discordrat | 4899596e68dd4b160a42a14c72f6be0d9a04a714023b0f54d770f8431ff925e8

Analysis

max time kernel
252s
max time network
252s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08-05-2024 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xeroUWU.exe
Size

78KB
MD5

4ec487d0538495c269e0039d081d42fa
SHA1

ecd574e1bbfda1119a778307609e85e6e696325b
SHA256

4899596e68dd4b160a42a14c72f6be0d9a04a714023b0f54d770f8431ff925e8
SHA512

4e778fe02eec094dc56ba55c4a4ebb7c395171acb333c755a9acc6a08e5ae3917b3c5a97c835399f64b2561de1f578aa5952b9376b901ed082617b2287aaeb6e
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+PKPIC:5Zv5PDwbjNrmAE+PWIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzNzcwMzYwNDc3MzcxNTk5OA.GpnuZW.icMd9S8Xo3T9RHsU9bXhiKpUJaK62FUGK13WN4
server_id
1237709600602722354

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4680	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
236	discord.com
239	discord.com
35	discord.com
234	discord.com
8	discord.com
33	discord.com
34	discord.com
241	discord.com
4	discord.com
5	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596402795668294"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
200	chrome.exe
200	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2912	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4892	xeroUWU.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	chrome.exe
2912	chrome.exe
2912	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 200 wrote to memory of 1916	200	chrome.exe	75
PID 200 wrote to memory of 1916	200	chrome.exe	75
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 1756	200	chrome.exe	77
PID 200 wrote to memory of 4968	200	chrome.exe	78
PID 200 wrote to memory of 4968	200	chrome.exe	78
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79
PID 200 wrote to memory of 4352	200	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\xeroUWU.exe
"C:\Users\Admin\AppData\Local\Temp\xeroUWU.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8783f9758,0x7ff8783f9768,0x7ff8783f9778
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4800 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2960 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3160 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1800 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5444 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5320 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2992 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5044 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2984 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3148 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6356 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6412 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6424 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6692 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2320 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6708 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6888 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3440 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6384 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7020 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7008 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5104
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1852,i,547706835971864211,12923514046987110793,131072 /prefetch:8
  2⤵
  PID:712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8
1⤵
PID:4564

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
58KB

MD5
188496839a8ec880e8955e85b5d98e48

SHA1
63c0f3876ad72a170ba618ad765132048acb970e

SHA256
875394931d73230a8688b89796970d4513c45bffad839b5e448ad48c9a3285e3

SHA512
8288040c3a97cca7528ae5ecbd6fc73ec389a492ecdb7443979297f50e324e86220b8beeb2ada80cd836cdf32046d2199afb4d81d3a62078559335cc0b1be162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
c20b0e67f6f9d8a0bb88bc870d68f7dc

SHA1
98f352d36553d98e0f97ce7741646759e5a30c4c

SHA256
e04c294f5e30537090c1fe68f4c0435a3f336d81f7d69d37680c19e65d6c1943

SHA512
71d403b0cd207d3b04866a02745d9a16db81c78d7a58d951cbb5505fa45946e5b9bfb89def6f1d26a0931282681a890b5d88582d5102ddcdde1e49e3068dd9af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
450e2e29962617d74ab1c841f503d1e4

SHA1
eefc47f52004db5e0d5af3a2034ea724f0038147

SHA256
174dbc11033df15f376b6a60bd08c3f904f91de7152e3d320543461aa7e7450a

SHA512
92f1c4e7d90dce3fb9f86e9c2c9498f5af775a960ec08015dafbb5dfecb34b0eb6975ffa15f07e24cfac12b600b077ac4d246f8a63ab5608da83cdec524a0d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5d724462884218ad4d8f58609d739bf1

SHA1
ca680e7c35b3c418fa0962c2a419866a3ded8e39

SHA256
b308a8b0fc95451776aa2f02a840e597db480b126a791787076e990d87d9e49a

SHA512
89797524184e916c3975c3c4f142575d69b17f0588172cd832f0c0d1b0849aa261c5f176b77a98057a2fbbf70709e1d4d2e4e62507c50359c84b87b577a2e2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\530f85f0-a8f2-49a4-bca3-cd8ad2ab02ee.tmp

