darkcomet | ace79191841e2cef9a1b173291a601aca640efa1c973509b05947361ac963ba9

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperV1.24.exe
Size

658KB
MD5

3ee0372d64df6ea69e4b0fb4fce81897
SHA1

b9a7f1fea7171003b0aa657f4dd850583fd07cf0
SHA256

ace79191841e2cef9a1b173291a601aca640efa1c973509b05947361ac963ba9
SHA512

992d8fcca00089d45f1a196193911e68454c45ce9cae1e899cb0f7f00f32a325d2879f28d57585180e52107eeeea5490d20c800e6c7621f0b712851dac79c6a4
SSDEEP

12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hg:eZ1xuVVjfFoynPaVBUR8f+kN10EBy

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

onsj8tw.localto.net:1604

onsj8tw.localto.net:4441

Mutex

DC_MUTEX-X7H0HND

Attributes

gencode
3oxLrHdzjqV0
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Modifies firewall policy service 3 TTPs 3 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	BootstrapperV1.24.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0"	BootstrapperV1.24.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "0"	BootstrapperV1.24.exe

Modifies security service 2 TTPs 1 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Start = "4"	BootstrapperV1.24.exe

Windows security bypass 2 TTPs 2 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	BootstrapperV1.24.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	BootstrapperV1.24.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	BootstrapperV1.24.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Sets file to hidden 1 TTPs 2 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
4248	attrib.exe
732	attrib.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	BootstrapperV1.24.exe

Executes dropped EXE 5 IoCs

pid	Process
1348	darksa.exe.exe
3600	darksa.exe.exe
1960	darksa.exe.exe
904	darksa.exe.exe
1524	darksa.exe.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	BootstrapperV1.24.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	BootstrapperV1.24.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	darksa.exe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	darksa.exe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	darksa.exe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	darksa.exe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperV1.24.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133726937786387541"	chrome.exe

Modifies registry class 28 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b52a8368d7e4da011af47641e4e4da01a4516678f117db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2668	chrome.exe
2668	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe
1000	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1228	BootstrapperV1.24.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1228	BootstrapperV1.24.exe
Token: SeSecurityPrivilege	1228	BootstrapperV1.24.exe
Token: SeTakeOwnershipPrivilege	1228	BootstrapperV1.24.exe
Token: SeLoadDriverPrivilege	1228	BootstrapperV1.24.exe
Token: SeSystemProfilePrivilege	1228	BootstrapperV1.24.exe
Token: SeSystemtimePrivilege	1228	BootstrapperV1.24.exe
Token: SeProfSingleProcessPrivilege	1228	BootstrapperV1.24.exe
Token: SeIncBasePriorityPrivilege	1228	BootstrapperV1.24.exe
Token: SeCreatePagefilePrivilege	1228	BootstrapperV1.24.exe
Token: SeBackupPrivilege	1228	BootstrapperV1.24.exe
Token: SeRestorePrivilege	1228	BootstrapperV1.24.exe
Token: SeShutdownPrivilege	1228	BootstrapperV1.24.exe
Token: SeDebugPrivilege	1228	BootstrapperV1.24.exe
Token: SeSystemEnvironmentPrivilege	1228	BootstrapperV1.24.exe
Token: SeChangeNotifyPrivilege	1228	BootstrapperV1.24.exe
Token: SeRemoteShutdownPrivilege	1228	BootstrapperV1.24.exe
Token: SeUndockPrivilege	1228	BootstrapperV1.24.exe
Token: SeManageVolumePrivilege	1228	BootstrapperV1.24.exe
Token: SeImpersonatePrivilege	1228	BootstrapperV1.24.exe
Token: SeCreateGlobalPrivilege	1228	BootstrapperV1.24.exe
Token: 33	1228	BootstrapperV1.24.exe
Token: 34	1228	BootstrapperV1.24.exe
Token: 35	1228	BootstrapperV1.24.exe
Token: 36	1228	BootstrapperV1.24.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1228	BootstrapperV1.24.exe
1972	chrome.exe
1348	darksa.exe.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 3672	1228	BootstrapperV1.24.exe	82
PID 1228 wrote to memory of 3672	1228	BootstrapperV1.24.exe	82
PID 1228 wrote to memory of 3672	1228	BootstrapperV1.24.exe	82
PID 1228 wrote to memory of 3612	1228	BootstrapperV1.24.exe	83
PID 1228 wrote to memory of 3612	1228	BootstrapperV1.24.exe	83
PID 1228 wrote to memory of 3612	1228	BootstrapperV1.24.exe	83
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 1228 wrote to memory of 932	1228	BootstrapperV1.24.exe	85
PID 3672 wrote to memory of 4248	3672	cmd.exe	87
PID 3672 wrote to memory of 4248	3672	cmd.exe	87
PID 3672 wrote to memory of 4248	3672	cmd.exe	87
PID 3612 wrote to memory of 732	3612	cmd.exe	88
PID 3612 wrote to memory of 732	3612	cmd.exe	88
PID 3612 wrote to memory of 732	3612	cmd.exe	88
PID 2668 wrote to memory of 1060	2668	chrome.exe	99
PID 2668 wrote to memory of 1060	2668	chrome.exe	99
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100
PID 2668 wrote to memory of 2768	2668	chrome.exe	100

