discordrat | hxxps://filetransfer[.]io/data-package/1li3KsXP#link

Analysis

max time kernel
103s
max time network
99s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
29-03-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filetransfer.io/data-package/1li3KsXP#link

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNzA3NzI2Njc5OTEzMjc5NA.GAOYV3.xQnTqmmpoLSHwXaVIJBtj8iVivEgiNDnLOt_Pw
server_id
1190067527355744316

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133562228080814636"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Executor.zip:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4816	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe
Token: SeShutdownPrivilege	3952	chrome.exe
Token: SeCreatePagefilePrivilege	3952	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1860	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 4692	3952	chrome.exe	79
PID 3952 wrote to memory of 4692	3952	chrome.exe	79
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 796	3952	chrome.exe	82
PID 3952 wrote to memory of 2828	3952	chrome.exe	83
PID 3952 wrote to memory of 2828	3952	chrome.exe	83
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84
PID 3952 wrote to memory of 3260	3952	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filetransfer.io/data-package/1li3KsXP#link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0919758,0x7ff9d0919768,0x7ff9d0919778
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:2
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:1
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1812,i,13792576569349041874,811650097615590016,131072 /prefetch:8
  2⤵
  PID:3048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Executor\Main\RUN_ME.bat" "
1⤵
PID:500
- C:\Users\Admin\Downloads\Executor\Main\build.exe
  build.exe
  2⤵
  PID:2916

C:\Users\Admin\Downloads\Executor\Main\build.exe
"C:\Users\Admin\Downloads\Executor\Main\build.exe"
1⤵
PID:2352

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Executor\READ_ME.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
191706e6f7738d1e166bcb3b5b8b7181

SHA1
d37e49798a098162c9cf897f3622d6d6a9b482f5

SHA256
9d6a4fec04f376fc6260cf58eeb0bcba4f50df9047c3d6e078abc318de9b1d51

SHA512
1176c61f8cc63446124de3e599a13d9b7e4964a25b4186b0be59524a484a5d6e736ee6c11bab9985379f266514e037511b36f80349a02cf59971a58e9477c53f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b2a6fd1b288633fdbb4bab240972dbb4

SHA1
a7913a16ea47295d3f957a531088a9b6449f5627

SHA256
24162a95f2f0f25e7fda40f07fa751dda76a7a1c13ce1ec036d145b7acf8c49c

SHA512
f29bdc4e4b6f8c5b6af9f00299c5e4727fe85feebf28cda46bd18e130580a7cc1447f160c10e9e83b7adde33a306ab12bef22106cd19722572f2539df1260fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1516aa2a125b9eadbbb0d959e2ca23e7

SHA1
c3f82321d7eb6a965b6bfbe74ba4da8692d528eb

SHA256
9671652272ca3702bea3d10b592c2b7877a8e44850d997b19376521ba19a5bd7

SHA512
eb25e3f2c0c4ba9f41c5a76a2b47a7f91a8fcfcffcfa61412638616dcab58c4805629fe4bcf82daa0a88af943957a198d5895fbeff4963f2cae6b97d3c5a3653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0afbaf5e1e2dbf71152d4d3e2aa1dd3a

SHA1
02dc3f3d430ba1f7459fad89c65c0d7b5328643f

SHA256
41d37aebf3d65f39f8e392d70abcc2015cfc62c4f3965401b70bc7b982750e83

SHA512
b2838f63970abe22f5c4dcfa959473cb9673ea3810c634657e29b3e3acf7de50930fa6caf2199ed47334fca60dad3ac72dff1473a74ad809409aa3dbf8b544cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7853bbc8a7b1fa53195cd7f3c4eb0d8

SHA1
a647829802157135f01f03aedccc586129dc0ca5

SHA256
e6c467ef2d24ed7b05f9f58693d161896e6c3a005c9d6c2146422fee3e64b51a

SHA512
727329157f7cf5482318fc7bf9339fb04c9c5835ff36ff292c8774ad070284c702daeb5159300ba4cf11fc185219fd019dd285967780df69ab7aca6fd1328f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
542edec36c8e574bfb91e6f88c7c6762

SHA1
08066ec9f10948143ea91b5f4ff00235a49216f0

SHA256
eefeea78c9c0469a5e1b313fa6da99be448e2f79a5a0c28cfb86a9cc0591a69d

SHA512
ff07c8b9915ff976598aa04137e5962557f61effabb5f81f3410960cc277fe1c1cd38904bf830d8ff190d34bf76d9241f55b55efe0ead3e3beb4e4a3f66f8192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Executor.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2352-138-0x00007FF9BBF90000-0x00007FF9BCA52000-memory.dmp

Filesize
10.8MB

Download
memory/2352-139-0x000001F6189F0000-0x000001F618A00000-memory.dmp

Filesize
64KB

Download
memory/2916-119-0x0000027A51550000-0x0000027A51712000-memory.dmp

Filesize
1.8MB

Download
memory/2916-120-0x00007FF9BBF90000-0x00007FF9BCA52000-memory.dmp

Filesize
10.8MB

Download
memory/2916-121-0x0000027A51900000-0x0000027A51910000-memory.dmp

Filesize
64KB

Download
memory/2916-122-0x0000027A51E40000-0x0000027A52368000-memory.dmp

Filesize
5.2MB

Download
memory/2916-118-0x0000027A36E50000-0x0000027A36E68000-memory.dmp

Filesize
96KB

Download
memory/2916-137-0x00007FF9BBF90000-0x00007FF9BCA52000-memory.dmp

Filesize
10.8MB

Download