darkcomet | 2c010bcae341cf1003c194a4b566a0cb0c8dff2443d2f9fbd9e7a2d9abc8af6a

Analysis

max time kernel
603s
max time network
589s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
29-10-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OptiFine_1.19.4_HD_U_I4.jar
Size

6.7MB
MD5

2e58bf463ec7e9964fe381a5afc17da1
SHA1

40a44c00d4f06ba82e97b8eb71aab3823f4e9d93
SHA256

2c010bcae341cf1003c194a4b566a0cb0c8dff2443d2f9fbd9e7a2d9abc8af6a
SHA512

94d0673370168322cc6ba5ae7bc9ad5d5c4246aa10f8929239dedc25639255c807c32ea248ee751c42aed9ca61cf37ab391d7d3a9ba57bc643e091c9ef4009d1
SSDEEP

98304:+4T54pxq3gbAuFu0Lw6jEKuBj036dh1KyMH9vPMDNgPjDbHA:+4TCxq3gtFuiWKufdh1jA9H7LPg

Score

10^/10

darkcomet myself discovery rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

myself

10.127.0.189:1604

Mutex

DC_MUTEX-JRHYPKU

Attributes

gencode
XJVnexW1ouSE
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

DarkComet.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\Control Panel\International\Geo\Nation	DarkComet.exe

Executes dropped EXE 16 IoCs

Processes:

DarkComet.exeupnp.exeupnp.exexd.exexd.exexd.exexd.exexd.exekjl.exekjl.exekjl.exekjl.exekjl.exekjl.exekjl.exekjl.exe

pid	Process
2592	DarkComet.exe
5980	upnp.exe
2624	upnp.exe
1300	xd.exe
4724	xd.exe
3708	xd.exe
1892	xd.exe
4616	xd.exe
4276	kjl.exe
5680	kjl.exe
5368	kjl.exe
4200	kjl.exe
2072	kjl.exe
3140	kjl.exe
5504	kjl.exe
1092	kjl.exe

Loads dropped DLL 1 IoCs

Processes:

DarkComet.exe

pid	Process
2592	DarkComet.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/files/0x002c0000000452e1-922.dat	upx
behavioral1/memory/5980-928-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/5980-941-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/2624-1053-0x0000000000400000-0x000000000040D000-memory.dmp	upx

Drops file in Windows directory 4 IoCs

Processes:

setup.exesetup.exechrome.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

notepad.exexd.exekjl.exekjl.exekjl.exeDarkComet.exeupnp.exexd.exekjl.exekjl.exeupnp.exexd.exekjl.exekjl.exexd.exexd.exekjl.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DarkComet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	upnp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	upnp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kjl.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

Processes:

ipconfig.exe

pid	Process
4264	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133746556502397528"	chrome.exe

Modifies registry class 64 IoCs

Processes:

DarkComet.exechrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000100000002000000ffffffff	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = ffffffff	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000200000000000000ffffffff	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e80d43aad2469a5304598e1ab02f9417aa80000	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000009bd8c5405b25db019aae451b6125db01bf0e481b6125db0114000000	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "7"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "9"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000000000000100000002000000ffffffff	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	DarkComet.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
4408	chrome.exe
4408	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe
4008	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

DarkComet.exe

pid	Process
2592	DarkComet.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe7zG.exe7zG.exeDarkComet.exe

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
1452	7zG.exe
3872	7zG.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe

Suspicious use of SendNotifyMessage 35 IoCs

Processes:

chrome.exeDarkComet.exe

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

java.exeDarkComet.exexd.exe

pid	Process
4552	java.exe
4552	java.exe
2592	DarkComet.exe
2592	DarkComet.exe
2592	DarkComet.exe
1300	xd.exe
2592	DarkComet.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 4408 wrote to memory of 3812	4408	chrome.exe	88
PID 4408 wrote to memory of 3812	4408	chrome.exe	88
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 2924	4408	chrome.exe	89
PID 4408 wrote to memory of 3884	4408	chrome.exe	90
PID 4408 wrote to memory of 3884	4408	chrome.exe	90
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91
PID 4408 wrote to memory of 5328	4408	chrome.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\OptiFine_1.19.4_HD_U_I4.jar
1⤵
- Suspicious use of SetWindowsHookEx
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffe2fb8cc40,0x7ffe2fb8cc4c,0x7ffe2fb8cc58
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4868
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x260,0x2a4,0x7ff7c8a34698,0x7ff7c8a346a4,0x7ff7c8a346b0
    3⤵
    - Drops file in Windows directory
    PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4816,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3176,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3184,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3508,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=900,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3340,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5808,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5920,i,9849119079489001232,1998460688869889619,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1520 /prefetch:1
  2⤵
  PID:1312

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2272

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap28176:114:7zEvent6218
1⤵
- Suspicious use of FindShellTrayWindow
PID:1452

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\" -an -ai#7zMap18717:154:7zEvent28477
1⤵
- Suspicious use of FindShellTrayWindow
PID:3872

C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\DarkComet.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2592
- C:\Users\Admin\AppData\Local\Temp\upnp.exe
  "C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.189 1604 1604 TCP
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5980
- C:\Users\Admin\AppData\Local\Temp\upnp.exe
  "C:\Users\Admin\AppData\Local\Temp\upnp.exe" -a 10.127.0.189 1609 1609 TCP
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2624

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:2528

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2844
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:4264

C:\Users\Admin\Desktop\xd.exe
"C:\Users\Admin\Desktop\xd.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1300
- C:\Windows\SysWOW64\notepad.exe
  notepad
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4444

C:\Users\Admin\Desktop\xd.exe
"C:\Users\Admin\Desktop\xd.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4724

C:\Users\Admin\Desktop\xd.exe
"C:\Users\Admin\Desktop\xd.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3708

C:\Users\Admin\Desktop\xd.exe
"C:\Users\Admin\Desktop\xd.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1892

C:\Users\Admin\Desktop\xd.exe
"C:\Users\Admin\Desktop\xd.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4616

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4276

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5680

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5368

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4200

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2072

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3140

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5504

C:\Users\Admin\Desktop\kjl.exe
"C:\Users\Admin\Desktop\kjl.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
dbc96f60eff3c9a5870267a499002b80

SHA1
c28a7106fb844e7a2008c438e99b3362e1cf2e6b

SHA256
b648d6783c7fa98b241214844fda6f6bf2667ad23b22fc85f58b0014b0d5362e

SHA512
ce7ad8a5695913d22e0d385b354a44abed40a5511f2762026d84460a60edb0e02be078da9a573d60f96031f7e8bcf8a018075f284cf1095e02ba1cfc509f2313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8b453996-1a00-43bb-afb0-72d9f5461ee8.tmp

Filesize
10KB

MD5
800f376079be908c4557793db5c2720d

SHA1
d5881651cc85437cf195d36eda7c7f0065d1215c

SHA256
226f864e5c950df30632575b0ed4130df442947a8d7282d70329a9bbbe6eb918

SHA512
c95e0b13ea9be9fb6cbc74ec50d9b1fa80b81f37590ca677d6adbad96a4b5b840ed1584fb6d0eae3baec7b0dbb85f4d91cd21a9bcd04cd1ccfb64fce50bd8b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
72KB

MD5
c2aff226dc0e429be7c1ea0f1747f05d

SHA1
6fc3b888a8974e9b9e948cad2be5eb2327a17f80

SHA256
c5afcd065785a602eafed3149f17ec551800e76c6aa29695f17b250834f76229

SHA512
b79086d14fc2efef42c932ffd54bc05bc071945c2f172152bbef0ba1264763d19547ad7d88e767ceffc133037a0c27c402a8bbeb089f899e61e10c40e694ecb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
410KB

