darkcomet | hxxps://github[.]com/Cryakl/Ultimate-RAT-Collection/tree/main/DarkComet

Analysis

max time kernel
474s
max time network
447s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04/02/2025, 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/DarkComet

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Executes dropped EXE 4 IoCs

pid	Process
4660	DarkComet.exe
1672	a.exe
2764	a.exe
4404	aa.exe

Loads dropped DLL 1 IoCs

pid	Process
4660	DarkComet.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
62	raw.githubusercontent.com
61	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DarkComet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	DarkComet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "4"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000aa5672726971db0172148be84677db0172148be84677db0114000000	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	DarkComet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Documents"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "5"	DarkComet.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	DarkComet.exe
Key created	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	DarkComet.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2994328021-2832906384-2448483822-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DarkComet.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
3064	msedge.exe
3064	msedge.exe
3132	identity_helper.exe
3132	identity_helper.exe
4172	msedge.exe
4172	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3180	7zFM.exe
4660	DarkComet.exe
1868	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3180	7zFM.exe
Token: 35	3180	7zFM.exe
Token: SeSecurityPrivilege	3180	7zFM.exe
Token: SeRestorePrivilege	3344	7zFM.exe
Token: 35	3344	7zFM.exe
Token: SeIncreaseQuotaPrivilege	1672	a.exe
Token: SeSecurityPrivilege	1672	a.exe
Token: SeTakeOwnershipPrivilege	1672	a.exe
Token: SeLoadDriverPrivilege	1672	a.exe
Token: SeSystemProfilePrivilege	1672	a.exe
Token: SeSystemtimePrivilege	1672	a.exe
Token: SeProfSingleProcessPrivilege	1672	a.exe
Token: SeIncBasePriorityPrivilege	1672	a.exe
Token: SeCreatePagefilePrivilege	1672	a.exe
Token: SeBackupPrivilege	1672	a.exe
Token: SeRestorePrivilege	1672	a.exe
Token: SeShutdownPrivilege	1672	a.exe
Token: SeDebugPrivilege	1672	a.exe
Token: SeSystemEnvironmentPrivilege	1672	a.exe
Token: SeChangeNotifyPrivilege	1672	a.exe
Token: SeRemoteShutdownPrivilege	1672	a.exe
Token: SeUndockPrivilege	1672	a.exe
Token: SeManageVolumePrivilege	1672	a.exe
Token: SeImpersonatePrivilege	1672	a.exe
Token: SeCreateGlobalPrivilege	1672	a.exe
Token: 33	1672	a.exe
Token: 34	1672	a.exe
Token: 35	1672	a.exe
Token: 36	1672	a.exe
Token: SeIncreaseQuotaPrivilege	2764	a.exe
Token: SeSecurityPrivilege	2764	a.exe
Token: SeTakeOwnershipPrivilege	2764	a.exe
Token: SeLoadDriverPrivilege	2764	a.exe
Token: SeSystemProfilePrivilege	2764	a.exe
Token: SeSystemtimePrivilege	2764	a.exe
Token: SeProfSingleProcessPrivilege	2764	a.exe
Token: SeIncBasePriorityPrivilege	2764	a.exe
Token: SeCreatePagefilePrivilege	2764	a.exe
Token: SeBackupPrivilege	2764	a.exe
Token: SeRestorePrivilege	2764	a.exe
Token: SeShutdownPrivilege	2764	a.exe
Token: SeDebugPrivilege	2764	a.exe
Token: SeSystemEnvironmentPrivilege	2764	a.exe
Token: SeChangeNotifyPrivilege	2764	a.exe
Token: SeRemoteShutdownPrivilege	2764	a.exe
Token: SeUndockPrivilege	2764	a.exe
Token: SeManageVolumePrivilege	2764	a.exe
Token: SeImpersonatePrivilege	2764	a.exe
Token: SeCreateGlobalPrivilege	2764	a.exe
Token: 33	2764	a.exe
Token: 34	2764	a.exe
Token: 35	2764	a.exe
Token: 36	2764	a.exe
Token: SeIncreaseQuotaPrivilege	4404	aa.exe
Token: SeSecurityPrivilege	4404	aa.exe
Token: SeTakeOwnershipPrivilege	4404	aa.exe
Token: SeLoadDriverPrivilege	4404	aa.exe
Token: SeSystemProfilePrivilege	4404	aa.exe
Token: SeSystemtimePrivilege	4404	aa.exe
Token: SeProfSingleProcessPrivilege	4404	aa.exe
Token: SeIncBasePriorityPrivilege	4404	aa.exe
Token: SeCreatePagefilePrivilege	4404	aa.exe
Token: SeBackupPrivilege	4404	aa.exe
Token: SeRestorePrivilege	4404	aa.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3180	7zFM.exe
3180	7zFM.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
3344	7zFM.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
1868	OpenWith.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe
4660	DarkComet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 3948	3064	msedge.exe	84
PID 3064 wrote to memory of 3948	3064	msedge.exe	84
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 4288	3064	msedge.exe	85
PID 3064 wrote to memory of 2988	3064	msedge.exe	86
PID 3064 wrote to memory of 2988	3064	msedge.exe	86
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87
PID 3064 wrote to memory of 3144	3064	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Cryakl/Ultimate-RAT-Collection/tree/main/DarkComet
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd300746f8,0x7ffd30074708,0x7ffd30074718
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,9447123869819762132,4747746288950527078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2016

