184be1439ffb5668117b1d710bd3264ee88fb532b72c7ca6a604d27fd6b119cad27423d975e01383d3c3cfdbcc455d4f7a5c7178f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs.js

MD5 5a603d60df3cd99a65e301bf5da7ebe4
SHA1 cb5caf991cbbaa064c558f9c94be7f96b2ed4046
SHA256 0ebe1eab036d5cf545b5e150f0fa68c355420714a853a711da8f9ceae0281a24
SHA512 7ff6b73420e827f8c957ae920a307ac606da87d28bcdc01b31a74eeef01eb3e1e9e72ec3f9c1cd2d382bd5607f902cf493897a342c176b07d7637cd90cce3d32

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 91c6a0d39fac5d49fe983ce8f56923ee
SHA1 45c175ce707047e4f7f191d7ed81ad03cee14ac2
SHA256 f5fb92baaa6426dd1fa567b0df532e121eb2fab5754968788b205ab91202c49a
SHA512 098ff1abc762c5b304a8347f09697a9b77fb68bb5755944bd52436d52bfbd314c3f02a8fcb937680a6742dec39102566f382adce1f202013ac0180d4876edce9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 1fd1f8979e9e4dbb5f8c06135c4edeb1
SHA1 e3c804be5d123a76c17405d0cdd4bc5f94960e20
SHA256 77406421f2e613ad72f675b70ae6c284541586092dfcd7e5538b74a8e1c9dec6
SHA512 f0ad72717692cc4440957414711fab2705e432b6300d5f7554018161bbb003392034a3c37db2aa1f45b1d7b4ee84ce3ed73e617fb78df599a4976e44f37109c7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a4faf30f5c243a1175fa69e2e42733e7
SHA1 10fe4df5307fa487766f64037bf1d9ef854f7d7e
SHA256 9f99659a3e8d71555f84fdd7f213e3c0d121476e87edbce915dedc1c54ba03dc
SHA512 cd742f44f70fa25d1ef08c0858b1714b066a2a5a243f79103c1f141fc5f22602650e9afddef4105a9a9f33606a3ac1c561a65cf32698ed55c6ba74c080e0efdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 a70efda2c10f8c5390194b8d673430b4
SHA1 d08d65211a5a460b7a33a1dea872169f1de8dd8b
SHA256 7a88be55e5bfdcfe3cae2a6a6b5d3d703319dec8ff1704784ced8407718aedb4
SHA512 0981a8d07db7d2148d15ecf59d5b36198da7f0106edd9b79969a8128e58fe077f86703d6cbc83d0e6a30e5e22940dd54e76d82eeba2dc67b01028a85936f52c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fa06d01aa393a836770684109a87c8ba
SHA1 8d2f3d1e41a2985d74afe4cd05988f43bd400812
SHA256 250c63e2b433c6e6974dfeadd2bef06554704fc794aa5dcf83674332c5e9234f
SHA512 659dc24516b3847e66707e38fa13e2baa4c32ce2acd484ab564acb2acae41672f5b0673d867cf70adf4dd515c096cba5d0c8d8689a451ab09e970f553edb804d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\166F2232D21D568AF4700252B7B75E876BF9C981

MD5 0acedc157907a26fc2dd005f5056dee5
SHA1 388e8b1920840fbf74e620639896ae238651452d
SHA256 e55ae1b06101d1fb0b361122d9071d8faa6a21430521fae8ab60f5e27bd2bb1b
SHA512 b1f29148cabe120cc9192622201e4a7bb28274046f79d6a632036506508cfd776c051dc931e29b36ac1133623c6176b32b8ca71b834288eb8e74fb6f7809bd88

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\8DD38B1D2E458601D2CA0C084D148B982678448E