MD5
7b9e2dc2e5c918728742b24e1df9f018

SHA1
80a7ed59d9e3435b58396b2197dbc2dac30e3825

SHA256
8d054349bef71f073733848d82f88f6c2d30093398dd6a1231a0dae256eeec72

SHA512
9cd8a461f68cde99948fc85fd97e90d17612e6802c82467884475b582e47f4a109b6d63fdcd1e6ef39b92329b9bc474b84aee838def35c7bb14d25b858788c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d6753436efb880c8a55cc053f9c39638

SHA1
f497f278c82b30a9ec148079e6cf2b8502a16df5

SHA256
0d0f01253df9ab590cfea01bb4d10d51e90a685cdfb69ea2652bf51e4c7a79b5

SHA512
fadbc88d89a1501f8bbf47e8a1abb5c29505ef52f158b6d6415729d792142db8a51bce91470b88720cd6e2da07c12af01a034e346058be9e5593c5f2a939a4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6e3393b1eb18aa62080dbbcc7592bda5

SHA1
4b653c3c1066eddc3dbd1db9cfd4fa2ead858192

SHA256
87913f464ef82eb32bd10f56619f62338bac1e87d153fc6932c85fe70dbe6141

SHA512
a7099d467b990a1bc6d90c2fd92a656a2bad4aee4ce4d3f4639e33599cb6a75c0d8e6e6bde5c3e9c819feb5e28777eadd8c5728779b175924f9bffe6bd80051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d5a5adbaee2a8a6aadfc775377757069

SHA1
9dfae7bafe09466a2d8ff6e6565b52f912f0b551

SHA256
82e1708128021537996f403e5301588e3a844a7fb78e4bd0fd46900fa9db1c6c

SHA512
067d74676b3399380de241a18ab385bb8b19a7939af2fafff1fd51bc9f37f66463dd35883b2a1e9efeb1089204eb8dfa1669ed59285dfe6678efce2438fbfca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
044ade6d4623936963891c068fc583a2

SHA1
75133251306ea5fe5ab3e6adf2695aaaa869a1fc

SHA256
f759df74cbf6dc690cc9c2c4300a020dd2544a773591fdc1db3d0340bccb66fc

SHA512
b4ee25c170a289730d60f3ef988292f7146ea167f177df3128e31a15bc6b0ab7f638aa3ebd085c7dbe54a34311721396685e536be6a5046a5eb99af65c6e176e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a1c1a7e4b17b3a513a1bfb6c487873b1

SHA1
ac1f946df9dc562aa381bf2b678645c0e997395b

SHA256
fe0bc9066e904ec94d392490613abc23600d6dbd534d924a8e10ec3fb8507568

SHA512
ecd8aa4cde23e929ee2a5b2e9a3e394cc627e96ae7828a97619729fcb452a9632ad6132dd406b207665990a4c66d4511125c2a066e9a4df4c09fd64ab180e38f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47eccc23d9b4c1bc134a9ca4365fe7ca

SHA1
c82249b7900cad7b8a4e0304a666c473f2b7bdb4

SHA256
a20060b406a85eb2bb88044f135dd757f638e7ef3dcc9d6232687699f9e7cead

SHA512
fa4807c399a99932b8c499a75ff5b156e519bc2b58f25fb976fdc0f6263e7fd68983aaa5a1df103e9523ea1924f524171d5c2327f51aabfb66c59a02c35eeb6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a09f87736de254b84fd7515cfbd2d9e2

SHA1
48f0b549507986ac9ecf2d2ae37d64bfdea64654

SHA256
1ba412f9495eaeb7be819491edee9423e89eeb187a1c874e0004d8e56132e82e

SHA512
096278a09de0fedcda1703bc4ec9e938573bb4ba5f45e80830a11071024c1ed197c7278ae0864115de7418e51020106c3d5f1f44a9c43658a47ce80bceafd026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f6fe98e520e46d4c21bf829279374388

SHA1
d2bf085da9ebdef318393460d6cc1e4bae5b0c1e

SHA256
fd9cd03721cfa862deb88d2b711a5c1ff9f6192916fc00691ee022f353c0bc9c

SHA512
d5d6f616bb9db9196b4a06bb848735822f0981c2e9de193f9fee47721ac2cbce21bc285d25b34ea483bd770cda56c05a041da0b605292c614a2d74b88d0e1c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d26e83bf7867a555a7b7ec6d4a7458a8

SHA1
9d36ee8f73680b57f1624e81721e2947caa9bf3c

SHA256
63616dfb8febb04cabc1ad2b51c6b8ecc737a0ca54fb63a529449c2d8a895593

SHA512
b655ffa207774cdf3b5d0780c6d6cccc44225e97e3ee0674f7db7d83ed2f193b61f647b4cdb9a75bc4b0ff17f5a91947e7c80bcec05c55ac34892fa6f0fedb17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e56b4a1253be9cecd1f6b1b10b7362bc

SHA1
52b5d30a0e21f1be881aa20f4208c43564a921c2

SHA256
fafc873649ee02276231198f7e4d577c77a8275a20908f58cceda32de386b667

SHA512
91ae1fddd08beb67f0b96b36faf12cff3fef658f82129d13670e534d71346532c8f7b67cbad85704b59f76e0eeda2638e6a8ea818e3f7c13bb62ac58e66d653d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
20aad20950aa55e06d41f4bbb6ec718e

SHA1
d3ab4e2c356b4c152e9f5a6dc2e5f14a2f398333

SHA256
dd904a2fef2fb6b5258a59954a4a1ca33afa4b2999b53bd361dd043326272a31

SHA512
ee8572901f067222c5081a66aeac191b3178a0600c9f70da48737d1e3363d35dc4e75c7d7440d5f897ad88ecd7ee74573283d914e6a8f1e966e90681d960100f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e8a5b79c6ce7458c00be4ba94daf666

SHA1
9d8ab0ac2d1b40f68830f781ec9a3af8ff36aa0f

SHA256
e022327ba59c2c168602085aa11eef9128478b9ba9d2ba3abe0c1963e520d66f

SHA512
1c41c5bf031a8d16463e16cf23206638d52ca930a347572a89a5db9d55bc7da07d3389d9efbb6e2872af68ef191c026c3cced110d24952eb3520dbfe72a4f3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5c933ddebedeccbb711e2bd3b1dfa39

SHA1
e5e73dc38c0160bc7ebedd957e53ab357937bcc4

SHA256
2454f135ff7d40310b0c10176eb8d5585ed94d0bd5f52c55d07ccefe3ef56c88

SHA512
76a3ab29a67f7611c37ce79f2306359d6edc997b9886c9d4a36af4519933e38213d51231d1fa0be9bbf9c12549947a1c589d25b75e2b3eae3adec54145907744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
24279adec988cccc2e8927eae3112b07

SHA1
463fe4aa976f3f9246d1d90cf374bc77b13ff5e1

SHA256
f395b7b30bbe19569e09c0f57c822e8c7457e08b6dd68d31b67e3a8f6fffbc11

SHA512
32076a4fffed41c2dc2bd3ed3894ffef9fe1d25d0dc9ab1ca7d429f083773853c9b2d1a66ae098e04e3873b0bde65665b32ccd649db2016fca355e7166ecd869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f75b89d640e904210cc95f231cb083f