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\DarkComet RAT 5.3.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3180

C:\Users\Admin\Desktop\DarkComet RAT 5.3\DarkComet.exe
"C:\Users\Admin\Desktop\DarkComet RAT 5.3\DarkComet.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:1816

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\a.dcp"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3344

C:\Users\Admin\Desktop\a.exe
"C:\Users\Admin\Desktop\a.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1672

C:\Users\Admin\Desktop\a.exe
"C:\Users\Admin\Desktop\a.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2764

C:\Users\Admin\Desktop\aa.exe
"C:\Users\Admin\Desktop\aa.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
55708ea6a193823c5162db60a9f7396d

SHA1
cc48e8644d8a1c4588af35d319a477e6457416dd

SHA256
2e00fc9c4ec5aa772eb34ec24bd92e66b23a5100789a7d7d05b97344bc0c45c9

SHA512
fb5fabcd0341d2c7af481cba196cacd4ef577ec356d92e8623646fddf3a51badcce19a261c7df3e705af6aa790a56e64d73888a6e8cd508b87c3d341fde8f690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1ec7a779f2325a8eb18693712aac5d4f

SHA1
5b110710f4765e5faeccecbfbc56385b9aa6be12

SHA256
9c1d9142894b37c667968b5c11b3c752ffb3ecb98c37199bf3c3b9fcf78e723e

SHA512
9a4f880a3a603c8e48c489da2dfe71d70306dd4736f6484c8db51f75985d302de433165cf5472df4fa3671ecb599f6cb4200cee8df7c7caf53fa48cc1cc9d10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
678B

MD5
aac7c354eaaf7729c023d3470f09dd56

SHA1
dcbb2397a8c4559f9e10f89317d86cd5c1f17e78

SHA256
2b465bfdca42354c1b22b5473e47c07650def7ffbdd4c1a463ed1b6d42d291dd

SHA512
cf3c691fe54030080445abd9a26f77a018a5de3f408ed89b998d0b171fdc801f52fabd8c4caa8be2f3b3cb97a7be50a992bf8ce9de26a59ff0530d0e32e58204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98200fff5b004c2197e270089bc5ee06

SHA1
e95ed160d9802729d96820b5632beb4cedd17c55

SHA256
ad73c1bf5003703b8b1d23cb879a7798c70e64be961c12b97cf7dc33158677ba

SHA512
db82d6fe3f01139cf22ba0a0ced80f7b3b8f8c9a5faa87fec76ef60acc93b5f0b5832b07073c06431d85993154b207a1b0fafcbd33975e5134a16826ee78d4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06c8e4c95f809f6a814ac329341ac399