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion	BootstrapperV1.24.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern	BootstrapperV1.24.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern\NoControlPanel = "1"	BootstrapperV1.24.exe

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
732	attrib.exe
4248	attrib.exe

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.24.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.24.exe"
1⤵
- Modifies firewall policy service
- Modifies security service
- Windows security bypass
- Disables RegEdit via registry modification
- Checks computer location settings
- Windows security modification
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1228
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.24.exe" +s +h
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3672
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.24.exe" +s +h
    3⤵
    - Sets file to hidden
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:4248
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3612
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
    3⤵
    - Sets file to hidden
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:732
- C:\Windows\SysWOW64\notepad.exe
  notepad
  2⤵
  - System Location Discovery: System Language Discovery
  PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdf291cc40,0x7ffdf291cc4c,0x7ffdf291cc58
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3652,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5176,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3032,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1244 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5356,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5248,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5376,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5316,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5604,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5676,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5628,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5844,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5784,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5748,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3036 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6292,i,8349025706514296179,6266293218645986208,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:732
- C:\Users\Admin\Downloads\darksa.exe.exe
  "C:\Users\Admin\Downloads\darksa.exe.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1348
- C:\Users\Admin\Downloads\darksa.exe.exe
  "C:\Users\Admin\Downloads\darksa.exe.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3600
- C:\Users\Admin\Downloads\darksa.exe.exe
  "C:\Users\Admin\Downloads\darksa.exe.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1960
- C:\Users\Admin\Downloads\darksa.exe.exe
  "C:\Users\Admin\Downloads\darksa.exe.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5100

C:\Users\Admin\Downloads\darksa.exe.exe
"C:\Users\Admin\Downloads\darksa.exe.exe"
1⤵
- Executes dropped EXE
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\170f4f60-fef3-423d-9660-bd03fcd33daa.tmp

Filesize
212KB

MD5
313c7f261d864dc49905fa6cb18a4b59

SHA1
4d3bc322ef753f2f25fbf1d40b4790b5c3b9dba5

SHA256
b7cad2c7790a688b338c743f6ea3f10346893589b0771ac6101adf70c65efc9b

SHA512
4fc1f473dc62797e271684acad8d402d13770859de64c0dc117a1b36da9ebe6d95a7be79b1678f104f2c4462adfc3c9778e474912babdca1bfe75f1db183152d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d2a74d12d5678d638ba491bd0c5e4367

