Analysis Overview
SHA256
33b7a340b7dc14476c5fe392114a9ceb5595b593fd19297f7497e08efbe22e51
Threat Level: Likely malicious
The file ShadowRat.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Reads local data of messenger clients
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Detects Pyinstaller
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies registry key
Enumerates system info in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-11 10:29
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-11 10:29
Reported
2024-05-11 10:47
Platform
win10v2004-20240426-en
Max time kernel
1050s
Max time network
979s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\DiscordSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
Loads dropped DLL
Reads local data of messenger clients
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\System32\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598970195868183" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\ = "URL:Discord Protocol" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9146\\Discord.exe\",-1" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\shell\open\command | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9146\\Discord.exe\" --url -- \"%1\"" | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\shell\open | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord | C:\Windows\System32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\URL Protocol | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\DefaultIcon | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord | C:\Windows\System32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Discord\shell | C:\Windows\System32\reg.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ShadowRat.exe
"C:\Users\Admin\AppData\Local\Temp\ShadowRat.exe"
C:\Users\Admin\AppData\Local\Temp\ShadowRat.exe
"C:\Users\Admin\AppData\Local\Temp\ShadowRat.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1e0746f8,0x7fff1e074708,0x7fff1e074718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11745965103876049769,1251819484277926269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0ddeab58,0x7fff0ddeab68,0x7fff0ddeab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4780 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4208 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:8
C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe" --squirrel-install 1.0.9146
C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9146 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x520,0x524,0x528,0x514,0x52c,0x7ff781293108,0x7ff781293114,0x7ff781293120
C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1916 --field-trial-handle=1920,i,15176108765446387654,8326270343278187003,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=1988 --field-trial-handle=1920,i,15176108765446387654,8326270343278187003,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe\",-1" /f
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9146\Discord.exe\" --url -- \"%1\"" /f
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1044 --field-trial-handle=1924,i,9646951332789935039,12968810926566041604,131072 /prefetch:2
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
C:\Users\Admin\Desktop\ShadowRat.exe
"C:\Users\Admin\Desktop\ShadowRat.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| BE | 2.17.196.65:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:49515 | tcp | |
| BE | 2.17.196.65:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 65.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 164.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 216.58.206.78:443 | clients2.google.com | udp |
| NL | 216.58.206.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 78.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| DE | 142.250.185.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| NL | 216.58.206.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 142.250.184.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 142.250.186.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 234.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| DE | 172.217.23.106:443 | ajax.googleapis.com | tcp |
| DE | 172.217.23.106:443 | ajax.googleapis.com | tcp |