SHA1
c76042b9aece166bb306ca131381e1aa940d6e99

SHA256
7fce6c9c4874ead77be21142c89c4b84dc9ec1735d9c1472c1c6024e3c5eb8f9

SHA512
aeb478a21fa4dd3340e9e4bc0f8e8162c9e8610018ce140a4e56bba21dd9560a1665061634c2aa15edacb77eb3803872eacbcc8dd3d820271374e5d254c9340a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71c8329cd726539ad038ffc442a34282

SHA1
d4b4159f074370913d2b0590b4b530057bcbb01a

SHA256
4a2f3475e43fcf572e5ec19ae2ccc8d2a7d0a08798d8d246fe39c9699b6e8e5b

SHA512
264a22ae498202661d94032b29b50fa35af6e275ac71b3464bd2a5d071b12c51ab898b5ed18ed89d110424870bbcae39910d931c88ea6aeb22f10e156f81f0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7a6b081c196dd786b3117d9725df966c

SHA1
1c68b0d4e7f7bd3724fa212aec03cf7e0677bfac

SHA256
749dc5e0330559354a240f21f3dbd5030a8f7f4a1b39c15debb87d06901432bf

SHA512
12490cc499b3fda45ddf92853def00d5d104d7cdca55f81475c28d9b1aa38c87c1c19be832b3290c4c6c67d4da4b8ba56034cf9e4016bd6a87cfcf46f6d72873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b4cb4fa29fcb73278f04768272af706b

SHA1
d95fafde03b89b9360cf426825a17c9277fccb64

SHA256
d30ca862ca68042778dde2b4dee24470998786d7e6709d2ea13d14da7d3047b9

SHA512
ad1af0408c97e4d92bd89b43a846bad89ffbe7fa48cac9a1ba50256c886765f54a9ba818b97065b2b1390b2d7950f709eadad1823e9abe0aabf072ac97076a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1bcfc78de67809580b2a1e8774f72805

SHA1
b2869da4a17ca24d25b1b901261877c87f556574

SHA256
34e219136c3eecaca7f3a514f14a306fd6c7ec19c959d0d5bb250333dab57fce

SHA512
36ee7100282a1358ae91e6364464e0faa1f727ca068544345051bea5988dfc28db25176b0d6f9d40f888c5288c2b869f502122ade476f0c903bdf4def02c51b7

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\DarkComet.exe

Filesize
11.3MB

MD5
cf8656444e90421f3a05f6a7c30884b3

SHA1
f08990f2cd99beddc274c3e8b6c3d5d1d4fdca1e

SHA256
0d2536112fc0b0960f00bf8d8b8a824dd0bcaf9b46336398edc11f2fdab63ecf

SHA512
0916843006f3536fe4c3ec15df9dc8e5adccbfdc5eb9358dc02b48bed5038ff7ed4610da771969032da2e261fef2db795d928fc694e59a4a77bc9e044d1bf20b

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\againzip.ico

Filesize
97KB

MD5
b87dbd32f31532ea8f7af9d28ee7800c

SHA1
0e3e2f5ed1186d09716d91f25913a6341268e47d

SHA256
c3c3b009cb602535c18ed168c0bc448441a62b63c69ff27e3f9c2d8973411250

SHA512
5cbe3a820268917be43ec2991502aff0a7880972eb7804ed1d8709094a26ba4585b95b1505ae4fc7bdaad11e77ad1dde1e7cbdde530bb32b0d95617a47d15de3

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\archive.ico

Filesize
97KB

MD5
5af592df403c50b14b47f9185cfb417f

SHA1
e0a7885d8208c76dfaf0e10d4acd942fc2e917fe

SHA256
99b5cee64ef8164a68cae08d883aef65c4c96d3b57a8b075d330c537aab183c5

SHA512
aae53540e24db201054d9f9291db54b5744f15f3ed097fb9ba405155d85b983b0654352f7c0b0187b34c4dfc45991d38c87d65120aa27e1ddeaf8d77c23262d7

