darkcomet | 31890493973af1dbe3ecd33a59536cc24fa753ccb603372e17a05eafa5378746

Resubmissions

16-12-2023 16:06

231216-tkkzbaddg7 1

16-12-2023 15:35

16-12-2023 15:29

16-12-2023 15:29

16-12-2023 15:23

16-12-2023 15:20

Analysis

max time kernel
303s
max time network
298s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2023 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

D3STR0YCOMPUT3RS.bat
Size

26KB
MD5

18aa3a29ea6572754fbf785a2eb03ed6
SHA1

69ee89c62e3fce0ae58e5803e283b511b41e8d81
SHA256

31890493973af1dbe3ecd33a59536cc24fa753ccb603372e17a05eafa5378746
SHA512

f2d1cf6512807e7868a48ea0c94eda7c6e75c8f5bad03e2a3313c39c83230b5116a78c803979ad051539c4dbcbf9aaf5c430f3d2259eca714d63e626ab4414a9
SSDEEP

384:89OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9OhQ9Oh:3

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe
1168	Ever Spy.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1888	DarkComet.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1168	Ever Spy.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1888	DarkComet.exe
1888	DarkComet.exe
1888	DarkComet.exe
1888	DarkComet.exe
1168	Ever Spy.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
1888	DarkComet.exe
1888	DarkComet.exe
1888	DarkComet.exe
1168	Ever Spy.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1888	DarkComet.exe
1168	Ever Spy.exe
1168	Ever Spy.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\D3STR0YCOMPUT3RS.bat"
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff93bcd9758,0x7ff93bcd9768,0x7ff93bcd9778
1⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:2
1⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:1
1⤵
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:1
1⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:3824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=4704 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:1
1⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5032 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=5148 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:1
1⤵
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1072 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1072 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:8
1⤵
PID:4548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1072 --field-trial-handle=1824,i,7368612659336127178,9579630346612689157,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2788

C:\Users\Admin\AppData\Local\Temp\Temp1_Darkcomet RAT 5.3.1.zip\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Darkcomet RAT 5.3.1.zip\Darkcomet RAT 5.3.1\DarkComet.exe"
1⤵
PID:3068

C:\Users\Admin\Documents\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\Documents\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\DarkComet.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Temp1_Everspy-V1.1-fake-version-main.zip\Everspy-V1.1-fake-version-main\Ever Spy.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Everspy-V1.1-fake-version-main.zip\Everspy-V1.1-fake-version-main\Ever Spy.exe"
1⤵
PID:4708

C:\Users\Admin\Downloads\Everspy-V1.1-fake-version-main\Everspy-V1.1-fake-version-main\Ever Spy.exe
"C:\Users\Admin\Downloads\Everspy-V1.1-fake-version-main\Everspy-V1.1-fake-version-main\Ever Spy.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\335e7469dbb24b06bd2cca924b81b6e5 /t 3428 /p 1168
1⤵
PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\296679c0-a374-45d6-bc9d-15d83c0ef5f1.tmp

Filesize
1KB

MD5
741a38bce46b88ed7b27c1ce0838d61e

SHA1
7a036bcaee1496b6e5604eb011227df2d103c49b

SHA256
1163503de61ca8e4c5d108b7afcec38c9355dd7cbca6ee93a88d114226eb5563

SHA512
395ef84298ff4a78ad0ada439d3ce361f24e08bf118a46e15e95238243eb0ebfae61b0c5dabfc2f1ef7c145aa72fd8f509864b7ed3fc4b0dba998266222d4fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ca4a541385a7626cd09df70be2626f6e

SHA1
500f5c999e98ffe2e644fddd8f3a84030ed5986e

SHA256
ef481afd0b4828931045120c2a4068eb262270722199e62e803e918c2ea5343e

SHA512
f3206527da36f58481235723361d6dc5232462c6ae4079bbc795454bd70afe108b511df2ac1deae53879fa4c4887eb58dc49199fcfcdfd4681d3ffcc1f3dc0cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4bc88d09c4d387b4cfdda8917ab1ca77