| US | 104.18.4.175:443 | global.localizecdn.com | tcp |
| GB | 18.245.162.13:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.245.246.167:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| GB | 18.244.114.78:443 | assets.website-files.com | tcp |
| GB | 18.244.114.78:443 | assets.website-files.com | tcp |
| GB | 18.244.114.78:443 | assets.website-files.com | tcp |
| GB | 18.244.114.78:443 | assets.website-files.com | tcp |
| GB | 18.244.114.78:443 | assets.website-files.com | tcp |
| GB | 18.244.114.78:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | 170.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.246.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 78.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.18.4.175:443 | global.localizecdn.com | udp |
| DE | 172.217.23.106:443 | ajax.googleapis.com | udp |
| GB | 18.244.114.78:443 | assets.website-files.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.discordapp.net | udp |
| US | 104.18.52.172:443 | dl.discordapp.net | tcp |
| US | 8.8.8.8:53 | 172.52.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:55940 | tcp | |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:56017 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:56096 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 216.58.206.67:443 | beacons.gcp.gvt2.com | tcp |
| NL | 216.58.206.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:56201 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:56278 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| N/A | 127.0.0.1:56355 | tcp | |
| US | 162.159.136.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:56432 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:56509 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:56586 | tcp | |
| N/A | 127.0.0.1:56663 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:56830 | tcp | |
| N/A | 127.0.0.1:56900 | tcp | |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:56924 | tcp | |
| N/A | 127.0.0.1:56931 | tcp | |
| NL | 216.58.206.67:443 | beacons.gcp.gvt2.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI24722\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\python3.DLL
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_wmi.pyd
| MD5 | 7ec3fc12c75268972078b1c50c133e9b |
| SHA1 | 73f9cf237fe773178a997ad8ec6cd3ac0757c71e |
| SHA256 | 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f |
| SHA512 | 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_uuid.pyd
| MD5 | 353e11301ea38261e6b1cb261a81e0fe |
| SHA1 | 607c5ebe67e29eabc61978fb52e4ec23b9a3348e |
| SHA256 | d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899 |
| SHA512 | fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_multiprocessing.pyd
| MD5 | a4281e383ef82c482c8bda50504be04a |
| SHA1 | 4945a2998f9c9f8ce1c078395ffbedb29c715d5d |
| SHA256 | 467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c |
| SHA512 | 661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\pyexpat.pyd
| MD5 | 5e911ca0010d5c9dce50c58b703e0d80 |
| SHA1 | 89be290bebab337417c41bab06f43effb4799671 |
| SHA256 | 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b |
| SHA512 | e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\base_library.zip
| MD5 | 08332a62eb782d03b959ba64013ac5bc |
| SHA1 | b70b6ae91f1bded398ca3f62e883ae75e9966041 |
| SHA256 | 8584f0eb44456a275e3bc69626e3acad595546fd78de21a946b2eb7d6ba02288 |
| SHA512 | a58e4a096d3ce738f6f93477c9a73ddbfcb4b82d212c0a19c0cf9e07f1e62b2f477a5dd468cd31cc5a13a73b93fa17f64d6b516afef2c56d38ede1ace35cf087 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\multidict\_multidict.cp312-win_amd64.pyd
| MD5 | ab3685f651c7821bbf03baf1d436b617 |
| SHA1 | f6306217ecaf5fa1dc8c78260d02dd2716903316 |
| SHA256 | 1ef9e6eaff88cdcc0a32346b7b266a0e1d19716ecac07f16a189a7057ce971f9 |
| SHA512 | 08e4d615ce5f9c565d54a16b1f475b6ad746b5d8e7f17248d235b5acd474333036bb33671c887bb64794b56ec910af28efbb7bed8bdea2eddd4bcd81c1b1fb70 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\yarl\_quoting_c.cp312-win_amd64.pyd
| MD5 | 44eb05d3c409e626ad417ed117068160 |
| SHA1 | dc0c4446e0601a2d341a09cda68ce6d2e466c040 |
| SHA256 | f306e375e186c011585dea2bc875530fb7d734861db388764a2aa307b1b68df3 |