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\bittorrent.ico

Filesize
97KB

MD5
73d8decab435acb32df1dce812ed3acd

SHA1
1cdf281a6f297f09698a155a9010e2c7f6a212e1

SHA256
8e44bc15b2a99d99d4670112b6e3c494ea46adb49a35899ec0192f12dcc30f5f

SHA512
d5f2b589dc2203c03db601b512d3a5dfe40a651931b0c1cc883c17c0202e045e690eeaa2c321cdc08827a86d1dfa4046d6c51f5c5ecd9e4a2a80cffc95bee80d

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\chrome.ico

Filesize
97KB

MD5
16a9e9b49f6e08635ebe55f5ecd5f346

SHA1
1e846edddaf2857168db8e8387916492c3b3405b

SHA256
fcd5923f3401b523c3ad27ce999398328612a86eec253cc7c09030a0035b0f99

SHA512
1a4aafb3cb535c41f3afae7938a41f6ae84ea5bcd7b4b3531e253d1635783e53c950ef1bdf0433db92848e283fe6c1efe58ce2380b39f3f5aee4c35ea85460b9

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\cubic.ico

Filesize
97KB

MD5
f273cf2c932b6d768bb2d1d62e9d2a4a

SHA1
a473fb4b3fb13830e3adbf547e1d7129f7ab5e18

SHA256
713cc5ede2b35ae4933ad31b02b7c4bda1255c9709b219a13162b72f228df652

SHA512
3dc9334afce339eb43a1a76c08aee16daa9cbbc91abf618081e07ebaa990fcf7ebd5b3877d1cbf9b1bf442cced476428dedaf14076501c8493233c41985800c3

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\emulefold.ico

Filesize
97KB

MD5
7a19ef1c29ec87e43983fc94f95ce198

SHA1
f425ac0e69248a441e718238dc24e9f1f24bffbe

SHA256
101169e184ec7450b03811c6f4fee4460ade14a2b93f275a55b617417e7cb5ea

SHA512
897846edd45fbb01fdb133dcb048518c076ecdad97b9ff57832d29c5ee12105ce54253e8a454577d3b9b314202a5fe564b8f09f48faf712a44a9521e9c2e9b71

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\facebook.ico

Filesize
97KB

MD5
c6120e467c833d5f277c2b939251918e

SHA1
8794f9b3dd83a26a1c745dd61f67c7e143287db0

SHA256
62a4fbd69e3e534e2ce8fe2f664ea8a803eb29f2eff3bc7503dba641ab33e589

SHA512
c746c806b2a350463c30328f2e0c0eb1f3ea46c58ad2fcdf62d7bf9853bb687d58772e88ea8395af73c91721a578b47828655a9ce38a54458404d5b00ac823f2

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\facedebook.ico

Filesize
97KB

MD5
a219e70366471a9b13953789791e9a42

SHA1
94678b982b8366be0a4976118b65cfa7550d2a7c

SHA256
7a18fb1007712b31600043bd3c2400b6f8ab1ebabd603f4aa6730089368af734

SHA512
08ad1a527c81bc96dd82eda16431c4e81b298e756257e8a982c38c1152f34977165a6db2b7b7d3700eab0e163a9a1c3181fc1269ef6f9ba77630428ea1995705

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\female.ico

Filesize
97KB

MD5
9ec80b1ed453ced93e4dc6f1131e4cf7

SHA1
99896ee3687b44fc55f1b2f4d549d5179383755e

SHA256
e5e9481ebc946c869655aca4dd53407b0921faed0172cad9cda4d4dc47c7351e

SHA512
fdf4f8c5506991068387d44b221fc5e679c3d7460aca41b7a83ce92efe63618944fb844e032a8d2de5c53ad30a036083053fa87615fbfc309b948351bcd725b2

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\ffox.ico

Filesize
97KB

MD5
3bb3e1c6a6ad5c89934f34be4b1e458d

SHA1
7444b0857ccb72e3dee1b07f1273348c15f295cf

SHA256
5b4ee4c5878336be86574d599a252d1a5472fc0579bafcccd71f25bccfb0c003

SHA512
1221c68c591624218b2f6809c36892400ab2c399971780a4828e83cef4018ad8e33bf2d6bac6cc5cfbd3565feffba7fac749d14baf7d831fc0fd9a9038bf6626

