darkcomet | bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d

Resubmissions

19/04/2025, 01:22

250419-brfztszwgv 10

19/04/2025, 01:01

250419-bddybasnv7 10

Analysis

max time kernel
900s
max time network
879s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2025, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Darkcomet RAT 5.3.1.zip
Size

14.6MB
MD5

9f9347ecf2cc6541fb64acd6fc0a5749
SHA1

6c0d454ec2068d1c7d502a167ca02c8dafd0b244
SHA256

bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d
SHA512

f0367a7c7265d38e52936bac40e0a18236d6544827da7dcdd1f2b19d2d3193b0039f5860a61a30f4e28bca3d2ef06a9c51f1b2c7f05927fad6ba37741ff015f3
SSDEEP

393216:Yia1rsEqp8mxBktqBEH3JM/qbxhbRLEJt5RXtW3hg:Yl1rsEqJxChH3coxhbePK3hg

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
154	raw.githubusercontent.com
155	raw.githubusercontent.com
156	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DarkComet.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133894981888062007"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
4896	chrome.exe
4896	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4976	DarkComet.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
4976	DarkComet.exe
4976	DarkComet.exe
4976	DarkComet.exe
4976	DarkComet.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4976	DarkComet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 2356	3416	chrome.exe	124
PID 3416 wrote to memory of 2356	3416	chrome.exe	124
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 1464	3416	chrome.exe	125
PID 3416 wrote to memory of 2136	3416	chrome.exe	126
PID 3416 wrote to memory of 2136	3416	chrome.exe	126
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127
PID 3416 wrote to memory of 5960	3416	chrome.exe	127

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1.zip"
1⤵
PID:1764

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8acc4dcf8,0x7ff8acc4dd04,0x7ff8acc4dd10
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1956,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2240,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4480 /prefetch:2
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4716,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5592,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5624,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3260 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3428,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4416,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3276,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5904,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3200,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3940,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3092,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=1116,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5712,i,10005426913221577369,9113458623904897226,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4780

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1960

C:\Users\Admin\Downloads\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\Downloads\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\DarkComet.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4976

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Breadcrumbs

Filesize
2KB

MD5
785e9786b91b0034e380959e82900290

SHA1
16a18ab59b0e2e4eda97c483652635a37f0dda18

SHA256
60968d1f22fc0eb7242b23ea5e6b223b8eb20d843ad66d0cfeb8183e587f6028

SHA512
5cd91d98a47d5fb3477f30552de923751a27777b9200480618e5565d1385d5a5f2004f5ca5f8542b6cce5a4396b91abeaaf785cb20cb609649136dff32dfaeb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7bc13db271487f772072a3d116e51d85

SHA1
a8e284b753a5a28aab14627a113cf0c737b09cb5

SHA256
66265484d531b4a4874b4a5e94173117a5c5eb5bbe74062f037cd4c1166b3580

SHA512
84d39f54133b6a6aa16daa36de8357cf99482f00a1ce273659199fe66493a38b815aae6f3e751c30dbc8f05f4c9bea955fcd1b3f5a90c6543fc0248af60d4b19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
217KB

MD5
fc4f627ddf54943afa716e1ac1c695c3

SHA1
5377bdb788bc19b76e5b7cb8bcb9110394bf1812

SHA256
1c569628639cf777d2a69e37daa3c970165d1e1fc7f4518b4810b050810d0d88

SHA512
be9e9c47914d2973311e017bfd9846a7aaa88b3b90f49a45edb86aa594f32c2040aa25d1bfa927745524a7a145f2095b6f853de62d3a2118353633b990a3f2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
78KB

MD5
1fe5a9dd4d270453116b6d4df805d7fa

SHA1
8944739664e9f4182318479953d5fb2b2a1219ba

SHA256
ee07cdbffbb9737cffc035e400e46ce2c19658cca2893acb917e7d23ea2e92a5

SHA512
451001d10bef21537e6d383ae9fcfae9e72afd124cbe7dcdf13e8f7dbdaf589345a51e7d8b0d64d2fe7ff1241192973302f67761f890dda518ceed234a7dddf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
23KB