SHA1
eec5a495acbf0db883c337423a37d207ada848df

SHA256
cf11e0beb2df80f97715764f76fc39ceecf65b5404d76660c8d6c4f7d23b0d49

SHA512
6492ad66931b4ac62a585a008a430a1c995339c83e878b79904876ee396281630b455592606d46da693e0735279bbc4db994b6260806a40437b3b307846d92f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
100KB

MD5
8021f32298d307a82aea4fa49b377e4e

SHA1
360ceb457333876cbb5212a55660437f2ab690c0

SHA256
3065f5c8895fe76440673e388229baa08044002d07ed09742d12f123aea147cf

SHA512
9c0097808ae6aedcb3aebeb2cdb6efdaba8d1e143519db7a206aaeaa1e261d638b62157fb23f424d1baf97f9c99665d20a243b6d76baf5aec7331fc83caf501b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
80KB

MD5
213d0f17cc3b036eba7e24ef5ada351e

SHA1
9313404fb5bc6c425f4c379761cce94e633b1655

SHA256
84312297706084db49e93a0f2b7af917246e04403cc8733fdc266d0489f64d8c

SHA512
fe94cb04aaecfbaeb29db1e1618c437413439eeaa2028475ea1b4646413fa3532e554a155ae8847e52d342ffc9d8d055de57d7ff3da04de9cebbc086f72f6985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
82e442af49fcc4acae0b3dc5f6e3e04a

SHA1
42d37687ff9d4ec1251ec81a8f5b1e9cd4e847be

SHA256
57b4160587aaf5608e594247ae4b335ff65cca6db2a15bb66d83c46e267ed566

SHA512
63cff4028f6ee0a9dd4cafa89302ad95ea4a9627af1d125ba746b0e18012ebf83e579b43a2c10b7d241243ba96c04d2d5d150e2e599929e16fe91d7de253de21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
dc775b69f7ffcb0fdc786d39b0dd279a

SHA1
6f48d49295e2db3c208acf9fea40e48ad6143eb4

SHA256
75bd78f096e92fe2abf9767fd0cad51422cf292a48329d95a4429dbed2258daf

SHA512
d1f3fe9ad2df04e039889bba841628acb12e8b5656d2077480a1009ed5f9776622cae7988a41ecbd762d0e4db3d48bccbd459f835f8f77ea70a8416a62fee46d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\10375768-11a3-418b-b98c-3b0367a8706a.tmp

Filesize
354B

MD5
77903bb10b63d8e6404b392bbe99b994

SHA1
c0817e0f5f641ada93b2f51418e35a8af0a6d20b

SHA256
70d33a704eefe3e1488e80208be8f450a4c840ca1c5d1eb21dab4ee3ac5eaef7

SHA512
5f180dcccf51b5d6ff9f26ab6d8c295bde22bf1dd557c09bb48f8c0c1d5d6ebfe753fa548f5297187e162d3875cd2d32b0048beba26821f97acf65608a1005db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
fc4827c7892fd3c1ef34e731ac81799f

SHA1
652982698b4c78c6087b95899b084bb6a66b17e7

SHA256
7d7069ba32393de2358ed4181caaf49e4f528e88edfd9882d724f72d0cbcc033

SHA512
173b4786bbb492aee5c7a7bc34066879a03005d09231f1c5fc3df2820cfeb4ef2059922a052b5f6d5155b3c1251b7ae22567fb1d18e4655d37d1e96d442a599d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
34e2d7f9d1252098792f2ec120d364dc

SHA1
bdaecd5277a2dc5718974fbfebb8d5ef733168eb

SHA256
33cc9c9dbe4283bfc11e53b18b69440c9b27c95a7d36969f0bf6b99b62fc6f3a

SHA512
7c5edc9ed3147d3403e6dc0f86a18e61e3c9803466e5a2e01a60c5ec091c7c14827e9689ffc2fc33a1c42ba60a8c8e70e86f69171a021640eb4d9aa36af4cf24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e6dfe7a13cadb2cdfc2b2f393b1ef7f0