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\ffoxwhite.ico

Filesize
97KB

MD5
882bbfbf5cbc4c791e32e6a74d0f4eed

SHA1
affaca5862ccffc5e8148d709fe5e6335dcafb6f

SHA256
a3bf3fee486dc890cc3c8295a36da3a6045d2ee70d17d8a370b87eccb0473b5e

SHA512
a54e1841b8fbd90344992f00f4b0586b57090214b5eccff4b7792eb349be4ae887d4bcef697d11d6d64ef05cb2f4e207a020c047fc572527ed1ec7364cca8152

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\girl.ico

Filesize
97KB

MD5
846e57f8ba357943141eeebd6c454e33

SHA1
9d7eeb6113fdb188c58e0bd21b7bc43cfacfa96b

SHA256
9f4f839255213d82abe0070caa720aeef01b1f0195ddac8a3437d7931b31a890

SHA512
d67512dfba0c7023428b2a8f4cc0ba81e2a2a2eb2514f0f934b3618a348581bc3216c9cef4923006264b3f5dc4b50980b42b0d0c40988d7498905fe5d48e13f2

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\heart.ico

Filesize
97KB

MD5
ad26dd83ae2ec2ddf0cc07021825d063

SHA1
1833edf0070e4f089470834ccd264725e206ec70

SHA256
11d3eac0551cae9686bc6ebe6166e6eeab70c3b5f5bfc56db45ff9dafc8188d7

SHA512
98238db2f29264b18d5c1b23ae38a67819faa19db55a94f8a6ace95e43e0742735a72f2a8191b254e86424f82a46b09504c5e4090031ee1f7b362d4375897502

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\idontknowlol.ico

Filesize
97KB

MD5
7ac0c49cc1cd32b141693995e8163479

SHA1
591b52e827426974bed3caddb17f9701f1729198

SHA256
a367776a8dc47053258f37edef7537d251e40d409cc8f51bc9d271d785be291b

SHA512
ce90c7d23cdbffacba7f83613fa0562af5a0932e8543739174ceb5b9320e8c7faa60299fdf667ee3c19dccef3c2566df00c8cec029303c4205f52d169d2d5c42

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\limewire.ico

Filesize
97KB

MD5
8f880b2b80387f6acde78230ef28bc77

SHA1
dd6984de04b1b74805882050525de70426e753d1

SHA256
79661a5ed0eeb027958aeeedb66de400412a6fe06f1dfd5ab8abe3c14a1570eb

SHA512
cd084b648ea58e3b062ec602e25342509d425949ae20a73349322a11376ee1ad556604facc6ec6ad38479007bdccddc3ef96efbe6624dabc566677dd10122c94

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\limwizearrow.ico

Filesize
97KB

MD5
75c74ff8112550471b9735189cb36c70

SHA1
2b2e1fefdbf6e8c5a1875a01f8f98b94bdd2630f

SHA256
330467c3b86d06b43d3c5d7148c4aee3672c096aba4a0a99fea124cfe303095d

SHA512
b879da97937a7c7e21a8fe7ddb1104261c92340f4f75f896839a49c15e486bcd1395efc820d5b6fc5c3f10c39929f2ae56539b2c808343e296e31170d665a17c

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\limy.ico

Filesize
97KB

MD5
925fdf30a687bba4d7bd85def5def9f0

SHA1
61962dac96adcb884dbb7786ad9adf22a166232a

SHA256
279eaad8880dea2d52b8221c38f501fa34701f5127bbc41591921b69a5a0934d

SHA512
59af01947f36e8a751d2d7cb199f9f379f7b886779112debae9d6a0f6c47c137903500f27ff06587a977247610f5912957079f36b9f7a3a097009caf90f0ef0c

