Darkcomet hacker connecting to my pc

Question

I was messing around on "Oracle VM" and downloaded Darkcomet from some website. I was using a win7 ISO on one VM that I downloaded the Darkcomet on and Kali Linux on another VM to use the built in functions to check IPs and that stuff. I had the VMs connected to my ethernet driver which im pretty sure how they connected. After I was done attempting to use Darkcomet that wasn't working the way it should, I figured i would check my CMD on my actual PC to see if the Darkcomet I downloaded was really just a virus that someone used to connect to my PC. I'm not very good with 'hacking' per say and i dont know how to do mostly anything but i am trying to learn. When I opened CMD I typed 'netstat' to see if someone was connected and it showed this set if things C:\Windows\system32>netstat

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    10.0.0.15:53350        stackoverflow:https    ESTABLISHED
  TCP    10.0.0.15:53598        bay404-m:https         ESTABLISHED
  TCP    10.0.0.15:53600        65.55.223.31:40001     ESTABLISHED
  TCP    10.0.0.15:53603        91.190.217.45:12350    ESTABLISHED
  TCP    10.0.0.15:53609        msnbot-65-52-108-74:https  ESTABLISHED
  TCP    10.0.0.15:54139        40.122.209.195:https   ESTABLISHED
  TCP    10.0.0.15:54849        stackoverflow:https    ESTABLISHED
  TCP    10.0.0.15:54960        stackoverflow:https    ESTABLISHED
  TCP    10.0.0.15:54971        stackoverflow:https    ESTABLISHED
  TCP    10.0.0.15:55714        104.16.125.192:https   ESTABLISHED
  TCP    10.0.0.15:55757        ec2-23-21-73-17:https  CLOSE_WAIT
  TCP    10.0.0.15:55905        89-253-65-202:http     TIME_WAIT
  TCP    10.0.0.15:55908        87-92-39-181:https     TIME_WAIT
  TCP    10.0.0.15:55913        ip-176-199-254-241:http  ESTABLISHED
  TCP    10.0.0.15:55914        89-253-65-202:http     ESTABLISHED
  TCP    127.0.0.1:5354         lmlicenses:49156       ESTABLISHED
  TCP    127.0.0.1:5354         lmlicenses:49157       ESTABLISHED
  TCP    127.0.0.1:49156        lmlicenses:5354        ESTABLISHED
  TCP    127.0.0.1:49157        lmlicenses:5354        ESTABLISHED
  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55892  lga25s41-in-x0e:https  TIM
E_WAIT
  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55893  lga15s43-in-x0d:https  TIM
E_WAIT
  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55910  iad23s24-in-x0e:https  EST
ABLISHED
  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55911  iad23s43-in-x0d:https  EST
ABLISHED

After seeing this I unplugged my Ethernet cord and went into my network and tried to change my ipv4 which i dont really get how to do and also went into my firewall and blocked every inbound and outbound TCP and UDP ports which make it so i couldn't use the internet other than youtube after I plugged my Ethernet back in. When I blocked the ports on my firewall I checked the 'netstat' again and it only showed these

  TCP    127.0.0.1:5354         lmlicenses:49156       ESTABLISHED
  TCP    127.0.0.1:5354         lmlicenses:49157       ESTABLISHED
  TCP    127.0.0.1:49156        lmlicenses:5354        ESTABLISHED
  TCP    127.0.0.1:49157        lmlicenses:5354        ESTABLISHED

So what I am wonder is if this is actually someone hacking(most likely is) and is there a way I could fix this? I deleted my chrome cache and went onto my phone and checked the router login and checked the logs which doesn't show any sign. I also checked my "Wifi Inspector" on my phone and it doesn't show any new devices connected to my wifi so im thinking its only on my PC and not my actual router.

Answer 1

I doubt you're being "hacked", just being paranoid. These addresses would occur even from just simple web browsing, usually established websockets. Breaking down each item on your list:

  TCP    10.0.0.15:53350        stackoverflow:https    ESTABLISHED
  TCP    10.0.0.15:54849        stackoverflow:https    ESTABLISHED
  TCP    10.0.0.15:54960        stackoverflow:https    ESTABLISHED
  TCP    10.0.0.15:54971        stackoverflow:https    ESTABLISHED

Stackoverflow. Likely used to facilitate 'push' notification updates.

  TCP    10.0.0.15:53609        msnbot-65-52-108-74:https  ESTABLISHED
  TCP    10.0.0.15:53598        bay404-m:https         ESTABLISHED
  TCP    10.0.0.15:53600        65.55.223.31:40001     ESTABLISHED
  TCP    10.0.0.15:54139        40.122.209.195:https   ESTABLISHED

Microsoft owned. bay404-m Hotmail - Microsoft hosting - Msnbot

  TCP    10.0.0.15:53603        91.190.217.45:12350    ESTABLISHED

Skype communications

  TCP    10.0.0.15:55714        104.16.125.192:https   ESTABLISHED

waves Superuser.com

  TCP    10.0.0.15:55757        ec2-23-21-73-17:https  CLOSE_WAIT

Amazon AWS

  TCP    10.0.0.15:55905        89-253-65-202:http     TIME_WAIT
  TCP    10.0.0.15:55908        87-92-39-181:https     TIME_WAIT
  TCP    10.0.0.15:55913        ip-176-199-254-241:http  ESTABLISHED
  TCP    10.0.0.15:55914        89-253-65-202:http     ESTABLISHED

These ones are harder to work out, one looks like it's related to web chat. Doubtful it's anything malicious.

  TCP    127.0.0.1:5354         lmlicenses:49156       ESTABLISHED
  TCP    127.0.0.1:5354         lmlicenses:49157       ESTABLISHED
  TCP    127.0.0.1:49156        lmlicenses:5354        ESTABLISHED
  TCP    127.0.0.1:49157        lmlicenses:5354        ESTABLISHED

Adobe licencing

  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55892  lga25s41-in-x0e:https  TIM
E_WAIT
  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55893  lga15s43-in-x0d:https  TIM
E_WAIT
  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55910  iad23s24-in-x0e:https  EST
ABLISHED
  TCP    [2601:8c:700:86e6:6c23:bd35:ca0:50ef]:55911  iad23s43-in-x0d:https  EST
ABLISHED

Google - here

---

Nothing on the list comes across as sinister in any way. If anything, my netstat output is probably 4-5 times more entries than this.