MD5
88373e5f11aeb6816f80d4fca0279b30

SHA1
b0076d2ac71e43b1dc2e93be64835f7263f52ded

SHA256
bd214cc966a461e7238ee38d19217d5f5b88f45be159ec837c6c3ad4f4e403e9

SHA512
93e907666d3354463539414ebcdceb9748c70d3d5d6d0dbc2aa2a752bc9a01ebd5e336a0562c2172e3ef9a0f660812f9cad1b839bda13bd0a453f4ae7deb17e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a03fb3c10cfd3d85be4de0b54bab8d9f

SHA1
0ffaedfaac0e48bbc2a5289c228891549f83e597

SHA256
e51af2d76beba0288abb9188980e49856fad37bfc1fc590f7a741bc28030a5a6

SHA512
a92229af9e1d8589bdaff2f408cfb8ed204ad2d7f9d91e21dc648e6acd103197d48c6d7a7cb712d4cc323b8c7370c4de9970b0cffae31a3175a9e88a02396729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d52d6c1084e2d0b2b048ec63dc4209a0

SHA1
e0225842f0c4434977d4a26ca1b729f58e71398a

SHA256
bdb24c678d898581a62b84d50bde6a12b643cf171fa25f0d6090d494d13146f9

SHA512
cf1b0e05e7ac03eb7487d1f4ce0d79f6c903c49cb79e4f2c9f899b1b5516e22a73e43bce2c5746171395ab01ef388032078c6fd40d45f975ca08fa8b41ee3072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
99c5816ad70043a2b2e51249bbc9c1d7

SHA1
d71daedb93d3e0c630c9eaa0d32582e913c2d8fb

SHA256
5e6794577c97c09da5abd149c36573f0925b776fd8ce1eda0df9459764d72764

SHA512
44e30ee8cdab59c2905160f99a2c928338670e20fa3f4d6eaa570c4189342d03d6620d6e52bb841b4bd7e2919bd62a2177f1cc03a4c4837f85ee0dfea75f3ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5c9019223896436ccdf51ce2bf2dadb3

SHA1
4cea50961cf30ede77cd64ae5300dd017d320b77

SHA256
77f12b58b791e0701f453a3e2151ea2c06888f8716d2692b38438bf60979c4d1

SHA512
2806358ac26224ea3d9fec175e7d417b9ad48d4aa79b4dcf958931b67b88a9feec2802c3839d20a5ebe7042e19b113bee407939b1508251ae04b928122100d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
81bb9851dddf20fc8357d53a144094e8

SHA1
669be622809c7c816119318546eeb69287651afc

SHA256
5f90a2f1f4caf2a577a23e50301d97b0317b3f1bab7c01cb2863b8d030e8cf41

SHA512
93bb23fc9b3d7ba319b28ff7a5f19bb53aa03f88129b76bd950caa893801fa3c0fd34f5c1aa40690c52e1b2811926c408ebe5e89ef811aaea9bfd5708d405d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6d12657a446b4a503b670bb366eb3285

SHA1
4e358dae510f7562ec2c6f1c35541d779abfd591

SHA256
b157a1addad6eb2b34c00f834c81b322f3c12b9d8695f401a38143dfccb57fed

SHA512
94e2eed0abce7ffe4321c01d34d2cb1cc9c76fad9c83db715ae42fbbb90583c0e8385ac18f019bbbeaaeb4f0cd903a69630b8a57a73514b40822c1fd37b29677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
89fd74d3dc7cd88971ac62a21a3ee508

SHA1
2fe0e64742b62bee619a72b3f8d2b29f65e82a6c

SHA256
c9b203534c10b38491f3467fc1b2f2a0f6a4e08396fff549ae06824d2a05fac0

SHA512
fe8504f78894e04e1a7e25adea14897298e9528d0db2e205471cfa7f63a469e102712c2e0e723d201900562cb8a1c2f832f127b8149e2286f49c204e36753b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ee2b31a33bdd0c98a63d2d0661c3c57