SHA1
73fc7e4525257ee5939bb50aba209d87677fc51a

SHA256
eec11bb9b2072e5a2f8cf3b5b066724085ca4fc81bc2efdb7d85824219955c2a

SHA512
ffddc1280442ca17cb347c7e817a8b2c3aaa5e5c5266f7fcd886c84af964ad56cb9b3f69a49fe8fcb1ca041780dd90523b0dc69797804a6b7005ffa957a9463a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afc400f0a3f1c7184c267adfd50f8e6c

SHA1
c85c6103e02c6e73895fcae857bbb485eb66600f

SHA256
b9ce9413991bccfa2f573d38a09e8ccb8d604952540887aac88d7ad0705bd5ae

SHA512
05f444c574fea068b7019244c506540f647d30d86389087ead6fbe76989d9cfd3b830f01386db16390a60eaa01c6a452c9b206ed442a28533148a78258070fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2cdd2d742ee08f7fae3628e14a1cc2cc

SHA1
030fbfa0299e4d0234dd8526562e1241bc44bf95

SHA256
758e6b439e02837246c440e16a981c3f2a5d63bb6124275c96d92f3fc06e37d2

SHA512
c8f1c97af49d8e2e45a41da257f8a5cfda3d2a0e66157f9184c285c6709cc51420422e5ff3c9c6563ae24db6546397958ca5cdf5ac1b1b0ea5270d7cbd7b3596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a3e87448fdcfd7a0897b94291caa655

SHA1
78488f473137fa279b58c3be26e817455553fb0a

SHA256
3712d13ff72bd075ecccc140a3a8dbc4b5280e276f9ef5677a288025de75dda0

SHA512
9bf060d263de5963ffcd0d216a09dcbb932bf80a5e6e10bb95db5ff514dcd825d8d861e893bb1a02987f5bc0936fbb007dbf1ef6e73081e1247aaa19ca354312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66b8aaab0699a88b6e0b8cf975e9b0f2

SHA1
2b75cf66f29d9f063ac315c61e424b03e1ca988c

SHA256
0ef81a19c6705f8b5442089bf1f3f3436da97aa96b402cb6b4e747521c2d3975

SHA512
d67001256cb9df4486e1d35c68cd7abc50cc15f87b4abb4ef8e396091465b18d4835702b2088b152149665edbb1a044271b9b2503f4b9ab233fad848c88e95be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3f218717225779afaaf9babf9ac80e6

SHA1
674f57ea89252a320cc2a699bdd5dd665ddc962c

SHA256
1baf181a826cb13c48c5eab0aee812019d3358cef0d51ee5c85fc6f1079db2c5

SHA512
db935802f801e076073c131cb3f37f5b063be65e1b427a0937f4b416faf90aa762d44bdec0e353ad9a91835e093e364be28119bde1f371bd639265b896dbb529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c02e775be1ede75b7ce727cba61b658c

SHA1
68dc5d7c4c6b5a919f1e1fd75c587480fc17405c

SHA256
a862bb7ccc54ffa27d47317295810ab000a9a8fba53451612bcc3e7b36ae73e0

SHA512
1a4e1cba280e011166787a40bdc576bcbf5d044aada59a81bc727663d0ac617ba57b29094da7b71441db2b2692ee054b7f52d30820617549175305a97c843ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5872d3154b61a1118c495fc438dd03c5

SHA1
8e98c99459700cb2232684682c1096f649d6f79f

SHA256
dac59bd9595c38f8e8c7a08cd240581c88fdcc421df6b5a47558523c7f99bcbb

SHA512
7d2b54be15a64089a0be5375495c880bd34d581334c7d606b0046ab14252ef65ab7b4c2283b045b5ab59ea2888194ec9566aa722dfb0eba219cc365962e048f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b3ae1e9950388dee1b96fe9182d5a79

SHA1
58d7808675c733067f5cc16d29254809d4359fd5

SHA256
cbba7bf5c109a29b42dfb9ba7558220cdaf0a8e21f4d966ec013c6d3e4022900

SHA512
3be83ddae1f13c531a481bc1cc2d41224c7dc99f4777a783b6f3273ea8f475a35d6eb35aef0a35ad3ac71be2278c1d2d1c2096c3ce25ddec179b270ac69fc00e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b2bb905ef81aaa972ef6a5162c78e7df

SHA1
df49abd860ab54633eebfb72dfcd12d7b97a7cbf

SHA256
bfb6dc65bfbf872720027e3f778c659b03bdfcc759a378c8e141c989ebadaad3

SHA512
a78b53fc73faaed36231284b231793635ee2c885ce36ad5e952ded194682d3233d1ec75fd7d92e8ba889fa0c17783c8a653a90df0c14637289498f6f9d174860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a48034d8d68d095b26ec3f787b276ee7

SHA1
7f0d813fbf34a33cf2aec5b6d3d8f8eef84f9f85

SHA256
36f20d59dcfd1b0c9ac85a664dafc08bf98af3f54c76fb83df1141560f1404b4

SHA512
86b02f4ae62ad16e22f0b1907e06244910d38d31524b028ce6e4da475e129ac4fe46849429ed95dfc545d12cda1b231dabb4555b1a50326440592765d010d9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3559b83cfc57286f1c9c1f2d2b2f393b

SHA1
122ee55d86c1ba99314442473796afdb44010bcd

SHA256
af497f49b667a0ee7a574b80dfcf91ae932d057f822872c2ce504539d561e8c5

SHA512
36250029093e95480beae3343f6cd0f72798d4c20df50438aa705275b4352156b9282b3afc144212c70bb5d94dc1e94f0dbc12a48d7195473b3675ba455125e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c751d6c3de211761604acf11faa2e115

SHA1
3c4346ea50dd03f4ba5d0b9ad55d3d48019ec2ff

SHA256
d2ea21c711998a57334f524679256d8ea37ef182b18249140c7ca420ec575a5b

SHA512
70d69f685963984ccccca926ac42ba31c386fdb609d2d33a4c12796d4717ba437b19394b93b16f28ddb6bf5a6c8c291f28f01e6848441846d4e2ec9ef2f49466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
81de423d92e4a9a9a707f027b7a5cb0f

SHA1
b6ef42c17521fb1d606835cff65b0e650cae9e1f

SHA256
ace269397273d3df6e1d9594bada9e6ef49efdf54038068dbc141bc8a337e55a

SHA512
e1fc42bc4db6dc796a547cd2c88816767e227d8dc8d672fe00fb8132713878098e7a72970c985f0e830e79dc114ea5cdefbfc229a27a1a6e16a63f394836f905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c3c87bbba3d6359d4e47b965637646f

SHA1
ae01f014798d5898c4ced007055352ef63ecc1e4

SHA256
fb8649fee1feb3ceb3b7b9995cf9df0ae391f311fab946f9bc699e892b620cd6

SHA512
c0fb68c6626850e682220e279af66fb0b281f4fd85a161322d696819c7c16e713958b94245462edd1a340fcdb57cc2c3b92aca62223b6496a48e1078bde62a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6bdc382e37c9e74996b9d4dbaed458c9

SHA1
32c8cb0b274451d8f568e66f007c1d88446304dc

SHA256
30c9b4fffe67228fcd43d15dc53143ba068aebe78aa1ecb3b0e8c01c4212708f

SHA512
d58f8f091c31c33189e8452e33b36a05cc2a9c6f6c8384bd56289bc7aad726477048a25253e4fcd103e217d1498d9001b143be933f3f144c0220a5ad7b1c4222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40b54fadb07d759e41bb30d6d08f4af4