MD5 fd5a79cbf41c44cfb64e454a967e5cbc
SHA1 c62823107bd3c436698b8b434e62b221a20c1c76
SHA256 0041c28f12fc5d96032eb9590485b8a257468e9f4a6a389bac9119b934406b36
SHA512 7b6b05c92aaeca3e7cdaf54326a52b50fe25fc7e2a67d8151824cba00b2f0f5d10d8c4b2acf558f57156fa231ec9b991492a92d000db98304c4dc277096b71d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 96bd8039c87af25ad5a82132b8549d42
SHA1 0147b72c73849ab4b0131f5d8a51f1475fc82a72
SHA256 d927b22f4254bc2b6d945bc6eabd3e8e606da7914509991712190e7d5192a4be
SHA512 bfff14ca98a9fb304c408e5108be5ab8a321713ca63350c395de65e9f1e2c4bf5d4f1bfbfb4806c9dbe50cab4200875a541d04f9a6e242c1b247768bd48fb86c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7814052e0c9bf484954a1626d606d347
SHA1 1e1f371bb3d87c917bc56a7a25d724e253852519
SHA256 4d5e48a260e1903d6900e8a14579f7d79f95ebc418c4e25388c83b76e129bded
SHA512 4b4b4c3fb23684053106b1a196b038dd8ad03fdda50e3aac52a42407e3ce38768396d2f410495cb1fc972d811bcbac11cabd82a546f96305d20b60401cbb5a26

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\doomed\30484

MD5 aa6dff625840676f6c01fb93bd2919f5
SHA1 e634eb7a23167f36de86a6a6bd565a8548cad6b9
SHA256 6b23eb5b7d66b12adaba9c7a351c603e2f06f555f093672bd629bd43e2d29a27
SHA512 baffe3a217afd56ff889013eed7a102ce24d1a23dfdabfb53a00faadf78fd85c55315246a73aabd2b466d9c1f242fc7e725c10b5a415c2faca8615c17b28962f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\doomed\27828

MD5 139956949951fd9bad0395d092b1fa88
SHA1 144bf65f25c20b9e78f99ce2e083ebf9bad1c320
SHA256 01b6dc4294d30cc18e833a116f1d75d4cbf0b3013ea30ced6f20fb99af83572b
SHA512 d2ea9843d562858282ce5eca7c91c68e3e4a31f754fb2c997d3d24ffd844aaf38466a5ceea64debb715d920ff2fba8541fbf5aaba2e609bcd27f3c19de735ad6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\FA1E52BC0F7DE8161059EE49137C2F48CAA9D34D

MD5 c3ef8c6af20490a9f87574f28e035284
SHA1 2f59eedf6886f25ee0a21bee19fa637f4ca8b5b3
SHA256 a159c93c6b0081c5a2f6f351ee78965778c26f04635b3a3f4495233e2a3f3166
SHA512 9cc71ef45a6244ef58503dd2a5a7ce8c59c6d90aedf131e96f7534a96c88cbdcade4f108a1c6046590db01123dec88bd6c4acf2c507cba5189e04d64848d3377

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\doomed\30107

MD5 5229e3166d66806a4a80cd973e9ccd31
SHA1 b2bb0dc9196fed424f4336cbfd6694414a48c981
SHA256 a193ebe164409fa3a79f973aa931625cd5c99242eeea52fd1f544406c63f183c
SHA512 8d75400103dcb5329c3466fb7a22cc445d46470876668e49b1e4d06863cb8f366035a688489af63418c46eda172b65a2b6e30d2701ea6c5e3181b1489d4d1e62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

MD5 a060bc8efa748538987d5289780b9046
SHA1 5a1ca2fbe9537d83b64358cb137be0b4d3eadd90
SHA256 04f41f23288ae16941de33a83f53b42f588585c8bd7a451cb93f257c4c2cfd40
SHA512 356b45ac2968f60a4e3fd2035873c8d9c297c43fc10a89780738154ad1996b385803eb36d92323e56a77494d60b69c6fe508984dd9de2a4bab0c0d44317c9514

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\FC19325D768719C95C51CEE1229FD52299E0DE9B

MD5 063c77c7c2a17c80b35f5d8c8c34d3aa
SHA1 28ced9ee69b7256c38fbf0ef4d0522b97b7d0629
SHA256 af13f40075d0c9d3831575f4d8dfc0e730dcace6058831c8f37be4bc7b8fb0a6
SHA512 19a3872b3d53bb1cfa1224ce6326348f239c16a2f93588197f7eb2a5e6b1a967b0b2b14119c51fb835f982e30ac52dc3499e581994c9fb0ae9ae907f1ed8e30f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\DC6CB4D23713E5F558FEB0D8FBE338CC7797A724