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\mov.ico

Filesize
97KB

MD5
71ea5c0cc8245978042ca1a57e70149c

SHA1
7f4aac912657c833f22bdd6ab993ae1cccebad1f

SHA256
9deffadaca7d25ae8e04d2cbab6acb19e79c17c9456e30d8750cf5803b5f298c

SHA512
74bc9e3e11ec593f6a10228e30ad4658608b532dc36f94ec04b49e6e75bf3eb1feae508697b7ac0e5c9ca91e6ab38b0594856b8cbd49adfbd162a07ff2604bce

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\rar.ico

Filesize
97KB

MD5
f11ca004114c0382836197bb597bf509

SHA1
96488172264d9c041da502a4a357b2f41c0967f0

SHA256
c42ee1c8031b1e1917cef782b2d73460cc65ac3cfd6fe48737804459e25226be

SHA512
b8d34d1f4f913e48d73379cc7389e91facfe8da9f06bd78499ff31523f5b0ef6efb5dae1211a50905962d3fedc47cb8b182db1f514c5877d8a1678b15c0023b1

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\shareaza.ico

Filesize
97KB

MD5
ede558c3365551e09a966536b1a61209

SHA1
f12a153e8f2ecfb8236ebb16db493dbd045df98f

SHA256
964d15e5aa45d26fc0d14912416e268f3caf31420f949c7734c92b7d58dd22f2

SHA512
2dcc1302ca6d05fd1797182d99557202ec437093bb25403d3ba780e01ad87f344936f963ca1d9243519a7cbcf023daa8004328b036f16798431b29681aaa4de0

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\steam.ico

Filesize
97KB

MD5
a4e06cf0293bc3fa83db852e1c9ca2bb

SHA1
99cbe81b5a67ee920070800d4d5b8e5d617ece80

SHA256
42ae2353c1a9f101567bf0f5dc0dd848c9f1c7f25a1fa9b526b0e881e017cdec

SHA512
22f478d364bb32fb696519b5c895dafcf47f470c28bead5ea3fbb97ace0f6900268b309107ccd0dafbc8571bb28200d6e8bf4b9693071f5440c3139cd64cfebb

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\steamfag.ico

Filesize
97KB

MD5
a7b87171a833e2eae9e0610545e4fe48

SHA1
af9c18e50d1a5eb41c44c037a579ed1383826221

SHA256
9f02ceca15fbb244a3dc8ddcedc82441779e43e56495233098d096157c1497aa

SHA512
bcd7b0630f08d48dd3537f1c382982fa5a42fd7d82731fb2628a3c65a51955abffba976400629b3e270ee0cc3ce7e1ce342d252273e351dcc6f0f7f5e9985d54

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\utorrent.ico

Filesize
97KB

MD5
13a203726213ebe1120330a01c85e020

SHA1
0ba42571c83fa789a40e2377ca747a52af785f39

SHA256
17a55f7e7cde8b9e75a1a54930047014d2de0f3c90f7d297dc71af984e6eabf5

SHA512
6cdcc39b0d3d6309a8f23184460012d44bd498218a6f55ccc0d2916e45cd97738cc1487df96a2f04da2e858c66e7c1fd6fe5494120403916db24f7197f1150ad

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\utorrent2.ico

Filesize
97KB

MD5
fe767036dde72aa116dfec4d85316097

SHA1
38015110c63531c2b83623c7ad2a7ea38974d823

SHA256
0d0b0e33fe0c7058298d161e4fdb7a95fc30620aefb3cc86ec989ee00e6f085c

SHA512
0bbf9ad9e5d653c3a5149243a87656eedbc36975021067c9474d639d33e56168787fbed45cdeecc05ce3d7d96397919a0c2fbe7f933aaf677fa1500f9f7eba4b

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\utorrentfold.ico

Filesize
97KB

MD5
9bd46aa8a6a9515ce610c48b568b04db

SHA1
c7acd58ebce43b7b106f2be73a3dbf0f3823f1ae

SHA256
fcf06a10537d646cb9d0af81b9bf096b5766b87fbe8d5aa487c2765dc7563cfa

SHA512
f2869bf9a74e2d3bf6ad1043069de3b1cbe7903fb13d0b089f9ff68c646b9f3bc2117bef73d13b2f9de53d1697ca395ce3da8d24acaaf154d0518d783246767e

