darkcomet | 2c010bcae341cf1003c194a4b566a0cb0c8dff2443d2f9fbd9e7a2d9abc8af6a

Analysis

max time kernel
89s
max time network
317s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29-10-2024 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OptiFine_1.19.4_HD_U_I4.jar
Size

6.7MB
MD5

2e58bf463ec7e9964fe381a5afc17da1
SHA1

40a44c00d4f06ba82e97b8eb71aab3823f4e9d93
SHA256

2c010bcae341cf1003c194a4b566a0cb0c8dff2443d2f9fbd9e7a2d9abc8af6a
SHA512

94d0673370168322cc6ba5ae7bc9ad5d5c4246aa10f8929239dedc25639255c807c32ea248ee751c42aed9ca61cf37ab391d7d3a9ba57bc643e091c9ef4009d1
SSDEEP

98304:+4T54pxq3gbAuFu0Lw6jEKuBj036dh1KyMH9vPMDNgPjDbHA:+4TCxq3gtFuiWKufdh1jA9H7LPg

Score

10^/10

darkcomet discovery rat trojan upx

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Executes dropped EXE 1 IoCs

Processes:

upnp.exe

pid	Process
1984	upnp.exe

Loads dropped DLL 2 IoCs

Processes:

DarkComet.exe

pid	Process
2160	DarkComet.exe
2160	DarkComet.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/files/0x000500000001d9c8-522.dat	upx
behavioral1/memory/1984-530-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/1984-533-0x0000000000400000-0x000000000040D000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

DarkComet.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DarkComet.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

Processes:

ipconfig.exe

pid	Process
880	ipconfig.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid	Process
2700	chrome.exe
2700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

Processes:

chrome.exeDarkComet.exe

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2160	DarkComet.exe
2160	DarkComet.exe
2160	DarkComet.exe
2160	DarkComet.exe

Suspicious use of SendNotifyMessage 35 IoCs

Processes:

chrome.exeDarkComet.exe

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2160	DarkComet.exe
2160	DarkComet.exe
2160	DarkComet.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

DarkComet.exe

pid	Process
2160	DarkComet.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2700 wrote to memory of 2844	2700	chrome.exe	32
PID 2700 wrote to memory of 2844	2700	chrome.exe	32
PID 2700 wrote to memory of 2844	2700	chrome.exe	32
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2680	2700	chrome.exe	34
PID 2700 wrote to memory of 2196	2700	chrome.exe	35
PID 2700 wrote to memory of 2196	2700	chrome.exe	35
PID 2700 wrote to memory of 2196	2700	chrome.exe	35
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36
PID 2700 wrote to memory of 1972	2700	chrome.exe	36

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\OptiFine_1.19.4_HD_U_I4.jar
1⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7f99758,0x7fef7f99768,0x7fef7f99778
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:2
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:2
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2904 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1312 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3036 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:888
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fbe7688,0x13fbe7698,0x13fbe76a8
    3⤵
    PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3976 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2352 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2344 --field-trial-handle=1300,i,16563033809384281420,1449251051161015565,131072 /prefetch:1
  2⤵
  PID:680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:764

C:\Users\Admin\Documents\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\Documents\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\DarkComet.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2160
- C:\Users\Admin\AppData\Local\Temp\upnp.exe
  "C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.1.138 1604 1604 TCP
  2⤵
  - Executes dropped EXE
  PID:1984

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:324
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:880

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1248

C:\Users\Admin\Desktop\f.exe
"C:\Users\Admin\Desktop\f.exe"
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3bc020cf-6744-4d2d-be82-df479e0a63ad.tmp

Filesize
5KB

MD5
fa1d348a976e0f81c8dc11fee745c603

SHA1
29a7c16a4b533d945a13313bce5ca8d70674b526

SHA256
d16d118e0f8a3fd7debe108ce83b9d6dab2e97a364a3addceeece6496e2b4a61

SHA512
1b2f20722afc324de1f780e38403e1e07a9f31683143f1f95da348a27aee4d42db9190d29e6d32b363825c37877b02c9f55ae1d8068d731fcd227a061c4ce3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
14.6MB