SHA1
82c0636637a8addb98a423ccc72189b2b811e136

SHA256
21028c9f53456a6a2b3b061c1b6faf2bcb350392906fcb98fed24f7314256878

SHA512
a19ba366220772ae3106572f45f1ce1db4a72795bb8dac63204ea3391a32dfd17ed51b5e46d31a7b1cdd8d83adca563f07cb4426c5c80c835a74a7c1bd9b4ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fa41ed286c5cb444e953c7db6e23c5f

SHA1
c7aa431702a87ebd41e9e17c1b54232119e02efc

SHA256
042dd92ac076c5d9b1ab05ef4f40d7f258ba457bdf63e27128a580c7d9244d32

SHA512
40cb6d473570722d730ba72ba40db10e1ad47d080144d3eb4272a05ef0367ebf01ab914c349ffccb4b0c25b08b1936b3cfd687514c33f60c574d576b0aee908f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6ef1d65bb919f03c3e829108022d723

SHA1
18c2e9da66c4c397e5045c7c50fb29bd0eaa8e28

SHA256
3a53df479d29fb4369506f07f0d42af2f7d6857e8fd205d0899d242d5ca882b2

SHA512
0e938a401e7471624480d5495f948209dea4780e47d9944cd90b8698fc7140bf499baba01f930691cb382b2dc2a43f590e4f71a0a5e5e9f17fd16023dd3d2b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b12b1e09d9c3796bea48e89a2a251503

SHA1
276e014ca1ec2187b8e3916517baac568b4f9fac

SHA256
3b4aebf6b2b18634ca92258d4a6b26f4e6575f5090e9bc62ccd44e0c8a1ca533

SHA512
753b3425892226f22d3f1d809ae07dd6df5ba1bda9d12cbe0289fe64f89710f443e50d4a992638250e996177386733e15f63952564784feb4a99d271a330dedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d9ab2259b026a7ea094bb8d42930e4c

SHA1
b502598a59a0314de1aaa00363a976fcf3e2eea8

SHA256
6a35962216ea22a26063b23ec173b2b874f64ec7686429b774f3f8d4fd6443ba

SHA512
8450bd641aa5d99d68fba9c7e5e96a83ce73f839cd30929fd6c49b9114d0c9acb8e7d2c30076763c1a01e33bf3a5c2c65cb24b8ec4221bc96b835b1c08dc7105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32e8b4382c87d05f5434ca22cc4348aa

SHA1
16f3b1a4c130066d7f5baa1286fc8d3fc14d539c

SHA256
9bac8ba28aba4a7bf7d71645cc0ebd64a8000464036aa7b4d5caa2f3765800d8

SHA512
cc85105725fabe89bd5c78bfe9b3f487a723b2a33c0a9ce62b408a53825cd94dc3b5cdc618dd64a0fdfc548474f60b8d05fb3d2017879bfa805e4b6159b2c631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f60365697b04fd926a70b4cc68bdcf3b

SHA1
92d50b1c970c6bdf9065bee5a7b00f39e6ac158c

SHA256
ffefd1f90ee006d0c47387e1898e9ecb71b5472ae1aa75f2f57eb40d247bec42

SHA512
2545148b49d25ae47000e47f170c66e41a448a85f9f237eb2964958d48a07ea7a4e7910bda16bfa7a47c81b1b689c0946a7cdd45ec26829090ab9d6c97bcb71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3a3720d0cd035cb56b305028e67e417

SHA1
963b6567efe6d7c719a71b05997cc7c0f1ea609c

SHA256
90e3f3a572e8e21b92d4ef8656b11c3576c2a381d732792c82702203aa38f3a4

SHA512
504d461f0020fa64ea93979a786d24c5ec627ad9c21a674e0949474800f4f89e6e5348a04cc0425065f032123422d1fccee29ae4a5555ed571d48ef352255d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b379c71e1399414c49460860d817179

SHA1
fef758b104ae9440e6e53e686a932c322e0b25d2

SHA256
4e0a7af3ed2cd08608df09bbdf35c9bdf971116bc5acf14dcfe1d1f260885347

SHA512
0403750e1e22782bdb038d54a08da98d83f2bab138c34796f3de1b5ae58303ef1591c38956f88bcb4f7c734282102d07d39ec9ea6ca86f933fd61843b6938130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bfb83fb0456fd7928255e1b4b9d14f16

SHA1
ea4db1debd53aa7176136881f1c3b8867fb07954

SHA256
95907dde9e84648e1f3cb2956496cc9a5e3adb70cc24b384815a4e6aa3d6621c

SHA512
a07a56957467c735a358d407eca7335c13f357a9be957010192171ac699595834a7c6bf7bf7ed1b669569a42b1d9b55e632ec8e11fc959b1740820e8d58da030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbf1862b17c1ded04047916590697176

SHA1
d37ac349a182c66cf1bb2c43c5aaf374bce1e14a

SHA256
beffd060267480b5295704584b37007e39ffc310d44acf8d4ff5a5ee2ad09144

SHA512
e51b2b9afd0cebbea002b2847f91d47b7900b3b2c18aad363175a30e81d2d7c543c1c5f3eee7caf8953a4f3dfe51648b9aa57ffc147c6aef017bc253ceff7b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3679f555863b7f0ac57b1cf5ad5730f0

SHA1
1288cd7e29647ac430473b15390a688e589d9ea5

SHA256
3404c2fd25ef499ec05fcdc6eea0518fdab2f94e27a1cd6c2315fad05134875d

SHA512
20efdc67b3227aa010c63bcd56452bd64bb36198ad52191e24e670f0718c8019b26feaf6a355c975f50ee61d8a66c1fcdd3c12b7f89a7b3b2092219b29225418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d9b0792062a5edd6234f694f29203c1

SHA1
2c7d4237691c21f035494a9ed3d8729491b64ade

SHA256
969b2ffefd17b4e0f8b1dce2bfd96625b1ff49080e8ad7a26d2859b4d9129e6a

SHA512
7ca65c354659d00e05122d33b005ddcce0476bef71d2c5f19dbf7371be6bbad21708d39941a4f598e8c6024618ea71a81b17392011573ef5c4db14f9cff6734d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93feb540cd1de77ed6fb5e8801a7be00

SHA1
7c3420484722b9522582347a788b52038dcc40d7

SHA256
c5a324bf4a2d3be1708ee9e08feb07622409baeabe6b4eaeb92ad9991b51c8fa

SHA512
50d048db943cbcacdb06a3053db926d8e34aab149885f4f1255f93c9242cb9cba10ab83788b630543b9c82f7a5aad0c24b2abcc1b18af125dc13bc3abd3e7bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1e696004e61f51bc4a9ae8024bde326

SHA1
fc625382f028e4ba7abe34b1dce7107556dc7536

SHA256
fac188f2a7403e354080725b4661e3dd846f804a0959454546ab3cac7aa304ac

SHA512
19aa3604f309dcca7db3c2e5f48b64c07869847289db756a353b6319085992e1a79fffb6d86cd559df1038237df9a27decae162bd7a5a8ad410d8c82beb3bb87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba1a738394897c34a8016be5cbe59a70

SHA1
1bb94ad7d575739b7f836cad9ab2b729bacc6da2

SHA256
4a21d92ab404a648b9b70e6d6866633158d31daee6c73a338b6ac86e2cde354c

SHA512
4366d7eb323a986bea26323a89b926d8a5eeb8ec679d696933df0aa4c8517bb2d3be229fdb6df39d1e6e3355cbe26e11deeec39c4ec6a80cb17c83566938562c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e43b20c77a3a3ec64c4973c303a4fed9