Filesize
2KB

MD5
217cc1f25ade3c6f0a65ef9a80006484

SHA1
54507b39773d901fabca0f4fe14e889345605d21

SHA256
5b0d30cee3598939f62ad0dde2c665205e966c7ecc182425bd47088419bcfe16

SHA512
f0f593e1175e4a5ded6de9bb4717a5c6752f3e0e6b3d893aea285569380b2e1f2e75428f66f8f2a5273356a18a5d67b8056f53b483de881aead344a0778590eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
98ca62c56d31b43cf0eb1bcd0742c7d6

SHA1
9ee034eae0cae5f96dc6c14f9e6b76548c72f906

SHA256
4b1d5c12fd0435eb0d7a234211e4bdc85f29340a562f94c98f3e953676c442cc

SHA512
246bdb3bec95f31a1f017da365289473616463eb75a91fcc2e25a7f4def922916005163ff8c4c17caf40fa3cf31587324166fae55bbd9a21a79b76b76a18a776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1337fc7ec8774b3ff3d439eb080e7b78

SHA1
4d398a6fbca6b740e8f290db4728472439f7ba5c

SHA256
3aa6de7db8b5a8dca85ac56340ee5afe04c914aed5e51a3cb3f20c79a4cf8735

SHA512
fb2e1ada060a6ed473276053e237b63d91cc4d614327f3d17fc491c60047e7d29c66c163cfd4a885811462bf9bdc91ab04031eca621644b1561b51cca9ef6261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
25ff9aace168cb3c38b0319c0e9ce995

SHA1
63fbd0d3a4700a713b4cd82f5c75611efbb0a111

SHA256
549bed8ee0738b5539de8322a467ac9744fee3160b2ef392c2a5a060072cae16

SHA512
90c37bdb620b4fdbd8e8e6c05753db50db5d1c57a5daf316199ddb375438cc377ad36c946b370086bb29f4b50e5b80181f04f80f528c4aa7aa44765ad5e90213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0f22c46fdc8186b8c4bef2721cae2779

SHA1
9117bbd331aaf33cf82585658306f2d9a9af36e3

SHA256
b488e9cb67156e8b5e9833f2d5b458dfc04186829dfd700a08116d36e0f56320

SHA512
b19036e194643b9757c412b32d32593a1262dffec5fbc53094d44d21e780c8d8b3d7ff8f1b124c5745dcc825d4fba6c977563cde0c7495b67b5784daf0f10cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d54ae2d4723bbe3813e9bbf8194363f

SHA1
3a14860cbb7b751eb46a7304ea41b10400d2718a

SHA256
c6f8ffb87a09de75bf7ae01b846fc408082d96d6e2c0c658fa3f193441de41e9

SHA512
0cf65fa0bed98e56b0b2f82aee31d1e4c1b37402214b1e7f993581791d8e099d1e57bcb7f834280c8465cd14b67f4100e9ef5cc33973fbc19a4e5a77b154ba9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3512f02a2c805535ab3bfadcd6091213

SHA1
1e5b4b0deac89a771495624a1374ad1f8053b4d6

SHA256
a9e899d1f0be884239c81d07a51d586d391547edbd8ee3487813f3d808a24745

SHA512
6d6787b5474575939db7fb94ab911684f54e4b4d950a9ce3a73d7928256976bf8529ad2bcdff965d01930afa8c7d6bc3319b911b3f7e390e39865dd36b7cf834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
21a2e9bd97d8a1688e8ae83061ce7b8b

SHA1
a588758288c11d895bf109e328fedea2adafbc00

SHA256
37fc4f9dedfdf670774c7dfd1a927b5434d285390e1deb6f15a7f149417864d3

SHA512
0a5f2865821a5d7616947bd6d79378db4cd8172297c82d9b699bedf00b3e358d1e3f8c0997d87a2056481ae6b14552ce234c57a967c85a663b764df6db2ae495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
231d36cdd611c4d2bf15f45cffcc4a22

SHA1
59f044997b3e813a64d9560cc69c75b5145ce155

SHA256
a828b0d80c763941cf2d7055b790759b253e2d3088999821fa6b18e433e0f881

SHA512
e728011579c8ca08c9f5fc8c24c7d7d4b7523e86821b922ebd48cfe98949adfa484a312c18b2249dd149276c1a5abba150d6e42ffcb27336a61144741bbe1ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6929d6c7ada56191c44c85973a6a95dc