MD5
abef83a4ead4d18c354f98d7e72312f1

SHA1
21e1ce0fa9013534af2a27c6d8fd0798e1028128

SHA256
86ffdda11652f7e00c5fc21eb9f2e97cad4453b5e467501bb1207d3ebb7781ea

SHA512
9145e554f98f8dc66435bd468b6cc064f1f1ea73aafabbb61ec9ed1cb4d6744f22e01f69ac3ed2fd2a3a0c4bb2a50ef658c1d9564f1eaee1848c7f5392742010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
93KB

MD5
0f048e61b42b26586922fbb2dd43449e

SHA1
48835a973f0fbdad5aea34e7edaafc6ea77892c1

SHA256
f27a2a11f55123b1b65b4448a83872da81aae3b37b77b7425939549727c8839b

SHA512
fdd0379a4b8092daf6e8179bdde33011e60caa25c05a61b2c731d9ac72112cbb749bba7766762a398c31f54af4e510ab5b5e68a2be756ea998ecb5c8e0bb28eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5ce02b8105f519d2d606b0d9157877ec

SHA1
8906475c8bee41cd568854bbaae4e416ccc43145

SHA256
f42b761c7e3fff4500b578c29c75b19e498d71b63e3a986f9ba7076de3ec847c

SHA512
6f35cbd414431c2f0a5a64ea54225dd30e7567f6873c772be16a501d725da1d8207e41697185f49a38742170fff13c53012432a25dcbaf68b6e952e937585554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1614460ee6c15153efed3be274ee70a0

SHA1
41f5fb52a5fd0c7cc20cd120b13987c53da44af4

SHA256
f32ee794f17d433dd9eab538e0f2293661c7547cd7d02d75778c53c8da9ce00d

SHA512
ce51cd1272319b4c26fc85abe442f1d4a96955eae6f9f0c55cb62ac2f3de11ba8468a872fa66816db3d419a21b3df85953906781908286c3454d23687e3fd727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf79fbad.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2da7924a12da4c5ff163c73df5bfd757

SHA1
7464c931304efa73335b2a1b27dee622a1a3dba6

SHA256
263260e9c48a23d8f3c344e78ccd929361da55fdae5aae891e58a9af59ef9d23

SHA512
37cac2f10098ba74a481591bf3324ce0582e4bfe36a9f5d8cadaf8fd0c85a92521f8dd2645139e27d2ceeecb10b96ff76c7104fe1ada11de97fe1c40b2aa0701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0b26697263d79f80d6b95d1418ec02f9

SHA1
d5f89a65f17f2d8bdee54162b500a3a894e8861e

SHA256
0c4f5735308345898eca0922935e596ead48dc5368bc8779cd6cde2058496017

SHA512
12bc55d3e00597d1f840475f027111e3868f2ddbd7d86efc64599e066e487cdd1c89348c6f91c9c82ebff0e5d15e47faeedfca14525e89376f1d0ff3e0e71aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1847a334dcaa03e1814733fa1edfcafa

SHA1
2bfb9d4bb1f8866a0633d8599c53ae0d9a5941b5

SHA256
8b8e3db6d802c77a96e11ecd54d82e39bfb47b2101e67e3b81fe2e07736608cb

SHA512
dc50b8c365ba915a8ca21eb2f98169096d21165cd6e3f6893c1ed30e6b025f7599c8b93115af09155790298fdaeba3684b0b23ef10be7d039d4ebea7f3800b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
825c9e902318d7d6a438e7895b7a6839

SHA1
5068932bbc88a1b3d357481e21fb653403ab9510

SHA256
823595568a3d5a82ebd8e4c9b1b78e3e9b1f0d353d3d3bbc89f6fecc0eaf7518

SHA512
bd781bbc3ebbb5548479a88b9abcccb3c003e9c698bf67290466d3d370ac28e41cc74ed1bf9b7c975c25c373875a2492cbe215a33434fc9aca17832e75485a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a00a97a4e3ee47a5383b879e96b2e2fc