SHA1
4e3e6cacd80413525fd739fb7e8fd9934d0fdd56

SHA256
5f3a9fcbcb04e211678978d583e64376290850291c6906fc2313193c2cfd6c28

SHA512
5b52c20013205b4865e3ff14dba9ef0387c383ef248622247c077661670e98102b8bab62fc8329a0d2321ca06c993ad1c812a77171507ae8c2649f57afda0fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80b69648e581f40e40afb1d4d51b3e5e

SHA1
93a207449ea817ede8fafdf7ec5143567bdf0147

SHA256
5abc182badb8ba0599ba04a2e2889b87067129f1173bf88c77b766e08e2ba48a

SHA512
f7ed9cc0e4dc3f612179b4211b9bf529c3b9eceacef54048c2b54d6b3f06cf257e4c111d515fdabfd513d2e6c0eb2158d70b60aa83b1a6c85fdd1fb2d98ce8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7583e8c10e6631f60de528d65b8dbc02

SHA1
4e4d0dbbd4e140eff26ff41e28f7008d1cac10a8

SHA256
fb3f7c851bbf391f707ff2b23643302296ab648521561d6e10830061aff4a127

SHA512
107377080f87cfd6d94ec2f86b6997b274e5db684d5c136f9fdbf088aa514f914292c853b3436874b998405a593b453e4f14e7a3b916f3b62a7d653e90f30f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
ae4ac28f87bc7b7f1bb86f64ffc75196

SHA1
a5ba770cadcaff53a1ff89a7dd39fcbe14035ba9

SHA256
9176ab0cd04a176824d277b547812d38c91f055e5a66b6968fb0898ef170c8d4

SHA512
d313b9d88f8100d5d9c644e2818d77741ab1746c203e3c2c85e7a0199504f2d256eaa74a2d861473204c6d2036c21286a58a471d611851d7130d7264672c4eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
916ee9a6cca1a53a70268fb0b89365c7

SHA1
777808af13cb567f7bafe481ba79fe7a3845a4ab

SHA256
85d1b18d1f1a963fdb97da6c44d5b4abd2d34c45b335788ecdbe78fd95576d26

SHA512
e3d17c65bf782614a8211da3ebff88d9bb80119e6bb0218e725ff08382582450c37fe500ae706bcc3c49e61d037af0f1c1cbeeb37331925bc1909c7237756c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\upnp.exe

Filesize
12KB

MD5
13804f8dc4e72ba103d5e34de895c9db

SHA1
03d7a0500ccb2fef3222ed1eb55f2cbedbb8b8c5

SHA256
da659d8c05cfcb5f0abe167191665359123643000d12140836c28d204294ceb6

SHA512
9abb98795a1b1c142c50c7c110966b4249972de5b1f40445b27d70c3127140b0ddaaada1d92297e96ffd71177b12cd87749953ffdcf6e5da7803b9f9527d7652

Download Submit
C:\Users\Admin\Desktop\xd.exe

Filesize
756KB

MD5
ecd22a64b87953b6f664351e87d43bb3

SHA1
d69789dc1998e012ac4565dc65ef13c0065f3f11

SHA256
70804092a8d8941ecf26213ee28aef84ed70abac23b7d4efaf26803aa892cc2d

SHA512
cf02c8b688baa0a9a84aadff96724cdc23cb1bad7b35068ea11e9377a344d62e539fbe0c43c02786928c712df564cfedff3ed4b7507efae5e9f9f869aed84c9a

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master.zip.crdownload

Filesize
14.6MB

MD5
abef83a4ead4d18c354f98d7e72312f1

SHA1
21e1ce0fa9013534af2a27c6d8fd0798e1028128

SHA256
86ffdda11652f7e00c5fc21eb9f2e97cad4453b5e467501bb1207d3ebb7781ea

SHA512
9145e554f98f8dc66435bd468b6cc064f1f1ea73aafabbb61ec9ed1cb4d6744f22e01f69ac3ed2fd2a3a0c4bb2a50ef658c1d9564f1eaee1848c7f5392742010

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1.zip

Filesize
14.6MB

MD5
9f9347ecf2cc6541fb64acd6fc0a5749

SHA1
6c0d454ec2068d1c7d502a167ca02c8dafd0b244

SHA256
bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d

SHA512
f0367a7c7265d38e52936bac40e0a18236d6544827da7dcdd1f2b19d2d3193b0039f5860a61a30f4e28bca3d2ef06a9c51f1b2c7f05927fad6ba37741ff015f3

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\DarkComet.exe

Filesize
11.3MB

MD5
d761f3aa64064a706a521ba14d0f8741

SHA1
ab7382bcfdf494d0327fccce9c884592bcc1adeb

SHA256
21ca06b18698d14154a45822aaae1e3837d168cc7630bcd3ec3d8c68aaa959e6

SHA512
d2274c03f805a5cd62104492e154fc225c3f6997091accb2f4bff165308fc82ba0d9adf185ec744222bcb4ece08d1ba754a35a2d88c10c5743f4d2e66494377f

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\againzip.ico

Filesize
97KB

MD5
b87dbd32f31532ea8f7af9d28ee7800c

SHA1
0e3e2f5ed1186d09716d91f25913a6341268e47d

SHA256
c3c3b009cb602535c18ed168c0bc448441a62b63c69ff27e3f9c2d8973411250

SHA512
5cbe3a820268917be43ec2991502aff0a7880972eb7804ed1d8709094a26ba4585b95b1505ae4fc7bdaad11e77ad1dde1e7cbdde530bb32b0d95617a47d15de3

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\archive.ico

Filesize
97KB

MD5
5af592df403c50b14b47f9185cfb417f

SHA1
e0a7885d8208c76dfaf0e10d4acd942fc2e917fe

SHA256
99b5cee64ef8164a68cae08d883aef65c4c96d3b57a8b075d330c537aab183c5

SHA512
aae53540e24db201054d9f9291db54b5744f15f3ed097fb9ba405155d85b983b0654352f7c0b0187b34c4dfc45991d38c87d65120aa27e1ddeaf8d77c23262d7

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\bittorrent.ico

Filesize
97KB

MD5
73d8decab435acb32df1dce812ed3acd

SHA1
1cdf281a6f297f09698a155a9010e2c7f6a212e1

SHA256
8e44bc15b2a99d99d4670112b6e3c494ea46adb49a35899ec0192f12dcc30f5f

SHA512
d5f2b589dc2203c03db601b512d3a5dfe40a651931b0c1cc883c17c0202e045e690eeaa2c321cdc08827a86d1dfa4046d6c51f5c5ecd9e4a2a80cffc95bee80d

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\chrome.ico

Filesize
97KB

MD5
16a9e9b49f6e08635ebe55f5ecd5f346

SHA1
1e846edddaf2857168db8e8387916492c3b3405b

SHA256
fcd5923f3401b523c3ad27ce999398328612a86eec253cc7c09030a0035b0f99

SHA512
1a4aafb3cb535c41f3afae7938a41f6ae84ea5bcd7b4b3531e253d1635783e53c950ef1bdf0433db92848e283fe6c1efe58ce2380b39f3f5aee4c35ea85460b9

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\cubic.ico

Filesize
97KB

MD5
f273cf2c932b6d768bb2d1d62e9d2a4a

SHA1
a473fb4b3fb13830e3adbf547e1d7129f7ab5e18

SHA256
713cc5ede2b35ae4933ad31b02b7c4bda1255c9709b219a13162b72f228df652

SHA512
3dc9334afce339eb43a1a76c08aee16daa9cbbc91abf618081e07ebaa990fcf7ebd5b3877d1cbf9b1bf442cced476428dedaf14076501c8493233c41985800c3