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\viagrafemale.ico

Filesize
14KB

MD5
fcf35c04537b9f0bfed48b00dfdac72f

SHA1
1a8535fc1d38afaf32341980aafbe106736e6855

SHA256
08f38e7bdd931bd2dd3b7da2800f21e4492b53a81dd97d6a1c4723c87ca6a87b

SHA512
4f8132268dd668b0e84380cebc2a7d1e647964ced2757fb761ab0070c35f5e9f9dba170b42831f96354604a383dc7fbc3507fbc504ed33f0864d4000466f5605

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\win.ico

Filesize
31KB

MD5
668b3283b8b3355e456d8f757d29d306

SHA1
fe18afd55f490f495823b5d5c67eefac3d3d9cdc

SHA256
a459017f231416448a88180a76619fa54acabafbc3aea12cb7e3c245c1c77ffd

SHA512
65c1d52e89adc6377acd6cf27491c1da08f68315a550338a6e7c37266ad96eb332f98ca1d30b22173b4421fb8d4595c68985354cd5550575c07e083fd25824c1

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\winfolder.ico

Filesize
97KB

MD5
731bff80b494d3337ed41322ad5e8bd3

SHA1
920bcbb93bb73414d17e7155630c73e633f34275

SHA256
57cb616228fedb666ed3d157c14b7a6eed08239aba8bcb2895d9243d6eb64c74

SHA512
fbd0722cdf439c8842e6c6a207036dece7c926301255caf6d19bb45aa38b10474f3b445f12af59bb2ced961e7905098eb092adc2ea0f0884013f1f41f811c600

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\winmov.ico

Filesize
31KB

MD5
18c58ac76371e7f5f0bd7757a4754c11

SHA1
e84bde268887c41411847b3d029127eb44530f39

SHA256
f2ade358b9ee41807e043387cc8818b458a82db9f9208090a3a5b90a633952ce

SHA512
fb4e7e786af6c863b231cbf8476be25fc1e0a18588150ddc3c04b5a365618ddfe38293d465d1ca1658f6bd4a9c8c025d6bf7a2ac182627389517150925141bfc

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\wintool.ico

Filesize
97KB

MD5
6dc053a0cbd40d8c7ef064d658468f78

SHA1
b7d3245b002a7a06d3a115f466d56da0501c0030

SHA256
3d0486cafdcc262b43c6a802fe6a5bc906b93dc2723704838589ae07c72ba0fa

SHA512
0cc5fe23129f2719d89c356f0f8071c9d01459d28db3c96be14e735a33d5488f28540438182ae1cdcfe4b81600843ed130ca7120fed48d0af32238d6e846cbbe

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\Icons\zipzip.ico

Filesize
97KB

MD5
6c5fd527c2646604da317eb189bec62f

SHA1
d24dc5e0bb4cc1ecdefc74f9933973b73cff3695

SHA256
67b314ec74424d74bbde5c61c87d1b30b2078ed86d59ef8e6f5002e448e8ff22

SHA512
d26148a33b45b8fcdfe598a34149adf3ba0db29062b036fcfcc3bd05ca504fd10b702d78b7265509f26c50c3d38c2b4d12cdaf2593cad6ff974787b897d11add

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\comet.db

Filesize
7KB

MD5
eb1551b704eea54d1869fa70aa7f0a14

SHA1
1e655c2c1753b6f03f56e48eefe51de306f59e4e

SHA256
f81162b1fc7730adb489299070f9810c1736fb5e904e849eb842a72e71ffa5a4

SHA512
233dc93ff613ee74903ee47dca30917e3c7d0c84bfb22f5ad7e181f7d1a1e144923d8b6482e62e23bf5f01774f14a5a64789d8d37b13da9a566346fbc9a5937d