SHA1
f4cd9758e1eefa012ad00123df61fec0d919d077

SHA256
dbc12e735326b9b5b0b90da37ccbe99bff6e5e087d240f32282318a9ac17ea82

SHA512
5ca0026202a0a2795001c569eae849135a2110367d6885af65ca79f32709d9dd8d7867d3f1b23427358833f5caa2b5447817fda90f315475d24532282c13a535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4a2d04e94c5ecbfffad45d11bbc7f51

SHA1
d84aeabe84df01a7472ce2bca35d723e52ab42a6

SHA256
0aeaa0ade4ab23fd7fd24d933c42ccf34d4e38e10604faae47ba514e9337d5ad

SHA512
6ad912c6099a91ac326667c81d23f03a81f839d6a1e746c7f0e241882603559a36875c5c35194d8ab074ed4c6f11d698365d579fc35b3d334ca89fd7669d8079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6e17b550fa9843bcb1c39972d0b8c816

SHA1
8180dbdec2e04522caebe3b7003585afb88c838d

SHA256
7120fbec8407f5a0a234d165c1014f9c92fd97fabf78932daef7da4f05ff4f1b

SHA512
90d6e2315266ff419cef60a04e14c51b825070144bb496fd07740df80fa7c2cd1493d8dbda4c7d30c114f2b521ee24dca649dee896968211a780fc4180f556e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6bf8476b8b9d32fdbaca212dfa2fd6fa

SHA1
5fb57234d45218b889e44870bd1bff51bb9cc45c

SHA256
a53eac31c7fa5549937d184d3620a2172a448d49806cca2c976d87fbc16135c5

SHA512
f20fa13d8a3d9a17cecc7f3ba0637e44ca4bbd5123e51856e7e7e09195445171c140418bd42ea2923109bdad9ddc962ef3fdc09ca72b27e7e9da8479beddb35c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c0fb486e23550b01eb6d93dd618f264

SHA1
01a3ae8f1cd76b27e15bfd328675cafd864ef6b7

SHA256
dbe570418e2576162dfbeee17ddd95b37b20084c84c285179cba228a227e30f6

SHA512
0a8a20fa67f722ccab98c8cd7e34b7481c8e79b054f381de1fd07b0984b3540bf6af0d84f91afc912cdbaad9a2f73450f4196240753a446d653fbd95b40f74a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da92c7e2fef2bc35bef116579b55c2cf

SHA1
9b58b2b1f596c99f7db6f44f391ade644d5247f0

SHA256
8c3849bd49a9e3eea71a982f49233dd8fbd7d1d51bc9ffc72c086155f2894a52

SHA512
0584e8f61bc3bedf335db27e31d53342100c35feb3ff9d27c3ed9a6c7d634b1a6250a228cfd7b2f97114689ab67aff1825c9beb0459e29658c0248da9f8690c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
805164b7cce0f10e4115ac593c5ff3d6

SHA1
c2f92ac11691c6c03da09853ca88d04bf189305e

SHA256
02217440bcc7de9886811239b7593dbec1f3472f90bb3f8dd3c491d6f1eef845

SHA512
c662d7970fb4b927b4eddc75557d484b41b74af67c2131e7a0d87933ac027db83e543b6efbf4f8f64ae87dfe8b860d1f542ec5706a4c10be723bfb82fca2704a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
688cd57079432431d962dfb894d7d27d

SHA1
9c4bf02a7387e4631f7e933b9287138ac1ba6ca7

SHA256
8406fea5b254ea258e19071d626a1261078ea444972ae8cc24309f900b2a35db

SHA512
a1b3a21de4c8b9422dd4f5202bb1a2dd91845f4d060171190f636fc72557488dbed61aec403aecc87e0739f010480aad90b4faa81309e4a85f8395cbf23c83dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5352743f86b08b692234293e2528ab37