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\emulefold.ico

Filesize
97KB

MD5
7a19ef1c29ec87e43983fc94f95ce198

SHA1
f425ac0e69248a441e718238dc24e9f1f24bffbe

SHA256
101169e184ec7450b03811c6f4fee4460ade14a2b93f275a55b617417e7cb5ea

SHA512
897846edd45fbb01fdb133dcb048518c076ecdad97b9ff57832d29c5ee12105ce54253e8a454577d3b9b314202a5fe564b8f09f48faf712a44a9521e9c2e9b71

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\facebook.ico

Filesize
97KB

MD5
c6120e467c833d5f277c2b939251918e

SHA1
8794f9b3dd83a26a1c745dd61f67c7e143287db0

SHA256
62a4fbd69e3e534e2ce8fe2f664ea8a803eb29f2eff3bc7503dba641ab33e589

SHA512
c746c806b2a350463c30328f2e0c0eb1f3ea46c58ad2fcdf62d7bf9853bb687d58772e88ea8395af73c91721a578b47828655a9ce38a54458404d5b00ac823f2

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\facedebook.ico

Filesize
97KB

MD5
a219e70366471a9b13953789791e9a42

SHA1
94678b982b8366be0a4976118b65cfa7550d2a7c

SHA256
7a18fb1007712b31600043bd3c2400b6f8ab1ebabd603f4aa6730089368af734

SHA512
08ad1a527c81bc96dd82eda16431c4e81b298e756257e8a982c38c1152f34977165a6db2b7b7d3700eab0e163a9a1c3181fc1269ef6f9ba77630428ea1995705

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\female.ico

Filesize
97KB

MD5
9ec80b1ed453ced93e4dc6f1131e4cf7

SHA1
99896ee3687b44fc55f1b2f4d549d5179383755e

SHA256
e5e9481ebc946c869655aca4dd53407b0921faed0172cad9cda4d4dc47c7351e

SHA512
fdf4f8c5506991068387d44b221fc5e679c3d7460aca41b7a83ce92efe63618944fb844e032a8d2de5c53ad30a036083053fa87615fbfc309b948351bcd725b2

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\ffox.ico

Filesize
97KB

MD5
3bb3e1c6a6ad5c89934f34be4b1e458d

SHA1
7444b0857ccb72e3dee1b07f1273348c15f295cf

SHA256
5b4ee4c5878336be86574d599a252d1a5472fc0579bafcccd71f25bccfb0c003

SHA512
1221c68c591624218b2f6809c36892400ab2c399971780a4828e83cef4018ad8e33bf2d6bac6cc5cfbd3565feffba7fac749d14baf7d831fc0fd9a9038bf6626

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\ffoxwhite.ico

Filesize
97KB

MD5
882bbfbf5cbc4c791e32e6a74d0f4eed

SHA1
affaca5862ccffc5e8148d709fe5e6335dcafb6f

SHA256
a3bf3fee486dc890cc3c8295a36da3a6045d2ee70d17d8a370b87eccb0473b5e

SHA512
a54e1841b8fbd90344992f00f4b0586b57090214b5eccff4b7792eb349be4ae887d4bcef697d11d6d64ef05cb2f4e207a020c047fc572527ed1ec7364cca8152

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\girl.ico

Filesize
97KB

MD5
846e57f8ba357943141eeebd6c454e33

SHA1
9d7eeb6113fdb188c58e0bd21b7bc43cfacfa96b

SHA256
9f4f839255213d82abe0070caa720aeef01b1f0195ddac8a3437d7931b31a890

SHA512
d67512dfba0c7023428b2a8f4cc0ba81e2a2a2eb2514f0f934b3618a348581bc3216c9cef4923006264b3f5dc4b50980b42b0d0c40988d7498905fe5d48e13f2

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\heart.ico

Filesize
97KB

MD5
ad26dd83ae2ec2ddf0cc07021825d063

SHA1
1833edf0070e4f089470834ccd264725e206ec70

SHA256
11d3eac0551cae9686bc6ebe6166e6eeab70c3b5f5bfc56db45ff9dafc8188d7

SHA512
98238db2f29264b18d5c1b23ae38a67819faa19db55a94f8a6ace95e43e0742735a72f2a8191b254e86424f82a46b09504c5e4090031ee1f7b362d4375897502

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\idontknowlol.ico

Filesize
97KB

MD5
7ac0c49cc1cd32b141693995e8163479

SHA1
591b52e827426974bed3caddb17f9701f1729198

SHA256
a367776a8dc47053258f37edef7537d251e40d409cc8f51bc9d271d785be291b

SHA512
ce90c7d23cdbffacba7f83613fa0562af5a0932e8543739174ceb5b9320e8c7faa60299fdf667ee3c19dccef3c2566df00c8cec029303c4205f52d169d2d5c42

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\limewire.ico

Filesize
97KB

MD5
8f880b2b80387f6acde78230ef28bc77

SHA1
dd6984de04b1b74805882050525de70426e753d1

SHA256
79661a5ed0eeb027958aeeedb66de400412a6fe06f1dfd5ab8abe3c14a1570eb

SHA512
cd084b648ea58e3b062ec602e25342509d425949ae20a73349322a11376ee1ad556604facc6ec6ad38479007bdccddc3ef96efbe6624dabc566677dd10122c94

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\limwizearrow.ico

Filesize
97KB

MD5
75c74ff8112550471b9735189cb36c70

SHA1
2b2e1fefdbf6e8c5a1875a01f8f98b94bdd2630f

SHA256
330467c3b86d06b43d3c5d7148c4aee3672c096aba4a0a99fea124cfe303095d

SHA512
b879da97937a7c7e21a8fe7ddb1104261c92340f4f75f896839a49c15e486bcd1395efc820d5b6fc5c3f10c39929f2ae56539b2c808343e296e31170d665a17c

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\limy.ico

Filesize
97KB

MD5
925fdf30a687bba4d7bd85def5def9f0

SHA1
61962dac96adcb884dbb7786ad9adf22a166232a

SHA256
279eaad8880dea2d52b8221c38f501fa34701f5127bbc41591921b69a5a0934d

SHA512
59af01947f36e8a751d2d7cb199f9f379f7b886779112debae9d6a0f6c47c137903500f27ff06587a977247610f5912957079f36b9f7a3a097009caf90f0ef0c

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\mov.ico

Filesize
97KB

MD5
71ea5c0cc8245978042ca1a57e70149c

SHA1
7f4aac912657c833f22bdd6ab993ae1cccebad1f

SHA256
9deffadaca7d25ae8e04d2cbab6acb19e79c17c9456e30d8750cf5803b5f298c

SHA512
74bc9e3e11ec593f6a10228e30ad4658608b532dc36f94ec04b49e6e75bf3eb1feae508697b7ac0e5c9ca91e6ab38b0594856b8cbd49adfbd162a07ff2604bce

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\rar.ico

Filesize
97KB

MD5
f11ca004114c0382836197bb597bf509

SHA1
96488172264d9c041da502a4a357b2f41c0967f0

SHA256
c42ee1c8031b1e1917cef782b2d73460cc65ac3cfd6fe48737804459e25226be

SHA512
b8d34d1f4f913e48d73379cc7389e91facfe8da9f06bd78499ff31523f5b0ef6efb5dae1211a50905962d3fedc47cb8b182db1f514c5877d8a1678b15c0023b1

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\shareaza.ico

Filesize
97KB

MD5
ede558c3365551e09a966536b1a61209

SHA1
f12a153e8f2ecfb8236ebb16db493dbd045df98f

SHA256
964d15e5aa45d26fc0d14912416e268f3caf31420f949c7734c92b7d58dd22f2

SHA512
2dcc1302ca6d05fd1797182d99557202ec437093bb25403d3ba780e01ad87f344936f963ca1d9243519a7cbcf023daa8004328b036f16798431b29681aaa4de0