SHA1
55cc77dd42b6b656623c42bf54bc48b01e9c0466

SHA256
f9ac4c806df63d87879c7729a59aacdc5d8452486c4f6f9f5b7bf8dc45d466df

SHA512
8ca297898d3938233ed4c6968aaecc830e691d2e44327e4de3ece39d9cdfab06e7bb56b7386789c6d4948cfc9cab1222e93c8c26631ff8374d27ad82900ca914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
513c869c13a527156e423f7b885f357a

SHA1
76b37a825fe8993ad21e5e05ec962255ee25a9fc

SHA256
249e85889c154ce591e7448b8a1630814118a39ca95116d483c7e4dfa068b0af

SHA512
815614e549b17a0dce67ae7450f22845d27c881749ff7a860d5c02ebbf2d08b9fb6f421f69076035319c2518d422331e78ed97381100bcb2b3ee2759d3cfa941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aac9e2640ba05aa0d55e7ff04e0163be

SHA1
45506797477ec3f07de314749006818b23cb7e2f

SHA256
d48fb54d31fb72ea05815f03566b021e87c6a3ab22ce3031bdeaa07999c57950

SHA512
c2af6d66218011d2087009063dd87c2d7f408ae41cab00fdbf2a9f4172ce5ba4b3bdf115b2f72129b20882461bea42f34e2c190c7b1b2f4bd52fbcea5ff1c202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3632f8116da969b5a966a4628f651004

SHA1
69d22ce4eafc8e5ca9105db318f55c50756abe53

SHA256
3481ada5339842f5536fad7125f7be3f8ef8e250e1a2f9c072ffebb18614f4c2

SHA512
857662c18533f31a9a7e111cd9e442eb15f4c4b3211d8f25eceeb14b72162257f0087693f6d24061bb978dd63a3e4ecf2b500eb963d9ef8946b5907402be0fef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84d4f0542a159c2cf1eeabdf19af4a6d

SHA1
d6be9ee0bdd7702a2c978fe6b96c101c9566ffa2

SHA256
504ac8fb74e8262aabf2740eaf5f97f83b52ecd2abfa9bec18c70de48c84c710

SHA512
4aceb117dec4979485d117cc4ac485e9181ad46a3434f28ade3969e12128981922c09bfb771030d63b2d5d46fc2d11d8365be32c8ff5b4bb1092008034ff4c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bdac04ac5270f7ccda9575dc88c08906

SHA1
1b7093ec3757e6fcf7111ae8ed567039349af614

SHA256
fa997582237998b36b30f136bbc5e08d7235219e638af4964766b139f1186e33

SHA512
94647d2c28f1bd6e9b19744dfaec4f6b109597034026bd8e1bdb99b24b1c5bd66756694eca151324a7585419fde1062cf8320fc3090859840ccdb6371d7c1b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd3c551798b6c7614f2984565ac83e94

SHA1
0785f6417ce7d2d68c07b28fbab1fb65d674f961

SHA256
f221b506ae0d1d5769116c62a7c18f7d1cfb49ecb599c308ffceed67008b360f

SHA512
d3f239403cac8c9333e9141561fc8ed1e3967055182615fe52ab2cf8e08908c190323c1e58234a7924b1a420aa0cb2d8adce3764b47e421dd525233d02a7b3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
33d1010f048e6aa4abd95550ce7885c1

SHA1
f2a9a7548976aae1ba57af644de76d74dab8911f

SHA256
c2e13a85c2a3a634c937d72402a4ae9a387ae3de43559a6a30b274a906b99bf8

SHA512
c71a702f6f132c7fb36c96ccd683013ef56212de28e83fd025721dd55b9353649c3f294225d1970ebd309b2964060a58c96a14e08fa8caa03179e0ccf6b603aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2341ff5558c669a3f29c943d73115da0

SHA1
05e76838119286a6ee034b16832fc4e3ccdf0d41

SHA256
f6f3c2206a35f293c7bcbf39360a1c90fa8bf06b8cff20e6fa81d48dfb3719b8

SHA512
2444ea8027a65839bca5d8789174c26014d5a208063b91d9f17f4206bc0acfb9f1b3711a3f7d853302924f5fa9e233f3a00b5ba67de3a5682765342a501a7e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
626aefe9457d01fb24649707130e480c