SHA1
602197d2c83e97fe97455cbbf320ea7d4bfa6342

SHA256
950a658530d01e85f86b2c6d929d120e798ba5798467942cdc3355bca3d93f72

SHA512
f895416de02be588c4b071bc3c9c4309a6b13214629966401de2099d3bb13ea0cf71d0fd72d03de29f722822e2a69e5c482e9b54114210a38dc7ad9e9464c9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e28798dc6193b76265b33584d9f596db

SHA1
a9cb40d7eb1a657ce609f7760c634e3a4b7b4f48

SHA256
0a3f4528801296faa8f93ec2026047b885d6b51498fb824650d60426e5b76369

SHA512
33b8a937dad54a5f0c8e76831c7db2b54d5cc02d8719c5cb8c87658ba84cef40d03420826c111c0fc07073ed887b36ecc62d445380dba9d5d5503c8884041dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9da15d6a960219cddac611bc816a2821

SHA1
566a01cb1e4787250f9956762af2b21e4665858e

SHA256
b6d3ad387a75c17047f38f0d3953d7162413a1162ab4b7142bc6bffef484ce7d

SHA512
f42b60a1777b9384a9459232ee9a4ef67a9047bb0682f0cb538fa7425bfdc01c4e379d5720427430c8c33671a0397822140fc586b5ec834197ccadd73eb8fa62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
31b0cb988334791425ccb2b285e2c6b1

SHA1
f7efe57a02b56161acb3086659ec05d9c6f25bc1

SHA256
ae8715af9085817f08cbb49f8e3051b2b6088057b0f7b73f46bc7b89e7f350a3

SHA512
8742e87d07ab229b9a67e4f9762cae19af63ffc3578f38024195336226487779b9ffb1f4094cc2cd0607cb8324ab0fd35aaab702a0262ffc49997570d35f2c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3d59e87cee83a3429c1ceb360f876ecd

SHA1
1c65b8a855259cfb2bc17f06ad480987a731b0d0

SHA256
46eb86a43b7d731da9d73d353c1c37a340e9b92875c6717af0deb7a72aabd8ff

SHA512
8d64ed0effebb7db9c50b59314106e09e74c0eb6c5dd9c20107cfda63cad97f804bbc74df1664aabec040c91a72ca1d004d9b28b3c2fba58ddc657250d6c20eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d26a231fca12019c7f0d75b2cec371c9

SHA1
f520baf1889b9f006cce1ae2ab6f36bde2eb8546

SHA256
77efeb3325d6cb68bc50490146a838358d42c1b8b60ecec95b28860dd8e4c6b8

SHA512
2fed17b615fc07f5c2574bed0427861e7e327731aede8b01a58abdf1153fcbb02e23e2e7c7e15e60f80b232f6e3d212ecd2480be5ff424636fa8c76ab5f669bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
11c1445950193f9732fb5352f18bc8f2

SHA1
46dffb9ee908ae43767ce8358353d9530a657a2c

SHA256
4ab6a86abb00bbabdbd9080cd69140f2993b95cba2ecb3b9445201b003e5b27f

SHA512
740eaa74e28b001e5ffae6fa50e614127baf423c07c17c5bc9900feab75f27a24b1490c8299930fe73095ece11b7aaf34de63b373fded7be62cc9170774ead59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
108c3d3dce1ebc39b8f12830c8902018

SHA1
e7854438ad6682327fc61bf18c9546a0814de644

SHA256
6547d4ca3ccb086aac4fe27effeb38803ac66127fc4160aed4e58e581ad61044

SHA512
fec29f539342359f79fe8e012062961a43f336a80c9d3891232d910af8fa29fa5824650566344df92ea5937b9c9eb40a4ce0fc9302a70f261201eadc238b445c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3b37c183ba9611e1a4dc0f72ae619368

SHA1
3cb9d4e95f853fac3360ed701a4118f5e065e13d

SHA256
52f7c17bccce8a5fb63a48d573039153d76c547a87aa18a54276cd005e832a6b

SHA512
5b42dc0a9f87f36c685e2da7bb71b15dd6ae1518edb6d44d2279436ce062a940e5ffbaa4652dfd74931e67ab7857c7668e3ac1dd5dd8b599af1372bb1c1d5f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8782c66c5a01118f18f1685f862949a8