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\steam.ico

Filesize
97KB

MD5
a4e06cf0293bc3fa83db852e1c9ca2bb

SHA1
99cbe81b5a67ee920070800d4d5b8e5d617ece80

SHA256
42ae2353c1a9f101567bf0f5dc0dd848c9f1c7f25a1fa9b526b0e881e017cdec

SHA512
22f478d364bb32fb696519b5c895dafcf47f470c28bead5ea3fbb97ace0f6900268b309107ccd0dafbc8571bb28200d6e8bf4b9693071f5440c3139cd64cfebb

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\steamfag.ico

Filesize
97KB

MD5
a7b87171a833e2eae9e0610545e4fe48

SHA1
af9c18e50d1a5eb41c44c037a579ed1383826221

SHA256
9f02ceca15fbb244a3dc8ddcedc82441779e43e56495233098d096157c1497aa

SHA512
bcd7b0630f08d48dd3537f1c382982fa5a42fd7d82731fb2628a3c65a51955abffba976400629b3e270ee0cc3ce7e1ce342d252273e351dcc6f0f7f5e9985d54

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\utorrent.ico

Filesize
97KB

MD5
13a203726213ebe1120330a01c85e020

SHA1
0ba42571c83fa789a40e2377ca747a52af785f39

SHA256
17a55f7e7cde8b9e75a1a54930047014d2de0f3c90f7d297dc71af984e6eabf5

SHA512
6cdcc39b0d3d6309a8f23184460012d44bd498218a6f55ccc0d2916e45cd97738cc1487df96a2f04da2e858c66e7c1fd6fe5494120403916db24f7197f1150ad

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\utorrent2.ico

Filesize
97KB

MD5
fe767036dde72aa116dfec4d85316097

SHA1
38015110c63531c2b83623c7ad2a7ea38974d823

SHA256
0d0b0e33fe0c7058298d161e4fdb7a95fc30620aefb3cc86ec989ee00e6f085c

SHA512
0bbf9ad9e5d653c3a5149243a87656eedbc36975021067c9474d639d33e56168787fbed45cdeecc05ce3d7d96397919a0c2fbe7f933aaf677fa1500f9f7eba4b

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\utorrentfold.ico

Filesize
97KB

MD5
9bd46aa8a6a9515ce610c48b568b04db

SHA1
c7acd58ebce43b7b106f2be73a3dbf0f3823f1ae

SHA256
fcf06a10537d646cb9d0af81b9bf096b5766b87fbe8d5aa487c2765dc7563cfa

SHA512
f2869bf9a74e2d3bf6ad1043069de3b1cbe7903fb13d0b089f9ff68c646b9f3bc2117bef73d13b2f9de53d1697ca395ce3da8d24acaaf154d0518d783246767e

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\viagrafemale.ico

Filesize
14KB

MD5
fcf35c04537b9f0bfed48b00dfdac72f

SHA1
1a8535fc1d38afaf32341980aafbe106736e6855

SHA256
08f38e7bdd931bd2dd3b7da2800f21e4492b53a81dd97d6a1c4723c87ca6a87b

SHA512
4f8132268dd668b0e84380cebc2a7d1e647964ced2757fb761ab0070c35f5e9f9dba170b42831f96354604a383dc7fbc3507fbc504ed33f0864d4000466f5605

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\win.ico

Filesize
31KB

MD5
668b3283b8b3355e456d8f757d29d306

SHA1
fe18afd55f490f495823b5d5c67eefac3d3d9cdc

SHA256
a459017f231416448a88180a76619fa54acabafbc3aea12cb7e3c245c1c77ffd

SHA512
65c1d52e89adc6377acd6cf27491c1da08f68315a550338a6e7c37266ad96eb332f98ca1d30b22173b4421fb8d4595c68985354cd5550575c07e083fd25824c1

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\winfolder.ico

Filesize
97KB

MD5
731bff80b494d3337ed41322ad5e8bd3

SHA1
920bcbb93bb73414d17e7155630c73e633f34275

SHA256
57cb616228fedb666ed3d157c14b7a6eed08239aba8bcb2895d9243d6eb64c74

SHA512
fbd0722cdf439c8842e6c6a207036dece7c926301255caf6d19bb45aa38b10474f3b445f12af59bb2ced961e7905098eb092adc2ea0f0884013f1f41f811c600

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\winmov.ico

Filesize
31KB

MD5
18c58ac76371e7f5f0bd7757a4754c11

SHA1
e84bde268887c41411847b3d029127eb44530f39

SHA256
f2ade358b9ee41807e043387cc8818b458a82db9f9208090a3a5b90a633952ce

SHA512
fb4e7e786af6c863b231cbf8476be25fc1e0a18588150ddc3c04b5a365618ddfe38293d465d1ca1658f6bd4a9c8c025d6bf7a2ac182627389517150925141bfc

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\wintool.ico

Filesize
97KB

MD5
6dc053a0cbd40d8c7ef064d658468f78

SHA1
b7d3245b002a7a06d3a115f466d56da0501c0030

SHA256
3d0486cafdcc262b43c6a802fe6a5bc906b93dc2723704838589ae07c72ba0fa

SHA512
0cc5fe23129f2719d89c356f0f8071c9d01459d28db3c96be14e735a33d5488f28540438182ae1cdcfe4b81600843ed130ca7120fed48d0af32238d6e846cbbe

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\Icons\zipzip.ico

Filesize
97KB

MD5
6c5fd527c2646604da317eb189bec62f

SHA1
d24dc5e0bb4cc1ecdefc74f9933973b73cff3695

SHA256
67b314ec74424d74bbde5c61c87d1b30b2078ed86d59ef8e6f5002e448e8ff22

SHA512
d26148a33b45b8fcdfe598a34149adf3ba0db29062b036fcfcc3bd05ca504fd10b702d78b7265509f26c50c3d38c2b4d12cdaf2593cad6ff974787b897d11add

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\comet.db

Filesize
9KB

MD5
a2fa02319ebecf1da1bc197194bfaa4a

SHA1
4561f94418b8f541dd871e63009ac0252f51262b

SHA256
8bcf0d3bb80840ac5d6b8d5888efdd5dedda4e620f71a47c3d559dd6fc1a5222

SHA512
8fc100ab7df96795cd6ffcdad5041382c800d874d011ce3abf67a8ac26aa84eb65d73d30336e86baa741ee49e094932a582ad648353e4f689f867ef83d82978b

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\config.ini

Filesize
522B

MD5
0a5baccb60ddf613c9ef2b18e0b1863f

SHA1
39bb75213fab1a7b9ab51089ef54f43086d8b1f3

SHA256
21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e

SHA512
b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b

Download Submit
C:\Users\Admin\Downloads\DarkComet-RAT-5.3.1-master\Darkcomet RAT 5.3.1\sqlite3.dll

Filesize
510KB

MD5
d3979db259f55d59b4edb327673c1905

SHA1
0697e8f35b5951c61a3a632d74fd96843c941628

SHA256
043e5570299c6099756c1809c5632eabeab95ed3c1a55c86843c0ec218940e5a

SHA512
0b87c89aafd3e627c7d6bed0b833601fea1917a76a972061f32a2d9e4aa2e9e85b5e8a67cb330ca44aff17915d0fe2793798451a109d3f0b5014eed06b73bb45