SHA1
a8f3aecdd2cbb26f6ff2c04c90d17407dc78ec75

SHA256
5b82d445614900d1adac507c88cbccb663106c7a50beb011be88b5eb50fdde54

SHA512
a36ac7c03b8963fed90c417516b8626e44e6c08e6f646617d26a21050163fb1fecc038a6c565a0f456b0bf7116eeffb9716fe128ebd3d6f2f6f587803fafae8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
278939b8e2426d4f892ba1ec211d88c7

SHA1
f4632491087d1e88caa7f557dd63846e4ef06d4f

SHA256
6d27ddf77adca5a266cdf0b33ebb3d260617a7803ca4c04c47d50d4b486c4914

SHA512
a0b926f89172b31e26a53b885212c9fe6983ba503db8f5cadfb13468684bb911d3d62112839fa652e24fa7641380591cf35e7ac23164f8eac420aceeb54d2df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0849a9c0d5e639cbcb7fb17bda0bd787

SHA1
a2d90c7102e5675d9bd8c992008be378e587d720

SHA256
4095530c34ca1ecde5a555a5cb7f042b48d5752bf7f8106c0a871416227e24df

SHA512
8f0462ce5998b382ded12fae1f51b56ea8087e552804897d05dd980b116999505b16d5440a53b77d96bcde9584d69d71ab559a514c40759b872c4f804be0cbc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2681e314ae1d0a32278a1bf27b33d736

SHA1
6120e271f8739ae3a141f0272deaa830ae9df3f0

SHA256
db5de402f92bc1d69f86b6891bd69d9c9b2615b028d2e6a026d0a316b1a66244

SHA512
7a63d009b2a9cc8ae159e77c5120433ed992fcda0c9579e7102859ddaf91893aea5c5426b936393885422b12c0a047a4a62e8bd4cc8303361bcee264b2cdd88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a89bcb3d633373adae3d2ec76a90826

SHA1
fae6b8544dc59ddb630b4a032304e84537d28dea

SHA256
870dbc7996a266764b4c7e1f74ccc4ade88d26d6728d952acd10d01a2fb2095d

SHA512
9ea8c283a8faf8ee3b58dcbbd81465eb35677f013e8ecbc8459e439e7039de29e402be31de33d02507d0d1cecb2093263312a5869565c49a86225b001d7ad577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3d6958a6755ce17ecceb9d81e1f110a

SHA1
a712dc686f5445de163013e3737c89295ff5191b

SHA256
e1c43621518f401754982a86a61939cd8026a47b936ef086703e7a65674d0e66

SHA512
d10d439f9ebd2e8e832e9a88071a452a8f5f083be7423e58bda0a8111d02f49e4b911214af12e6295cd1efb96e1b6f7c9d226488164e03f6393dee2827d7fa0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf5aa4ec0558b0ef9ffa6843cbc2787e

SHA1
f40b2ede9e5029e197c3f482f5a2e0f3d54d3ee6

SHA256
f12800d5ef4ff4d559bc5c0275bbdde4497614f85fdfa8d4de162454a03cabe3

SHA512
eeb2719583dabcc30ee41c685fd97a601fd78c0db38bbc8679348b74d61aae5bee9239b270920df10feb4935fad76364b87cca764500d7b7f86cbaff343dcefc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f652a2b62a3f393091ac2f5d032ff741

SHA1
aa9bd16af9a89de0a5f67f1a432149045352b8dd

SHA256
a4cfd83149936244805ca345674478887a021d12b238a569c6fb83ff822515ee

SHA512
e73831f93a2fb841ed4601dfb5fc604d61209bdd33e23db414720be7a18eb7ffe0588488cd28d9972c0bc04a11261b5d2f31153d9fb7b93724baa57676afb753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5b70de7a70031337717d0e9b33953e2