SHA1
52778a343d9cb5675c7a8528e120aae581307b7f

SHA256
7f618fcb2c320771a6831ac4cf6ad166a26eb1f788c0028832365703525be6d2

SHA512
bacb24795205d5f8ec5ad7507dbd82df3b2fe45110e1c6c506982feba3d6e208ac4feefec5ac9b77d7bf5335a1558dffd2689a26cdc32ec28ba93b5aedc0b99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
ff01c1c8d8a25a4bda0fa7565cdc9b48

SHA1
0b9d61c4a762062d823d083cec7d4e4ddf307a5e

SHA256
c4bab7ce517cb92ea0e198afcb5df4b48ce92f98617d42f852627cde2348329e

SHA512
3f8e2b4faeeaa4fc50d091d46557744efb96ff7669a1f91c5e755db1d0beaff712f7dc3e222d284698947ccc72d63932506b72565492f750252ba7074b9d765d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5941b403ce17f3b71cc6c981a7bfa0d9

SHA1
fcf6516bdab34f8271df610c8f9af0ff0bf01359

SHA256
b3e53485207612aebf2595e599ed45d918160fd8f85a18d85a08b12375482aa4

SHA512
195d3e9521aecd6c835d397f2b098801f36e057413d1491a15f9269131831f3fe797cc03b7f86c7bb3e3104d0d50327c0ac7ef5ab75d49a4173ffd14ced2bdc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ac034dca335ec76385b9fbc340160145

SHA1
5d72ae2b833d466fbb53f2eb10f3cbaddbbcd420

SHA256
d6adeeafd9f1b500c15cbaf0a0c1e1c4e2442a33b6885577d91350208d8ad114

SHA512
82f8caf3ecc410b2bbf8b34182c4d7760bbee9ce6f8a07dcf393e728b3d4663d86266e8c11567955cc96b8dd2191cc0a0c0cf4fd17a8998daf69ab8ee0e6acbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
15abb2485481db8afb464b633b9b407e

SHA1
70fcdf64348ce4cb383a563ffcefe67a4555f94f

SHA256
f96f089033df2d71f167e105c0be80731219023d73665ac394cb6c0e6ea91007

SHA512
06f18bd79accfe6e25f91688a4af4841f5bfcd108a4e018bef1906d455664a406f5c160104c1e81b49ce497256409bfb2969e2a0b8bedc01de5712c70306fd9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
01fa803e13cbab788c4fe83b0646118b

SHA1
e68730b3aa498003ce3dc22c86cacf8eb8f035b6

SHA256
eaedcc1c67c307d1658ce4054a19ee931727199e9da60227b5993c8965498a8a

SHA512
f632148c2e104239200ae2a1f6d36ca89f999ee623ba217ce6718d4f685a9d0e2272f346e241748f96d3946a23ccc955b77bda2bdeb8adbcf4aec64753e1d139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e659bd6bb534e7db73f12e1bfffeeb31

SHA1
d09caa54223ee9ec5fd536a3ce29ccd5dea29952

SHA256
c12da0f2e9505a5c831813d2220dba872af5618c3e05d16325be4c065c293aa7

SHA512
4db894bd47b23248b049e1f7226f85af6f6e6468bdf21f3b7cbc0a426d7ead184edc1673c2aaa180ff43ae8d04c55925c51b5af0255cc8e4cac350e35ae72175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
12b942ac37aeb19dbb5bc96421176d4b

SHA1
2d4fa70a38a60590477f0ccf6424eb9af31a6eda

SHA256
f399ab3bb550399ab7e371da6bb934e2c82e006aa44b314c352ca8f2d5b6ab8a

SHA512
36399823b63ec4ec1cc76688b1461dc376332f31466225b8dce4a57c0e5081b32057caa71a4da6242b6c047f86b535d8c260c4a19764d3546f6e0f02973d252d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1b25f0fb8d6a8b05ee2a2200766d2742