MD5 fb648349d5aaa8ca620838a617ceadf7
SHA1 4c3fdd24aa7344f1c384d3efd55b1f7c759a591b
SHA256 e46f53d2b44d4c3b84e216fca43159b9fb556035bb33ea8cdf6bf263404a6388
SHA512 75b5b7bcff8a73c8eec82b9abd925ea628d7c8987b801f64ff1538b3e224734aea22611aea3f392ac57607edafd3b5e0e48976d02a83c7655f7d163929044c79

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\31CBC0FB99C72D0C0F984DAAEA4058132FDA167F

MD5 d1e7114e923d22a73f2951fe263ef2d4
SHA1 8980aa2bf1fa193ae7a88b7bbfcdb0ee1eb0fcd5
SHA256 65553e08895268ea0ea12bb5cb34b7556e0ec040c389b1e499f44c8ab08e5bdf
SHA512 9f221cf07e8a8399a32ff97e56d25ee638ff2eb74e64a812ec3956658918fc58b892af5821cd201f93bf6a2fff62c5f02c620b2548e3822a2ef50f2c0f230553

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0c535790182c0fa5e696d7b04ce1cc3c
SHA1 7e5f17e7e5806f07e8e9993c85f6f9196586bef9
SHA256 58b0a3686d612f529a960e5e2c53093980220447f6e978cb1d61324b3831a75c
SHA512 706825fcdb63f7f66bf290ba872f03212118bbc9c1e753bb41f3fe68e23549ee617ba3621701ebb7b58ea6cd8baa69e0b202cb404790a06e9fb3405a1643f1fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\doomed\30389

MD5 4b24b5a37dcb9855986d39ad8a9e33e6
SHA1 8d958e3f2292aa15dbb4d38c895d9610736b7a05
SHA256 8f3f8660646f0b0e80276968f48c792e140f5c8d34e62ab080fef2b1ba90bc3a
SHA512 f8ce7acd9d71e10b3fa7bb6c4bbd6abc82248885b7fbe71aeaec25fa7fa2f8086dbc5c41e40d6834df3378fe883f0b76411f5e49aa2a8f737396a1b2ccb1a509

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\6FCB1FC70468E5C5DAA9C741710D63CBD0FE1A93

MD5 b961fc16e040ee8c2b47416bf4d0407e
SHA1 4c386bbfb04213bfa10a23fff9d21a1a9e56366e
SHA256 6c7a2679f3379baea8873dabc693594a163ad647b4bcee586b6855c0dd3ab4d5
SHA512 ada06efdb57b3e19714c623e87d108927e017ba24e011d56ba6e89152aa53f279f77046ed7fe7de09ea87fb058505cc14d7d8e2f157e35aa21cf2274042f7480

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\CAB92D6BFF12C33DC97C7A6782A7B9F26D7596BB

MD5 a5cfc240cbab064e0172239a8553e3f6
SHA1 b6a48990c3f5e925ebc49db0afd530692419565d
SHA256 bf37e9e66186f985ca5e60720d519e3ec8756fdb1ebb106b47d1922af5fdf807
SHA512 f389f6f52ca07b931df70b6261b3d530f9f35216ea699ca4aada62fb37c9db36ed90e9a5606dc10ba64f2db159ef5c0748738c25283817f9e90ae6fea1dc2214

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\3AE8792A487F90E02C5F59DF2EC9D50F1CB76903

MD5 ab8ecc7c0db6db57775a101e57cbc28c
SHA1 280cf063aaf10203f3cad92bd60408fcb3e23fa1
SHA256 aba8d281b0a19a6ae2295e5e195a982c29841695fc1a354ab29b32114fa929bf
SHA512 0fa81f90b9dd3604adda46bcc964c3694fdaef234663c16bf7682eb9e646d5e7404d54c89c51cbb265a9864e4b826080a5000eedd5eb6ccedf08a881de0f1f72

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\9ECC21A4D55A8BCCFD12D25D896F26E7A4944351