SHA1
c8ba2394cf896d0c5a78d0b28e504b068478fe5d

SHA256
9652862eca7878dd756817e764f814784d551bf26934bdb68634b80e5dc8cd4b

SHA512
9eddb2a01a1c7618403af5710cfdf63e21a910765711631c27cf13f1c3c5c639c2914f5b480690937cd0368c8dec34d63a7f2ec1ee96b551f8706b9bbbe69db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
712073afd42adc9ee108e3c19c6a55b4

SHA1
0f1f57b8408fd2699c59ac6ae88e91698fcf2e57

SHA256
a92c443ca7ad8425b3579bb4d95557069c886c22965ed84e282cb2a9dffbba86

SHA512
1c910686e32f4fa2918be9f8130ead103aaa67166dacee96326a619906cff6a77ce5f23154be32fbadcf26bc85059bc1077ed2a052eac2dcded6fb2a6213d2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa63f610ca04fefe03f5e115ee07403c

SHA1
085b900971f683d943b38f581f731e9e4be1fb58

SHA256
f6eb34afd557bb52714ccfd45cba1c745649a4fd0c9ec640ab70574f3daa62d7

SHA512
383a3ccd3595af1e9a11f184a89377825a9c5e0cedbc2a2d056f1ac947689d3f149d12338740d5f7e980da577937b5f3b63c1e021bcb22df848f0a1e1f7615de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed4ae9ea7c178388dc9ef57beedfb736

SHA1
6c8b68bae20a29c7a9980b6e6ba1754fb04dbac3

SHA256
1d4f01ede07f2d07c59672b6d53eafeb240c492b6311e61d476215db7e00e9d9

SHA512
06d474e01bad58bf5d9424217bbafc99a655d508342c9ce3dd24f6a81a55d347a948afdf95935414b6f933f514f4c7c45f1b2e7c7db3a2e8fb8f9cc80f42d2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d39d18c5acb59a184dcaefc24464daaa

SHA1
23b5781842b7126758365a9fa68640912323bec6

SHA256
c99e2fcf8ae007ba51dfc7470e71832f505d34480c9e6f647c4a9e0f8a43b9e1

SHA512
75943de5e65ce10ac8e94fb1b6de54ebfa525f7298d90518a80d0cfdbc5d1743c0476c67e7d499205582f3e15f020c0d0e861703a827636d5dc0af199ba50299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e0f9e09de93abd9760325343a3b2227

SHA1
931c804cc3ea9d83c225d06887b90a23ceeea049

SHA256
227bad47a256321505a19fc41de45569eb1bcb9cf94901bc8e487df44773bc6a

SHA512
616d161f8e500574e5749f119f50486200168fb5347e40dd32e5bee8c1956fe56f84c05a84ee3a896657c40f467a27e1614653cf07d73549cf4b9b55fd8ea1cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
228e6235a604bf55c7f2e3021c6032b7

SHA1
dba3178022cb6f8ef72eb8414bbe308c9b33713d

SHA256
8827ef198520a8f258764203d8eb512d071305d42e0e7aa91fa5e9559a524729

SHA512
185a84e19584ef9afdffda5976a4d7640a6db93144243f4dc55c437b96a8c1c64c91ba20aad4a0d5e72cbd9e8aa8cdeeca4d529d0247747422da76c57e51901f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4df437743306fbae5cb6b1bb401fe150

SHA1
9cdeb7561da50e5e5fb847698162e0f8a67b276c

SHA256
c9f368ca79524d731d451498e5885d6efaa3c9e39468af59fa5258550666337d

SHA512
ce3e843e76fa83d375011b504d1cc314240300c8ac698bbc2c90a637ac7743d00201f550ba9f02aba958546c96b22ba4a9dd6115744c6af70646e6bf7869eb56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
50272c3be5c6b13dee44cc5d8aefda2e