SHA1
bb469d8531eca17e06070c588228fb9b95922a59

SHA256
f5599195b88903d3cbcf98cc876b72dbac140c31e380f3a9da241ff914a780b3

SHA512
3ffabd7888d97144e7aac7e5a5694f1a157181e1136445d16c69f1e71619913e5de3582c7b27153daad14b315440fb8ef9665fa23467e5d3df1c0aa83164cf53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a3f595bd3527195dd1dd018b5569bc81

SHA1
02be5267dcc277160181a22c29128fe9ac313f1b

SHA256
05aa59556b8c6fd264de5c6462ff79f6fbbc2b0f5bb76b675fd0eb333370e970

SHA512
e862d95069098fbc488a707975708df00fd0ce88778e46a3c3d2cfd5b145eaa5525df987b4c60f26ce9153755b4eca58d818fb875dfc381a9138967b00c46979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dc221e79a77272ff2e0d4a0a449ac6e4

SHA1
0b7037ac699d6a49c7dcf328abe6eb72efb1a3d8

SHA256
4d6c45145232bd51f159a5d99722901f7853541ba4c5d6878e340214af2fce1f

SHA512
594b28d35274ee8688e19f184935d53d9482abc6d17863040b48e82bc1c6cf4942f9c47f12b9a5ab815a7529fc18a2e0ff0000ee07be3eb5eb6c624114669237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd75654ecc8672096eed16a0cc622fab

SHA1
bd088b7bc55891ae880aea07777e278f8e74fc93

SHA256
6e3a5f0c6d4916851b20a9de4920b91c02554f7b305cf5b369843fa46f3b31e7

SHA512
fbb52e8153597f70d75165bd8510ef44fb63e52fd7aed5adf381a7e624a47d7a9389e447bfb232bc5b6c2d1123a0da23bf08282e952c1eabcc80e826532eceea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fdb537c6e8144b1739b12ed753b46052

SHA1
ff07c5d8e08493cd1e31e6f3d869c1014cf0bb61

SHA256
af6adbbefcc6706826172b3f2672a71e382faf46cd8b50833c1f4fcf171ca106

SHA512
6335adcd2b1fc018f9fc1ebe004cb5e4be9c48a05497186759fd0ff6910cce0cb9afda255aaa3b2ef6c002614a8f3d2123a87c6e0e0d097808500b9c9a2101ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
020719f05e2eedb53fce2bbef715d586

SHA1
70fbd46d5aa43b1b49c1deaeb16bd86e1adbb047

SHA256
6a88b03f5a214171ff6f1d69d8a5ade82c45b83ea22bf35b931c83091a40c733

SHA512
da0e024ecee570334c7c729f8890a01cdd7f1789e7fc3b7252d37d4521a8e0e01cbf4348922435b233d81303e34e47f01f61b6d0eb1c9b986f3340e3d25fbfda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b57ef956824fd0d8c22c78f5694a2c7a

SHA1
2c33cd4c258e511e88f1c9c1cab1b6442de0cf13

SHA256
476534c217c6e7c353be2b971332bf75a097f9fa14f90d2b003af432b8fbfb49

SHA512
19f7c60220aea2ce9f179810a34ca93365a39691db0574a1c5b3a4abe68abfb6cc3bdd61fec46c0091b752b1886a203bb2f5122159e927a12951f4d03b4829f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
93ebf96bd4547fd6ca28467d30015ca9

SHA1
34a4a75828ed7fd9c3f9942007d775c4a5905a59

SHA256
6d504ccc29b37568db6813a008b4a96b375130f7021cad25345feb2b282bc751

SHA512
e86adc747f240eebbd107f1d04414b7f14dd3fdedaa877b4251546c2498b6a431aec6f0d4ad33eb19c6015fa8ebd8f2a3a5d4d3d71ef4dc2b7514b2556fc673d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
419da42b7b251aadcb3780421948304c