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\config.ini

Filesize
501B

MD5
2d950abb41edca945bdbc01135e22460

SHA1
fe6d97606329f4341c3338faad11a373ee6a5677

SHA256
5d2584a5c3dd95e14555f780f0aae506631bb8fcfdf3d35cda538111a3338351

SHA512
e80a12666690cdb90a6a80f0891d2c7584fb32d3f6e25a4a8c804f7040920a9d3dd52c1330dfce4333e270df8b892a594687e0414c7ceb00329f3e825fb9f426

Download Submit
C:\Users\Admin\Desktop\DarkComet RAT 5.3\sqlite3.dll

Filesize
510KB

MD5
d3979db259f55d59b4edb327673c1905

SHA1
0697e8f35b5951c61a3a632d74fd96843c941628

SHA256
043e5570299c6099756c1809c5632eabeab95ed3c1a55c86843c0ec218940e5a

SHA512
0b87c89aafd3e627c7d6bed0b833601fea1917a76a972061f32a2d9e4aa2e9e85b5e8a67cb330ca44aff17915d0fe2793798451a109d3f0b5014eed06b73bb45

Download Submit
C:\Users\Admin\Desktop\a.dcp

Filesize
892B

MD5
ae9b5530c076b95da7874d8723a0dbc2

SHA1
e6b70afd56c7e07baaa960195772c3af25ae3383

SHA256
460187b000a50039bebf01264afcb6ca0f6989843e0bd7b7825ddfb5e109fa32

SHA512
f42aa1b14ddf80c344e021d7eff0984fb435490acdc9d4b24f6f51f41baff1a78a608640f5a124d0934a89505faee7f9febcc26c725e5bd19f50e8218e3d14d6

Download Submit
C:\Users\Admin\Desktop\a.exe

Filesize
661KB

MD5
59e8c1dfb6217163ccf63eee0978255f

SHA1
af350f51e0423ea19443963863fce8eaeff1b3db

SHA256
426ec7f036a1e4ae5f64277296c84af494598b882b36bd18952247d96b790f5f

SHA512
904e9076bf13662b6b7505df8a10e99f7144312743b83ca18baa2204b99596f702a20aea27d56690138f6fdb78f65abe02ae2b9a4f77d586a09e28ef9640cd51

Download Submit
C:\Users\Admin\Desktop\aa.exe

Filesize
759KB

MD5
9d8c03a86d16fa9f9d12b43bb99d4232

SHA1
6d5de47f1118d2136cd32c1e814ea8e030bfcc1f

SHA256
23ffe8a808ced1356bbf5f8301729ef473a1954a3f3e07e21842d6b0ddd58235

SHA512
6b761ab8172410dda12b897149651cb05d9cabb461f9ef0cb86c7b951492bf29e011a096756ff77b76d7fc1aef6e27ea65a667448ce93f7bd190af81ca677cba

Download Submit
C:\Users\Admin\Downloads\DarkComet RAT 5.3.7z

Filesize
11.3MB

MD5
b722f6a37804f07c76040cb2699c5da1

SHA1
ded1712e4a84ae908f55de974c2a576cb3edfab6

SHA256
88edd8dfae3aad5529e007201a8e787aa8f3d0cd2a181ea30127d38dc2000454

SHA512
2e4daf813b0b17f619a7e63816d50a5978145633058ee8063c2d893709250bcb6903481be4a27ec8cebf570d45da7dbe525dc5c8b5ffa03d1c281084d6eb91be

Download Submit
memory/1672-796-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2764-799-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/4404-822-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/4660-715-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-751-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-752-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-753-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-754-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-755-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-756-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-757-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-758-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-759-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-760-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-761-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-762-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-763-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-765-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-767-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-769-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-770-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-771-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-772-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-773-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-777-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-719-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-779-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-780-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-781-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-782-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-784-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-785-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-714-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-792-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-795-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-713-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-712-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-801-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-803-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-806-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-711-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-708-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download
memory/4660-823-0x0000000000400000-0x0000000000F68000-memory.dmp

Filesize
11.4MB

Download