MD5 295281e41297d2c356a92574da9d9719
SHA1 f3ac67e4b4bb2cb378c0739f7ca00ad254eaf0b8
SHA256 56abcc1736d9779d0a2824d18bc2bc75cb1fe1d6d1c98d3fc3cb33fc42eb98e3
SHA512 c6be5f54533731bb22516eb3f34fdac15532902684cb425b85ead6ad7b9f009c6940b31a84286fdba1b581aee80f57ef6c1584530fe8e21d9e3baa7a0867d895

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\3A2FFE5F54AC01779BA505C03A081608FDF08CA4

MD5 35ca417202f1858df3f866032176906e
SHA1 6473c97d94ac5c75a27019844edb8f6607c4ccbc
SHA256 e178bdaf535a11879f25a112d0f809593801528429f81d763b46d9eff40380dc
SHA512 b741b4e066a2abe5cda5da2b8aae526e8393c23f4b00bd55b473badf96b20855a3656183c9d62bf8086be473e23e199f78d6ea28af1ab0f1eebe6ef04e067b3c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\B514093AD97EB137639E70982E6CC2877881F842

MD5 327513beab2dc50d3230074f5367e871
SHA1 fa88fd9dcc6bc5ae7ce62300175cb659a6e1a597
SHA256 43485fe79b02b6ae5bffce527383ef9651ea7b6effd0daaecccfae15f82968f7
SHA512 91b067e3f452311fd06ac7576e4f9ca1f73b3ddb4c7ccde6795a7d23605007941e32d90aac366e9ecd8d96ce46ef4a1ede2013c1db66deb78fd4992f8c8695f8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

MD5 574fb5461e8b10aa50912d77a414bec2
SHA1 9f1cb67ad317b1e6b90555d6b04f7eb354f7d6dc
SHA256 3b5d02f3cdbf6a15e5ffa447ba9cecb66ab9433c3aae5d182217d1fa6257a131
SHA512 af8aecc64a6dd72fac2175e599113eed255b3d813de25f73e29684149f1b8b0d48c219af19bf1be0400a16ac165bb0ab79b3944d16ec60411a0eeb4358d715fb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\6F7B85B53B51C577629A6BFD87C672BC0CA9938F

MD5 b4bb9612f59cfc174da857826030b26f
SHA1 c965029b9a9991aec5a240e53ba01a935a35a4dd
SHA256 afccc9c428b2339697c50dc3300798b5c521442675d59625ed03991cb16758da
SHA512 cb995792cbc2cebd9eebd6263fcef1a1bfd21bd55fac0411ca01c6dfa7a9fed1c03b97c007f4594d0758ab8c19925b12e470d225b630c0d1fbbe1f657ef2de2d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\62398C9E66A67237436AF87C137D53A3CAC1864E

MD5 deb0bd4bebe0c3774e421caf10c44aa3
SHA1 4b0a7849fbce4b178417089909553acb23bab3d0
SHA256 b19e70db4923d78a01e763e803f273179519d4d32f23a7b6ca642000b8380d73
SHA512 8358da05d2f8ff769a88cae13544886ce8325b99ef5eb61b9cc4c4b657239285833409f2ac5ffc9a43cd3a2bb7c2ec3e5ab4e3fc3330cd123c1d37837109fc75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\jumpListCache\AI7ERT_zFRP0OJPLp6oxyA==.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\D4AE140C6A1CBCD408C875F92AABA0DDADA52279

MD5 12106ed32521c7da5b2db209fa3a82e2
SHA1 d000ead65f050c09f88d69e600543d8d595ee6e3
SHA256 46a74786e2f1a56625728348fa366770a9b8fbfc26d3feb1b148c1bc1f1af128
SHA512 131963d034ce6a90d7bce299cde5c997ca3b04662d9b24a4576154a7a0c73e5370a885506436689759162eda243f585ba72d31910fa1bf91ecfc383c9a121576

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore.jsonlz4

MD5 bbb9cc96029d4599d7a5b172d18a634a
SHA1 e4355e1ea4bab67cf1bdaa99ef264c14cd7f2176
SHA256 78e339c07bf7a182d2e41b756a4784c0ca68f39ea30375d1067e368ae6c8df43
SHA512 b359658bf2505a04c6294210923e062751fd1d932816bf85017a188a88f89a307bd7cecbe3e3f63858d041ea0cbfcb604740bc9a98ff91fb64b7768259743310