Download Submit
\??\pipe\crashpad_4408_RCXTUOCUBAJWWPHO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2528-975-0x000001D534D10000-0x000001D534D11000-memory.dmp

Filesize
4KB

Download
memory/2528-977-0x000001D534D20000-0x000001D534D21000-memory.dmp

Filesize
4KB

Download
memory/2528-976-0x000001D534D20000-0x000001D534D21000-memory.dmp

Filesize
4KB

Download
memory/2528-978-0x000001D534D20000-0x000001D534D21000-memory.dmp

Filesize
4KB

Download
memory/2528-974-0x000001D534D00000-0x000001D534D01000-memory.dmp

Filesize
4KB

Download
memory/2528-942-0x000001D52C640000-0x000001D52C650000-memory.dmp

Filesize
64KB

Download
memory/2528-958-0x000001D52C740000-0x000001D52C750000-memory.dmp

Filesize
64KB

Download
memory/2528-981-0x000001D534D20000-0x000001D534D21000-memory.dmp

Filesize
4KB

Download
memory/2528-980-0x000001D534D20000-0x000001D534D21000-memory.dmp

Filesize
4KB

Download
memory/2528-979-0x000001D534D20000-0x000001D534D21000-memory.dmp

Filesize
4KB

Download
memory/2592-930-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2592-889-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2592-888-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2592-878-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/2624-1053-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/4552-2-0x00000210940E0000-0x0000021094350000-memory.dmp

Filesize
2.4MB

Download
memory/4552-90-0x0000021094350000-0x0000021094360000-memory.dmp

Filesize
64KB

Download
memory/4552-91-0x0000021094360000-0x0000021094370000-memory.dmp

Filesize
64KB

Download
memory/4552-92-0x0000021094370000-0x0000021094380000-memory.dmp

Filesize
64KB

Download
memory/4552-93-0x0000021094380000-0x0000021094390000-memory.dmp

Filesize
64KB

Download
memory/4552-94-0x0000021094390000-0x00000210943A0000-memory.dmp

Filesize
64KB

Download
memory/4552-95-0x00000210943A0000-0x00000210943B0000-memory.dmp

Filesize
64KB

Download
memory/4552-96-0x00000210943B0000-0x00000210943C0000-memory.dmp

Filesize
64KB

Download
memory/4552-97-0x00000210943C0000-0x00000210943D0000-memory.dmp

Filesize
64KB

Download
memory/4552-98-0x00000210943D0000-0x00000210943E0000-memory.dmp

Filesize
64KB

Download
memory/4552-99-0x00000210943E0000-0x00000210943F0000-memory.dmp

Filesize
64KB

Download
memory/4552-100-0x00000210943F0000-0x0000021094400000-memory.dmp

Filesize
64KB

Download
memory/4552-101-0x0000021094410000-0x0000021094420000-memory.dmp

Filesize
64KB

Download
memory/4552-102-0x0000021094420000-0x0000021094430000-memory.dmp

Filesize
64KB

Download
memory/4552-103-0x0000021094430000-0x0000021094440000-memory.dmp

Filesize
64KB

Download
memory/4552-104-0x0000021094440000-0x0000021094450000-memory.dmp

Filesize
64KB

Download
memory/4552-105-0x0000021094450000-0x0000021094460000-memory.dmp

Filesize
64KB

Download
memory/4552-106-0x0000021094460000-0x0000021094470000-memory.dmp

Filesize
64KB

Download
memory/4552-107-0x0000021094470000-0x0000021094480000-memory.dmp

Filesize
64KB

Download
memory/4552-89-0x00000210940E0000-0x0000021094350000-memory.dmp

Filesize
2.4MB

Download
memory/4552-88-0x00000210940C0000-0x00000210940C1000-memory.dmp

Filesize
4KB

Download
memory/4552-84-0x0000021094470000-0x0000021094480000-memory.dmp

Filesize
64KB

Download
memory/4552-83-0x0000021094400000-0x0000021094410000-memory.dmp

Filesize
64KB

Download
memory/4552-81-0x0000021094460000-0x0000021094470000-memory.dmp

Filesize
64KB

Download
memory/4552-78-0x0000021094450000-0x0000021094460000-memory.dmp

Filesize
64KB

Download
memory/4552-77-0x00000210943F0000-0x0000021094400000-memory.dmp

Filesize
64KB

Download
memory/4552-75-0x00000210943E0000-0x00000210943F0000-memory.dmp

Filesize
64KB

Download
memory/4552-73-0x00000210943D0000-0x00000210943E0000-memory.dmp

Filesize
64KB

Download
memory/4552-71-0x0000021094440000-0x0000021094450000-memory.dmp

Filesize
64KB

Download
memory/4552-70-0x00000210943C0000-0x00000210943D0000-memory.dmp

Filesize
64KB

Download
memory/4552-68-0x0000021094430000-0x0000021094440000-memory.dmp

Filesize
64KB

Download
memory/4552-66-0x0000021094420000-0x0000021094430000-memory.dmp

Filesize
64KB

Download
memory/4552-65-0x00000210943B0000-0x00000210943C0000-memory.dmp

Filesize
64KB

Download
memory/4552-61-0x00000210943A0000-0x00000210943B0000-memory.dmp

Filesize
64KB

Download
memory/4552-62-0x0000021094410000-0x0000021094420000-memory.dmp

Filesize
64KB

Download
memory/4552-58-0x0000021094390000-0x00000210943A0000-memory.dmp

Filesize
64KB

Download
memory/4552-59-0x0000021094400000-0x0000021094410000-memory.dmp

Filesize
64KB

Download
memory/4552-57-0x0000021094380000-0x0000021094390000-memory.dmp

Filesize
64KB

Download
memory/4552-54-0x00000210943F0000-0x0000021094400000-memory.dmp

Filesize
64KB

Download
memory/4552-53-0x0000021094370000-0x0000021094380000-memory.dmp

Filesize
64KB

Download
memory/4552-50-0x00000210943E0000-0x00000210943F0000-memory.dmp

Filesize
64KB

Download
memory/4552-49-0x0000021094360000-0x0000021094370000-memory.dmp

Filesize
64KB

Download
memory/4552-47-0x00000210943D0000-0x00000210943E0000-memory.dmp

Filesize
64KB

Download
memory/4552-46-0x0000021094350000-0x0000021094360000-memory.dmp

Filesize
64KB

Download
memory/4552-43-0x00000210943C0000-0x00000210943D0000-memory.dmp

Filesize
64KB

Download
memory/4552-39-0x00000210943B0000-0x00000210943C0000-memory.dmp

Filesize
64KB

Download
memory/4552-37-0x00000210943A0000-0x00000210943B0000-memory.dmp

Filesize
64KB

Download
memory/4552-36-0x00000210940E0000-0x0000021094350000-memory.dmp

Filesize
2.4MB

Download
memory/4552-34-0x0000021094390000-0x00000210943A0000-memory.dmp

Filesize
64KB

Download
memory/4552-32-0x0000021094380000-0x0000021094390000-memory.dmp

Filesize
64KB

Download
memory/4552-29-0x0000021094370000-0x0000021094380000-memory.dmp

Filesize
64KB

Download
memory/4552-26-0x0000021094360000-0x0000021094370000-memory.dmp

Filesize
64KB

Download
memory/4552-24-0x0000021094350000-0x0000021094360000-memory.dmp

Filesize
64KB

Download
memory/4552-19-0x00000210940C0000-0x00000210940C1000-memory.dmp

Filesize
4KB

Download
memory/4552-17-0x00000210940C0000-0x00000210940C1000-memory.dmp

Filesize
4KB

Download
memory/5980-941-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/5980-928-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download