SHA1
c1155d5afb1451030aeed7fa0c35869dcd0e0546

SHA256
639dbf05822ba9fcf192e78a368a25fc67cf9687e72626fe3e1e9d8a5519c23c

SHA512
fd6bf669477b6054a4b813d83535f2ef95de284810fce3f5da02cf463c10e4484d422a2cac62476dc9855d078ffd1292b8b54e988efce3708ccbc6878dbdc6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e4ca0bed-8500-4132-86b4-6c1d9d06a2ec.tmp

Filesize
9KB

MD5
4d4cfc8dfdc348d9189a80581abbbf0f

SHA1
479ea54371ae103457987ef8224d771d934a6237

SHA256
fe1918fe1e9c819ae4a8d063c5e7a6ed93a5f1dcb7abc25ec72b76a24f5bf3ff

SHA512
a2cbb6789b482e68444c974528eeb5d6cd5f9938aacd3db68f119ddffc8c6b2f7fb5d44062bcba5a1bf368518dad956b121325ceb207ad52ee5f668ba5ead951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
6e06aeb39cc27f8ad724d58cd41c4769

SHA1
36cf85610e3dde0e6b599a874dc5328b02ae5c20

SHA256
28ff0cd8e3cc3a3550ec91c3d10e883ee09c1d92f45c53426aaf69f00a888040

SHA512
c80d5342a35f6bb1f3195f0a8e80fd7f99c319d052dbb5dfadba476e88757232f9293416144b13a74647ec128152c1c9c42c3cc6844dc5bedd40d17ba42b938f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
99d3c09025c6e9b482ef11c966694f6a

SHA1
135f5813a3389a25d78d29df5bbdf8e4a9ffdb88

SHA256
4feadf583882dd22d2bf47125f9650e342fd4be8e2f776080a5a59dde1364c0f

SHA512
cc9c8fa98acbf56f7e30a7feed22e65997e5071402a992ce1fa2fd2ecf7b6dc2a5d4bb614f961cc8e8cb49ab9494212c2088abbe5745a45e3a2fa42c13fc9fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
4e59c3883808f64e81d3b081e4e79691

SHA1
42ff357e54e400f6e05c31131859876ab353df39

SHA256
17b5c931f3fae3230343ec88afa8dd2f3cd4908a5e98eeedabae7141d0c81b61

SHA512
b9546c866e4fcc09f43e40bf1830dd2d4c609dd435cfe0cf4141b13f6e8819fa5b8d853f1394299b2df6dc8242d5a8759e000e12c959f230e40b53f7c64e7512

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 535962.crdownload

Filesize
756KB

MD5
cd9998c9b47108f0bc723268bec42718

SHA1
e02d89685fe09166e5ad08abdba3458abf552124

SHA256
a12826ef8fd70cd03fa2b6385fe5d0d2b47f19fb559ee1958143278936da26c5

SHA512
a1ecaebb6bc5642ede6c992f22278f1a4fd887f4d2e4be57fee2d667fb618a01f126373c854e216afe42888aa74652aaeb6ffc0a2e27097729f9e434a74f797a

Download Submit
C:\Users\Admin\Downloads\darksa.exe.exe

Filesize
456KB

MD5
7948ef1e0367da9f54083f25eeaaea71

SHA1
0055cb841fcc44f2159629634f0c53a1c29e92e0

SHA256
d8784278d3ddff9aefe52b795045569fd03f9d1f432b95fb66e42745e9046e02

SHA512
e2e11647e74ff511352e27bed678546a83eb9336f30fe4b56fb873e692d2f65b5659cd3b80ca6699c9ee77c1ea62659f450aded79ed050668cd026cd26c6c637

Download Submit
memory/904-532-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/932-1-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/1228-77-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-517-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-0-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/1228-205-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-456-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-96-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-66-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-411-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-117-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-379-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-320-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-436-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-195-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-3-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-194-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-132-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1228-2-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/1348-533-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/1348-553-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/1960-530-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/3600-519-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download