SHA1
e761b875455de20a192322fc2bd35a49ccf0e7df

SHA256
118e89191e0df466fe806f6ee22a31c95705f02863ce8491682b0a9726cc4109

SHA512
51ca0b3b184341f547bce2ea6867cfa3294b4fe32a0aedf6b071dd2fc89ee1ff6b7564bf50caa48cbb3e33f39517e600d1e559635391cbcf46adac842c446cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4694.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar46E5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\sample.wav

Filesize
263B

MD5
37103e4529945ccd7ed8a9bb1c047167

SHA1
a82c1f10d3e6e85cd2191bb112b12e3f75ff21a7

SHA256
df6da3e6b2fc14aa8b3efe930ec49e6352435d7498f68ad5904c92806257943e

SHA512
dca877c7b295dc7f8cc5d83d6e063887f51c23565252b1118d309d9384e55369b07956cb2689f7f2fafa131d2556e6cbc5276b3529538b947912a5728f84d7db

Download Submit
C:\Users\Admin\Desktop\f.exe

Filesize
657KB

MD5
34960f869aa933675a70c0c7c17addfe

SHA1
b01ec370b3571d70a2d111f35d5514cc7a18d422

SHA256
9343339fadfe0f62d6fd46c6131ed9fdf01978d817192984e69a8bbecfb406d2

SHA512
5993de154bc0f5db448a243a3d0ec7929e968823b24ae256226e2d8e82f1d50d62977e5a21a2b775cd422416d8656ed0dec103b850a58633b12bec074a4f58d5

Download Submit
C:\Users\Admin\Documents\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\config.ini

Filesize
522B

MD5
0a5baccb60ddf613c9ef2b18e0b1863f

SHA1
39bb75213fab1a7b9ab51089ef54f43086d8b1f3

SHA256
21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e

SHA512
b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b

Download Submit
C:\Users\Admin\Documents\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\config.ini

Filesize
626B

MD5
038dd496b2f3dafa4e3645cf5c2198d6

SHA1
e628e616a4e15fdb5ccb9d3974dd0f0a54a0e673

SHA256
1fdb965889d079cbdbca72ffcc1b8d8d436256125c8bc65ed4bc206933b41374

SHA512
6b866e9727f5961490a56de27ff4eea8df239c3d5127b04f293dcf16584022b228a11fac7ba66d7d33d615e96114a89cd9aa40e3532cd441652aea2b22988655

Download Submit
\??\pipe\crashpad_2700_LDDVKUAFMJJWJVAU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\upnp.exe

Filesize
12KB

MD5
13804f8dc4e72ba103d5e34de895c9db

SHA1
03d7a0500ccb2fef3222ed1eb55f2cbedbb8b8c5

SHA256
da659d8c05cfcb5f0abe167191665359123643000d12140836c28d204294ceb6

SHA512
9abb98795a1b1c142c50c7c110966b4249972de5b1f40445b27d70c3127140b0ddaaada1d92297e96ffd71177b12cd87749953ffdcf6e5da7803b9f9527d7652

Download Submit
memory/1984-533-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1984-530-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2084-2-0x00000000025B0000-0x0000000002820000-memory.dmp

Filesize
2.4MB

Download
memory/2084-12-0x00000000025B0000-0x0000000002820000-memory.dmp

Filesize
2.4MB

Download
memory/2084-11-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2136-835-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-599-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-814-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-578-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-608-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-823-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-619-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-798-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-622-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-832-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-748-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-646-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-837-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-839-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-762-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-841-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-741-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2136-843-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2160-529-0x0000000005FD0000-0x0000000005FDD000-memory.dmp

Filesize
52KB

Download
memory/2160-742-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-756-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-729-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-631-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-797-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-620-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-618-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-806-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-607-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-598-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-583-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-822-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-563-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-824-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-557-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-550-0x0000000007CA0000-0x0000000007CA2000-memory.dmp

Filesize
8KB

Download
memory/2160-834-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-549-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-836-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-548-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-838-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-546-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-840-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-541-0x0000000005FD0000-0x0000000005FDD000-memory.dmp

Filesize
52KB

Download
memory/2160-842-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2160-531-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download