SHA1
3b687c5880b371488e3a847c37824e3781f431cd

SHA256
97ba6994b859abb80df97577bda13d6ed0eb618bc227f44865836635aac604ed

SHA512
c7645377268616a24f2eb23dc23b591c939349a24596a12d5973aa8d4220308892d7e0bfd7b9c26ab7543f8489f4ef88c4b52a52c6d00139c73ba8dd51217670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a13f53015c6523d5150b9c995678bd4c

SHA1
4344d4239846ee4f9696607f9b5286bf2541d7a0

SHA256
7c84362b43e5f04e487bf2dc5788069d939003b927df71d3ee6b3d57bb4c2d6e

SHA512
4b4901ab1f91ae43a4567bd46b606d9bb96582c2b6bfbe7c87188190372578eb500422c333ffdf85508de2867d36fff6a0d57368f1a1fcce4776694c16eb7d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a17b.TMP

Filesize
48B

MD5
9e0c52747cd611870616d9ec5e9cd304

SHA1
ef9c649ebab725f548ad858da9eb52e2953e2f6f

SHA256
912af1e752acde3a20853f5364b4c8cd16af2b4b7a5f163a5ac5898e52fcfce6

SHA512
7276992122c11760405ae2fc41b035adeab96c74b045ac197e436fd38d8e94a210c9c84ce6d51b5ef4b0f2cc8f900a7a51c713bed7dafe41aff5a89a370d8d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
eb2d8f32c16c241fb2c05edb308109c6

SHA1
616116f6f06cd4a88330b4e9120ba84f0ded5948

SHA256
2108c6a11e71ba0169a3edf390fd7db26a932a7469287ae0c25065cc6d8b5751

SHA512
a6fcc7f6a28bad8efd2a8b4a8b6d686bf0474ea687e920c35c455fcf7bb598844ed5a85e1fb52c008e75dee9ff2baa7ba7fee18f7dc3929f42bff1d767ffbbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
508e40707625d655b7c66b5994de4160

SHA1
ccd32ec9cd3e95d58937241ed6705a478697eec4

SHA256
ce38891176c6fab301481b881f7e5f87d6b333c5f22a16ff254f0cdd3e7dba99

SHA512
55e29643f3bfb28cb50243cf2b11daa11b14b5b163cef3683df67fefe657b6d37b0ec7b7fc91a9c5e112010dc6dab389f1cce57c8e38b8648fcc1bfff55dbf9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
da7842931ce94af30670f98fdd3af819

SHA1
513b858538d4dccd88d33564f1b5175bc8415322

SHA256
45b32a5c08e7c7cf5044fa8da0ac0e37084114478eb18678b054e76cba3b10ec

SHA512
cb0439ce2da281de038cb4dcf1fe74ef4373f77f75a4d1f01fabd47977a357e727fce687cec2c2277b7ed561b5acd8ce4c199befffba4ff7e8bab36152b3b6bd

Download Submit
C:\Users\Admin\Downloads\Darkcomet RAT 5.3.1.zip.crdownload

Filesize
14.6MB

MD5
9f9347ecf2cc6541fb64acd6fc0a5749

SHA1
6c0d454ec2068d1c7d502a167ca02c8dafd0b244

SHA256
bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d

SHA512
f0367a7c7265d38e52936bac40e0a18236d6544827da7dcdd1f2b19d2d3193b0039f5860a61a30f4e28bca3d2ef06a9c51f1b2c7f05927fad6ba37741ff015f3

Download Submit
C:\Users\Admin\Downloads\Darkcomet RAT 5.3.1\Darkcomet RAT 5.3.1\config.ini

Filesize
522B

MD5
0a5baccb60ddf613c9ef2b18e0b1863f

SHA1
39bb75213fab1a7b9ab51089ef54f43086d8b1f3

SHA256
21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e

SHA512
b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b

Download Submit
memory/4976-715-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4976-676-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4976-666-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/4976-648-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download