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 e431bd12c94c3abe7d2e0521186e7013
SHA1 9de84554f74732fa53654bae344ed43847684c8c
SHA256 e797594e1092b6e306b632fef8d5508cb799cc7356cdf7d20ef8d8de0dba523d
SHA512 c554a0a50cac57607ecfab8733bdc97f607d52d6f60f7bfbb5c7eaedb47ae4e4a76d38ba8ed3669a61f7600711065280a13ffa8feac94e4bb21db3bacbdf92f3

memory/1564-927-0x0000000001180000-0x0000000001181000-memory.dmp

memory/1564-928-0x0000000005B00000-0x0000000005B01000-memory.dmp

memory/1564-929-0x00000000068E0000-0x00000000068E1000-memory.dmp

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\config.ini

MD5 0a5baccb60ddf613c9ef2b18e0b1863f
SHA1 39bb75213fab1a7b9ab51089ef54f43086d8b1f3
SHA256 21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e
SHA512 b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b

C:\Users\Admin\AppData\Local\Temp\upnp.exe

MD5 13804f8dc4e72ba103d5e34de895c9db
SHA1 03d7a0500ccb2fef3222ed1eb55f2cbedbb8b8c5
SHA256 da659d8c05cfcb5f0abe167191665359123643000d12140836c28d204294ceb6
SHA512 9abb98795a1b1c142c50c7c110966b4249972de5b1f40445b27d70c3127140b0ddaaada1d92297e96ffd71177b12cd87749953ffdcf6e5da7803b9f9527d7652

memory/1564-974-0x0000000000400000-0x0000000000F67000-memory.dmp

memory/1304-976-0x0000000000400000-0x000000000040D000-memory.dmp

memory/1000-978-0x0000000000400000-0x000000000040D000-memory.dmp

memory/1564-980-0x0000000001180000-0x0000000001181000-memory.dmp

memory/1000-982-0x0000000000400000-0x000000000040D000-memory.dmp

memory/1564-983-0x0000000000400000-0x0000000000F67000-memory.dmp

memory/1564-984-0x0000000005B00000-0x0000000005B01000-memory.dmp

memory/448-985-0x0000000000400000-0x000000000040D000-memory.dmp

memory/1564-986-0x00000000068E0000-0x00000000068E1000-memory.dmp

memory/1564-989-0x0000000000400000-0x0000000000F67000-memory.dmp

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\config.ini

MD5 08d94899e3e3992a363d43dd9d96b89a
SHA1 008f100afcc2b7a5bd27f611bf3f83dc89891b42
SHA256 6b47a34125286bd63e9121de228cba42e861f847c1979825a4484613ea24eed8
SHA512 25a22fc0204687479e169903d1829e7fb95e57991979d77ee5c325830367742fc5de6759a0025db80ba2da87cf0fc93134b9fc0e5dad6ee8261ca349c5cd1c4f

memory/1564-1028-0x0000000000400000-0x0000000000F67000-memory.dmp

memory/1472-1029-0x0000000002D50000-0x0000000002D51000-memory.dmp

memory/2532-1030-0x0000000001090000-0x0000000001091000-memory.dmp

memory/1472-1031-0x00000000059C0000-0x00000000059C1000-memory.dmp

memory/1472-1033-0x00000000066A0000-0x00000000066A1000-memory.dmp

memory/2532-1034-0x0000000000400000-0x0000000000F67000-memory.dmp

memory/1472-1073-0x0000000000400000-0x0000000000F67000-memory.dmp

memory/2968-1074-0x0000000000400000-0x000000000040D000-memory.dmp

memory/1472-1075-0x0000000002D50000-0x0000000002D51000-memory.dmp

memory/1472-1076-0x0000000000400000-0x0000000000F67000-memory.dmp

memory/1472-1077-0x00000000059C0000-0x00000000059C1000-memory.dmp

memory/1472-1078-0x00000000066A0000-0x00000000066A1000-memory.dmp

memory/3868-1080-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1079-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1081-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1086-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1085-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1087-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1089-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1088-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1090-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp

memory/3868-1091-0x0000021F6FB90000-0x0000021F6FB91000-memory.dmp