SHA1
862aacf27bdc99bfaa55f2462daeaff4e8c147f3

SHA256
d036dbc5b70b8ee1c7e11c5fc4d395c1703e1ae2286740de02bb98b583f65ea9

SHA512
8bc0b0c22322aa74ec19487cbce41b6a016a5853dcf78d8902be16a8377a96eb0216280a473baee70ce45af9c66392a04a821a975d2036831baabf08d5c774ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dc340313e8a3efc26601a5d5562c8f51

SHA1
b614f92eb0abb1eecc8226882815c20269a0c18b

SHA256
791bf98f049a8a0d941fadcefcc7811ad31a39c67bd9df8f00e1b892895b96ac

SHA512
acef8864f076b894bf30375bb2eaa95eea0e9f5ef2eb99d920704d2995cb05a7565fcfac30c012cbd413fb27823d9f6cedafeedcc07b0133d104ef7457de79be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0a175d289f618d65edac5c909b7a12ec

SHA1
874f841ab09547dd9d220b92cc3e036bd6a60db9

SHA256
325cbe6357bb385cb9c4de8522ca8407a0e2343e2a212305f565f27bcebfc4c3

SHA512
b3d759f9c88160c854ece48be51fbf9294586c8d117c1540d66b261ac63b2db4f90bae04204f5816dcf60cac59cbd0179d92fc6bfa65e9562ede31d993b784c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4f372b843d007485275c78cff02368e4

SHA1
ce2fbe4718b0288c9db65a5054515291ed6be914

SHA256
577ffc55dd5b7d2763c4dda357b7e297515ab04735dad7cb9744e00a4108b2b3

SHA512
f9364f940cc5fb09c928c78923f3a2d21df29f44c53070e55c8d14da3f11751d3001efc5604fb1a1de7d2d3e99593b5952df20c438ca651aab115cd47d3512df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
531d340cc0bd4f110297e03572e9fb9d

SHA1
5f882fc6d13428b16513251505c29ea917e78a33

SHA256
598226be4bea585424cde45a745f6a7615f1e56571021547300df437100af13a

SHA512
cfd03831f4363c629d6442c3a96373cbbb4b070aaf772583f7712bffc051f76d366836eda2ace22bd6efb6e6a812bd20e0ef7fab4994409d8d4958dd3371d1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
603f5fd1cf2ecdf6aab69d0638de5cb4

SHA1
c65e57555c5fb068478421633e256cd7cff9a361

SHA256
db0c06b958f228ed25987a4b4ea4543d9178dfd6fe6c1f24dea7cf00cefb7856

SHA512
c20b39950251e196ea403585d71f72d388bc936660c70e75638866b98a72b16ac8f447ea3e6486b723320ff4b113a3270372dbffbd580ca0f45e1aa5a76f2dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b35a9bb252e195f0462b6c843e130db0

SHA1
c7dd7789cf9834dc9a268fd1174051cf26ffead4

SHA256
b2e35f307a171bae7e4e2ed7c22e37fd7a7c0594625c712358f490ebdab8d16f

SHA512
95767fb87df025997f5076292d0f2d0356cb11f5153a87c29ab0c27599f95fd7cbb90e49eee0216d830f6c9956bf3518095d61b00ae33f9132e071179a0f4a39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1d4db2007b22e76386480d67f05dfbca

SHA1
6a482f5192d2501019e71b0bfeb4f344bd0d32d1

SHA256
c1796f6783749b855bb2479832716b747eb1e51d4438eb6b0c58e42691fc1a5b

SHA512
13ec6655faf9a54ef9b08326e3b7ca03eb7bd9b95dc6a7349b069298454f7a94f8276867cbd22c8d964ef8458a8d6e56eabc70a121e0cf21e1ad8f014e5a6328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
94c0d994288b6e3c6e9a36ddb3c111b1

SHA1
71dc2d5aa54e3add10c26e37b8f9083c6d029d00

SHA256
9cd0a57f1fb1ce285969916737935b89022e285aa5f8d6613753f38b5e0adf32

SHA512
ca770844a8af31ac6304399e4e00126db632b597a2dab97354ccfcc686114e983ba403bcd6a5feb7a7d62aff8c644e02dd5a6d0d92725c8c80e0282c916cb2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4f79173a461d08f019c6621983e1dcc3

