Malware Analysis Report

2025-08-05 15:28

Sample ID 221019-tylsrsgabq
Target 317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45
SHA256 317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45
Tags
darkcomet guest16 persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45

Threat Level: Known bad

The file 317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45 was found to be: Known bad.

Malicious Activity Summary

darkcomet guest16 persistence rat trojan

Darkcomet

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-10-19 16:28

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-19 16:27

Reported

2022-10-19 18:45

Platform

win7-20220901-en

Max time kernel

151s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe"

Signatures

Darkcomet

trojan rat darkcomet

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe" C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe" C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1768 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe
PID 1768 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe
PID 1768 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe
PID 1768 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe
PID 1768 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe
PID 1768 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

Processes

C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

"C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}

C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

"C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe"

Network

Country Destination Domain Proto
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp

Files

memory/1768-54-0x0000000075931000-0x0000000075933000-memory.dmp

\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

MD5 a131afc96a8738a9202b91c2761d260f
SHA1 d3b9f7709bac6995acc46e8e28dd45e993b12797
SHA256 317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45
SHA512 5e19b162fe31c7ad693a5614eb969e12a31c5c5c7bc47ff464f3e83967a9ae6e5dd0d9783ef5f855c864a9638a4143b59e82378a1fbf92a4b200a249eccdfed9

memory/676-57-0x00000000000C0000-0x0000000000172000-memory.dmp

memory/676-59-0x00000000000C0000-0x0000000000172000-memory.dmp

memory/676-60-0x000000000014F888-mapping.dmp

memory/676-62-0x00000000000C0000-0x0000000000172000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

MD5 a131afc96a8738a9202b91c2761d260f
SHA1 d3b9f7709bac6995acc46e8e28dd45e993b12797
SHA256 317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45
SHA512 5e19b162fe31c7ad693a5614eb969e12a31c5c5c7bc47ff464f3e83967a9ae6e5dd0d9783ef5f855c864a9638a4143b59e82378a1fbf92a4b200a249eccdfed9

memory/676-64-0x00000000000C0000-0x0000000000172000-memory.dmp

memory/676-65-0x00000000000C0000-0x0000000000172000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\file..jpg

MD5 3435837d9e0967cc0b13170c07fda108
SHA1 9c0ae330ea298735f185d2bc7f37b457928dcfda
SHA256 4ad29c938f7f7cf15c60ffd65c25563cc49c14e2ba851f0c6cfd760ca1414ea5
SHA512 6ad221a73ccf9fc48768f0370441c869276d95eb171b37749efb1a0858fc87f48a43b1346f39ec6f09c9c94d3571a611bfdc2c29aca5fe555406d78f6e5181ce

memory/676-67-0x00000000000C0000-0x0000000000172000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-19 16:27

Reported

2022-10-19 18:45

Platform

win10v2004-20220901-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe"

Signatures

Darkcomet

trojan rat darkcomet

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe" C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe" C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

"C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe"

C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

"C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe"

Network

Country Destination Domain Proto
BE 8.238.111.254:80 tcp
US 8.247.210.254:80 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
BE 8.238.110.126:80 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 13.89.179.10:443 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
BE 8.238.110.126:80 tcp
BE 8.238.110.126:80 tcp
BE 8.238.110.126:80 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp
N/A 127.0.0.1:1604 tcp
US 8.8.8.8:53 iiandlez.no-ip.biz udp
N/A 127.0.0.1:1604 tcp

Files

memory/4644-132-0x0000000000000000-mapping.dmp

memory/4644-133-0x00000000000D0000-0x0000000000182000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45.exe

MD5 a131afc96a8738a9202b91c2761d260f
SHA1 d3b9f7709bac6995acc46e8e28dd45e993b12797
SHA256 317fcd55d08d6df4d0d095f55817b2d9d562b32c76bd16da99336a245fd78f45
SHA512 5e19b162fe31c7ad693a5614eb969e12a31c5c5c7bc47ff464f3e83967a9ae6e5dd0d9783ef5f855c864a9638a4143b59e82378a1fbf92a4b200a249eccdfed9

memory/4644-135-0x00000000000D0000-0x0000000000182000-memory.dmp

memory/4644-136-0x00000000000D0000-0x0000000000182000-memory.dmp

memory/4644-137-0x00000000000D0000-0x0000000000182000-memory.dmp

memory/4644-138-0x00000000000D0000-0x0000000000182000-memory.dmp