SHA1
98596c8aa7a37122c9ff618c049d4cd6d45d1ea3

SHA256
ce50fcff7a826da7975ef797c2c4b3b090f3df1b6f0122fcf6294a2fa98c8fb5

SHA512
764431016e26588dded38833e1618f1fc8fb72591d023252252f26366facf696823cccf3eca8a09f94947a5400d3014f3864729b9ac473dcc78ea6108baea49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb1c790de3b8fcb7729d8a76c30010f3

SHA1
4161871e0d4ab1c8fbb6bb3248c8c846dcf4d39e

SHA256
d98ed54b56a431c61333734b5a710c7bcbfec6b073dc2efb71835cd6aa314a0f

SHA512
230825b01134c4b5adeabe3f40ea6ff76d3f96af776aa806d4450469bc62da94aa48a3cd8f57b3b2eb1291cd4c0e2a62c35b140a64f69088f83eb9b32f2f7142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dab4b690a627d3f146b032148bdde73f

SHA1
4ebe6ada6d8e8f93e4519b0190cbd2b5449fd867

SHA256
2183af6597fdb5b508e39889707904a05c5aa9b999ec09b96e9b733b481b1c84

SHA512
5d4deea256af1b208e8aba64c91c014f74ab19abb4a94e21b4cb1c5503824c63eddc72fdd1d9ed66694caa9093a9512acf3f5d7ff77ede0977c95df4111bb26a

Download Submit
C:\Users\Admin\Documents\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\config.ini

Filesize
522B

MD5
0a5baccb60ddf613c9ef2b18e0b1863f

SHA1
39bb75213fab1a7b9ab51089ef54f43086d8b1f3

SHA256
21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e

SHA512
b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b

Download Submit
memory/1168-272-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-267-0x00007FF925F20000-0x00007FF9269E2000-memory.dmp

Filesize
10.8MB

Download
memory/1168-304-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-302-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-303-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-299-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-298-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-296-0x00007FF925F20000-0x00007FF9269E2000-memory.dmp

Filesize
10.8MB

Download
memory/1168-292-0x000001E1BAC30000-0x000001E1BB113000-memory.dmp

Filesize
4.9MB

Download
memory/1168-291-0x000001D9B3E50000-0x000001D9B460A000-memory.dmp

Filesize
7.7MB

Download
memory/1168-275-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-273-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-274-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1168-270-0x000001D9B2D00000-0x000001D9B30D6000-memory.dmp

Filesize
3.8MB

Download
memory/1168-269-0x000001D9B28A0000-0x000001D9B2916000-memory.dmp

Filesize
472KB

Download
memory/1168-268-0x000001D9B0FC0000-0x000001D9B0FD0000-memory.dmp

Filesize
64KB

Download
memory/1888-246-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/1888-190-0x0000000005AE0000-0x0000000005AE1000-memory.dmp

Filesize
4KB

Download
memory/1888-191-0x00000000067D0000-0x00000000067D1000-memory.dmp

Filesize
4KB

Download
memory/1888-240-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/1888-189-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1888-241-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1888-242-0x0000000005AE0000-0x0000000005AE1000-memory.dmp

Filesize
4KB

Download
memory/1888-243-0x00000000067D0000-0x00000000067D1000-memory.dmp

Filesize
4KB

Download
memory/1888-248-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/1888-229-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/1888-244-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4708-264-0x00007FF926550000-0x00007FF927012000-memory.dmp

Filesize
10.8MB

Download
memory/4708-259-0x000001ABEBCC0000-0x000001ABECDEC000-memory.dmp

Filesize
17.2MB

Download
memory/4708-260-0x00007FF926550000-0x00007FF927012000-memory.dmp

Filesize
10.8MB

Download
memory/4708-262-0x000001ABEF280000-0x000001ABF0816000-memory.dmp

Filesize
21.6MB

Download
memory/4708-263-0x000001ABEF270000-0x000001ABEF280000-memory.dmp

Filesize
64KB

Download