SHA1
a82c1b97da48a60ee858c8d329279b1ee04a1a66

SHA256
d7e955f4f7a6100f3359099acd4d3502a71b01a1385b6506182809a8c49958d9

SHA512
518e054d85fcb6fad36c475a16a19afe0351a6c3e2e8874e5dd8db750551021ce0021a45cc453f477045e393a7251717a645510bf06b0efee882534fd1e5ed85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5d8541bec7a8a02bf87482ce33e1b276

SHA1
b19a9ea4549482f016491f2e4b64a172653edeb8

SHA256
f5b7d5073f16b973d34303ea04747316f293b6099da91c8c8361ebfcc4b74543

SHA512
49f966317d16f0f59fb9a76f05d93e3268166fef04c7ef183298b2df459d6c9827cd3f75532bf6c00dfabdbe27bca5457e3fb09524c166e560aa66c09b02fb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b4e080bb64da17140bb2ebfa8d55fd98

SHA1
74f4a8e7ff94f1aa9d84aaa536204146838bb4cc

SHA256
0d485b73deca6caa9a2b68d1629af86e1e2eb97712c3124574697e13c64dc052

SHA512
2ea2e4e8f066540e45e0b03371070f614f823e4768108c9155cf4c98ccbb6c5247f4e45cef7e371dfd90df13de7d68329a71d7b83590223756e9ef33601464f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a4f0c.TMP

Filesize
120B

MD5
b726fd97df2663a98cf690f31253d9d3

SHA1
06c61303b1dbf2447a38a8cb07045584e7e38bb1

SHA256
5ed3937b3ea1aa233c0dc9aa9433510b1bb7e5f170057320efd6dee4bb423299

SHA512
12668aff4965ff745a2c3fed9669a085ee44fa241bb85f372707f443af7b0b6703347643fe7f30d24497fa762413df4754eac7973f3a5e682cb7ef890280254b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
a9d5c8df2489ba8e550bd206c3220617

SHA1
ea54790d745c2cabd18b06f37408d95e212cb312

SHA256
90bd8fef07b62b9d784ee5a3d436973266680b3e1d62952cbe3a469d40f0120f

SHA512
43e129d1864071cb6486cfca17f8e18246482d1fa9637f34be0b614331f87345325405989ccf62561059cc1ed096ccb428d233b1291a02eb12f359c5299f8b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
50c8f4751a3b08a8a1d98850461f791b

SHA1
dc0da2b684a4635a2a68cd76b1848666c4c942b2

SHA256
1d66e6093c6e233d372fcc954dd98c9a53a973a32b593530fe6cae3b37cc75a8

SHA512
660c3d80eddbca21e9b66061bb4b31095710568375709e37fde8216e72f09ad6aa93327016d69a982f09d965852ce94e328273c3c8b58e8c8c96c61673d44216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
46d5c4d28fd0946ca685b94ce4f116d2

SHA1
fbfb6ceb26ea59f406b2749240338cab41919450

SHA256
bc0f2d0e4123a3ba86b002e575625314c2dfc0985bd629f6a14aa820af92b836

SHA512
8b229104f2e828ae9344ccc428ca5ef9d565269d9b0c20ab67b07d5d39b5b5ec2e96994ba4790f9dd61c3a8127da8da312cbf51c0ccef63114cadee40d564d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
549e36ed4ce0daf1ae2c20e1737d3585

SHA1
76cc2d93fed7bc3f6c29f9dd078f9f2f9b326ebf

SHA256
0a6ac44eb65459e37d5dc2431cb0587cf92afa91e8017746180a4f37df5482b0

SHA512
06039f2e92a241c66c48db7ee19a2094fc0ae440f45f793302fca855603372352fa0c976f240c773fb80f9ade9705657d7a959f258312cddf54f8144a644cef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
feff5e645b5f2bb8dac9a6720b1217ac

SHA1
d62f6dec154dbf78ded7ee2d9600a2fa64055d82

SHA256
973c944167c5517399bd88747f180bb4704cae8ff0f80fc59652f1c8cc46f880

SHA512
e0f8f200e39270b71f56cf56329f4ca70a8ab9e9aabfd108239d57fba1e7f8b7a5ca362d6d3b1fe6d736cae4463decdae8de9a65010956435a0d4be559b94e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
a94f7e35763a709ab6a9192b401d89c7