| SHA512 | 51194721d5ed968d40394f784a4708e6282d7c28b45b387165ae44eb5798f58432e85f743f798dae2c79722c88f5e8bb61c31ea37110781aa2368c6b4a4a45a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\aiohttp\_http_writer.cp312-win_amd64.pyd
| MD5 | 3307e43349b363267a4c10a8c2899670 |
| SHA1 | b616f04f5cbe7db04706001454253c176287d6b2 |
| SHA256 | 041e6821db9ecfd6579d9ada9182de03ecbb0375d60b3e355a1c7de02e0e77a6 |
| SHA512 | 4b4257396cc8063b99c439caf346d005ca7992b60afcb05bdcd4384290030463622ef2f1572c22b99798e3d88a94dd48456e65e840baf44dc5a33dea27ba14c9 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\aiohttp\_helpers.cp312-win_amd64.pyd
| MD5 | 3f76cb8904f4b8f5a51db73fb4aa07b2 |
| SHA1 | b9068c49b3aad120a6eee9dd6835ee2c7157e63a |
| SHA256 | ce240f6083ce39978dd8632e7edc3a2615fc2c49e980933e889ac4b792ea053c |
| SHA512 | f6f71456c3658c9d6cb8925e3aaf916a30b96294459ad297aef2b50a48436a12de1cbab399d73c6191dca0519786ae7741fc28e748a1b03bdd345d5d2180d2f6 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\aiohttp\_http_parser.cp312-win_amd64.pyd
| MD5 | b9629419e22e48200e565ecef78a28aa |
| SHA1 | af0fa5f14776fff7ea43e9e72e04bc9c87b79ad7 |
| SHA256 | 66703e7393eac594a94b2f809c91f5770e6de81640911f99b915ed3d8f671c07 |
| SHA512 | b173c23598fc7de7c3b3def188d9a2836d7c16711c5d7be199c0eeeb3c0836885c4f555a99a3407b6aecf3ea25c1fcd93b668f700293eb94a30c8fea5f8b660f |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\aiohttp\_websocket.cp312-win_amd64.pyd
| MD5 | 8307d21acde99544f20c7fc5c37d3e1c |
| SHA1 | 757f61b05d8924b7c02a742a51ea68b7ff89a35f |
| SHA256 | cf3bc8d2286870c4298c25fd62bf475615e62765d930cebd5f6f0be889e86545 |
| SHA512 | 6bdbecf166641d5e7eeddb8b08d32c50f60ec65a0abb694dcf649eaade35c887d6e00238cbedb2cc0ff6a384f1d850ac0dcfc5a6766209623421fac2a525fd58 |
C:\Users\Admin\AppData\Local\Temp\_MEI24722\frozenlist\_frozenlist.cp312-win_amd64.pyd
| MD5 | d7193bea71087b94502c6b3a40120b04 |
| SHA1 | 51aa3825a885a528356ba339f599c557e9973ec3 |
| SHA256 | 886375bc6f0ff2bbd1e8280f8f1cb29c93f94b8e25b5076043cd796654c3a193 |
| SHA512 | c65cef39362a75814d40132f4f54f25f258c484dd011b12ae7051fa52865f025c960e4a3130c699b7eb1be375a3d2c3c3b733d6543338d7e40aad0488d305056 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_1572_PNYAYIGSAMRNLDHR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a9a8aa64932b369980503c819871eb1 |
| SHA1 | 40d51b01ba2ee3475faec7df5f4b018536c76703 |
| SHA256 | ca93ab9d4909842897513bf28e67814bae9db06fccd2c43257beae303abf527c |
| SHA512 | f73039f3e032e0dedd5149ad30124a5ccef053882bfb3035a57cf6bb15bf13b733337ef66a9c289c23f3c3273c65c35e382dc157624749f784e2dcffb9f2c08e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2d8e9c43588e5e282766608d355f443 |
| SHA1 | d1607652d9c7b4234b406d88014ef6bc0f745a3e |
| SHA256 | d710182bb32fa879d664044b9c363a1ae828f0c8780a6c2a14f5ce3ad444ab21 |
| SHA512 | 5656c92c51cd69bac625fe809e3bc7baa6ac64e3dc109528958d05fb51a0004e8836f862fca4c4ea8e9500c92b371e915c998920b8a4a59c3cc756cdfef64101 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb5ef5c81d989c5274f19ff5080af3b9 |
| SHA1 | 0debca747a59131339c70fd7a06058e75298d86f |
| SHA256 | ac017855e67e1d078bf6e78a4519a153444efd79aca8053c55e92f89e0496670 |
| SHA512 | 5da246fcd1b949dce9367f3a6474e7097024c1b335a5bef5df2de77a21f950081515dfdee45cd8991bfc1a08fd2b705efff2e22e44233f3a18f428d412353d21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3b01b51dc4baa6a656755c9dde797391 |
| SHA1 | 1ecde06edc302899e4413bcb5c0168ec5a05927d |
| SHA256 | 13e747d7b2c7a19b393dabfb3a925f377de21f9cdfb3df0f5630c649f84226ed |
| SHA512 | d654a9d6995c09acd706e085628ab01172ab83358777ae6b711e2637e88cad284191c49efeb517a6e69edfd357bd04808290d981aa7756f433e41d1fe320f46a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83ce5b81b1b4bc31ae2194ddeafc8e90 |
| SHA1 | 0c11e228960f1f35f6019a08757466eb007d9109 |
| SHA256 | a88756c77010c9fd00797264c2b56c7daf4e5657eab38e2c2b210744c9628053 |
| SHA512 | 78502c6435705b0a1c65a35b7a8f85d1be0a0b5cc26d923d89bf491c9b573be4897f1b628f2ab9f58dbdc6745f1028412c00c8835ecd87d6c3266a045a910438 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f1e423c8b9cc4e4c2820b21d2c01aef0 |
| SHA1 | 403fa65f41a0cf10c6b66eb70cf68b8bd22ae311 |
| SHA256 | 979ad35f2cf652aa3c023ab27e2b6f05f71fb5630903f4a5144d3d8da73db5e4 |