SHA1
19dfaafe70917bf20a154935277b1362f4e05c96

SHA256
58bfd028d05f160e06665d2d1efe379c2505a092cb7c3452c41f896b0eb16381

SHA512
3618a47f6a5234eeca7c161d0c289b619328fbb716168274f2a391c4eb84cf31ea0f6aa4ea8f7f08296532bfc82d4975d5282b7b5259cbb75e4a2a953fa91fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
02a170c68e87d8e8806e7d61bf0637c9

SHA1
30f35fd8973f7f5d6cf0323e52a70cf4eb6c1809

SHA256
8fa1845243c39d6eb04d08ba70b7d9921a3926f9394ca8810bb3dd4341fd592b

SHA512
9579236e9ba6c706007fc1a19840145719f3b91c72b0db51f3fdc008951e9a8f3e8e3a6237723f775ee89dc0c579d7fedd3f013a9a6d33670bcba7480317c983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588642.TMP

Filesize
93KB

MD5
2fd125c5259647899a1a6de03e484059

SHA1
73557050ce8bfb0f1157c61ae2b1a89d589586c2

SHA256
268de40e358cea3aa42a655cf309d1d8488b53d8ebfb8b374e0ee59c493b571c

SHA512
1493a1f43d5844b1534294fc38d813c6cb879879310ba1d20d9e339100f0ee77cd419432486bbfe9fe0a1aeefe3b0c84b00a8517c93eea26f9b25826c8fa8bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Discord-RAT-2.0-master.zip.crdownload

Filesize
12.1MB

MD5
017e28cd77905a0bd918d7e725632a2a

SHA1
d709e343f64d93ab00c6fc0aa4ae6ab22aec9f73

SHA256
c8de0e92e603214114f8800dd99ecf8cb69ac85caf8010a99ba3f66afe70fcbf

SHA512
0ae6f1dea994d879043b0ef63049cdbd68dd7671b1df53f3688e91a7027dde8de6d193bafeb12f4c6b7f97909d116f06811a29d13c56ada2c774e78dcc5f1a16

Download Submit
C:\Users\Admin\Downloads\release.zip.crdownload

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
4ec487d0538495c269e0039d081d42fa

SHA1
ecd574e1bbfda1119a778307609e85e6e696325b

SHA256
4899596e68dd4b160a42a14c72f6be0d9a04a714023b0f54d770f8431ff925e8

SHA512
4e778fe02eec094dc56ba55c4a4ebb7c395171acb333c755a9acc6a08e5ae3917b3c5a97c835399f64b2561de1f578aa5952b9376b901ed082617b2287aaeb6e

Download Submit
memory/3152-673-0x0000000005410000-0x000000000541A000-memory.dmp

Filesize
40KB

Download
memory/3152-670-0x0000000000B20000-0x0000000000B28000-memory.dmp

Filesize
32KB

Download
memory/3152-671-0x0000000005930000-0x0000000005E2E000-memory.dmp

Filesize
5.0MB

Download
memory/3152-672-0x0000000005360000-0x00000000053F2000-memory.dmp

Filesize
584KB

Download
memory/3152-764-0x0000000008470000-0x0000000008592000-memory.dmp

Filesize
1.1MB

Download
memory/4892-0-0x00007FF868DC3000-0x00007FF868DC4000-memory.dmp

Filesize
4KB

Download
memory/4892-5-0x00007FF868DC3000-0x00007FF868DC4000-memory.dmp

Filesize
4KB

Download
memory/4892-4-0x000002AD7C8C0000-0x000002AD7CDE6000-memory.dmp

Filesize
5.1MB

Download
memory/4892-3-0x00007FF868DC0000-0x00007FF8697AC000-memory.dmp

Filesize
9.9MB

Download
memory/4892-2-0x000002AD7C0C0000-0x000002AD7C282000-memory.dmp

Filesize
1.8MB

Download
memory/4892-6-0x00007FF868DC0000-0x00007FF8697AC000-memory.dmp

Filesize
9.9MB

Download
memory/4892-1-0x000002AD79A80000-0x000002AD79A98000-memory.dmp

Filesize
96KB

Download