| SHA512 | 8d5a0d318367a6f198201702c922f9030b1d31ca4ed44e233ca33438779cef9bbcb154fa7f4841d8b8a6924950e2fd610dc441c40056f3f20990dfc7eadb7243 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | dc8e7ff3894b342db25a3253419690e5 |
| SHA1 | 9e9e6af98fa1e85484a1b13aed09f2d4885c364c |
| SHA256 | 6cff9f765a73b070a5fd9d82e4506436c81791867f62593ceb1e57d57c6ee5d6 |
| SHA512 | a65cf3b41cec08de3afc938a480ccbd18fd4ab2ac79dff66d7ce6896f620d28a88018e938744fc24d813839e1768f4b36db2111e282935aafa10155f37109277 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b58a9dc77e20a6126e1eba6abab1ae71 |
| SHA1 | f2835427f1a77ea7409ba4c0bf14dd9d65d7e343 |
| SHA256 | 88f9cea753bf3b194543fa897024d82263655a2116248f4aabae737690a2c46a |
| SHA512 | 96fdb04e039860a66c162e8794cc7ca650b8887dde6e32ff49537e2035ea50d95e3765e39bdce33799162f4eb0b28aac54554c7011420e302d92b495bc5961e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 672023a472ed8fc191506fff9f163ba6 |
| SHA1 | e3a055066a48cb16a9e719a8c358a76757d89eba |
| SHA256 | d5bd096ffc1d006e678851fe3d53266f2be30c41e9242a2c3f078e60e1443c0c |
| SHA512 | 78f096076beb8853f9e2a631a368f07a9d03d6fedff4a74b12ecee04da46d271f9960de52a1765eb26ca9b0c9a9a2bda07f0557f46ec2075cb651aca23b89166 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | dcd252ab3482d4aef8fe2d048f51feb5 |
| SHA1 | 721f716859d4d49603e279be38697443bb378bb0 |
| SHA256 | 7e7515b5b4e8308a8cfa7f670eed58c9417d1777496783c706a0edcb35e0de02 |
| SHA512 | cdaa7d10f0afba0885c15ba10ce907d18e4d27d07866732e1cee57bc63f8973126d7d9db9fe61b1e1f60998d9e96206285aa8a972b8e368a57b27fc42c2ac98d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d7d2.TMP
| MD5 | 0d4fefd61c89e601ba2d92019882b44c |
| SHA1 | 3d299a81bf3d1a2bb3a4f9e1c370880f5dfc0d10 |
| SHA256 | d18e31f09e0e53f8359bb276b856f0c84b1bf2b8a176b54d9ed7d55efece47a2 |
| SHA512 | a34dbda4e9d4fc74df2e65d01f42b6a13d082343049f2bca234f711addcc6a289237f2bd905980375e348e320d913f556c2a96cc3e2a516db5591dceb795912f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 167e354c8bb2e9faef183eb4d57e8abe |
| SHA1 | 9cd338c54700dea8cdf83654b95731d0be398cab |
| SHA256 | b74dd2d8b074825cbc847e39ecffe0ce6706cf43efaf12bb6c3a71ea2ff3bdbc |
| SHA512 | b9296412aa5e86595cbbe9bcf84017699f7d2075a798e3812b9d5a72c69b0399a2a78b60f874cc31beff7c83d8733b8a52d566c09f534c933764d2117140c804 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 282ba5e6b9fa748dfc0c770351fa17d8 |
| SHA1 | bde673f55e73102d50222db1a27a2dfa0711f56b |
| SHA256 | 5e0deb590ef232e43fedcccb559777c0f5c5503c8e712c9760475a44b68e4ba1 |
| SHA512 | db83e9731bfbf4888e499afa63f3fe36d414089cc571fce40fbeed07212c6a177a1a09dff3eee23246b42fb7a3a751b460777e2a6dc82b357afa6c38e3ddb5d4 |
memory/4528-496-0x0000000000890000-0x0000000000A06000-memory.dmp
memory/4528-686-0x0000000012520000-0x0000000012528000-memory.dmp
memory/4528-687-0x00000000125A0000-0x00000000125D8000-memory.dmp
memory/4528-688-0x0000000012580000-0x000000001258E000-memory.dmp
memory/5732-709-0x0000000004AB0000-0x0000000004AD0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1cc89ff813051045c7544f1f5f77237a |
| SHA1 | c4ef7d22f2ac9c8aab8b21fd85566763880c2eec |
| SHA256 | 9268d2b19581a9befa8f64b004524eee10b714a2cc5ec621e86e08041dce78a1 |
| SHA512 | fb50a871975793820f5db3e248d9d89ad0cbaf2b086e21bb0307033a39842e5f6209f5eeb3872441926ba63558432efcd075be46da07f689bfd926b2f0a5aaba |
C:\Users\Admin\AppData\Local\Temp\_MEI55762\attrs-23.2.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\attrs-23.2.0.dist-info\licenses\LICENSE
| MD5 | 5e55731824cf9205cfabeab9a0600887 |
| SHA1 | 243e9dd038d3d68c67d42c0c4ba80622c2a56246 |
| SHA256 | 882115c95dfc2af1eeb6714f8ec6d5cbcabf667caff8729f42420da63f714e9f |
| SHA512 | 21b242bf6dcbafa16336d77a40e69685d7e64a43cc30e13e484c72a93cd4496a7276e18137dc601b6a8c3c193cb775db89853ecc6d6eb2956deee36826d5ebfe |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography-42.0.6.dist-info\top_level.txt
| MD5 | e7274bd06ff93210298e7117d11ea631 |
| SHA1 | 7132c9ec1fd99924d658cc672f3afe98afefab8a |
| SHA256 | 28d693f929f62b8bb135a11b7ba9987439f7a960cc969e32f8cb567c1ef79c97 |
| SHA512 | aa6021c4e60a6382630bebc1e16944f9b312359d645fc61219e9a3f19d876fd600e07dca6932dcd7a1e15bfdeac7dbdceb9fffcd5ca0e5377b82268ed19de225 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography-42.0.6.dist-info\WHEEL
| MD5 | c48772ff6f9f408d7160fe9537e150e0 |
| SHA1 | 79d4978b413f7051c3721164812885381de2fdf5 |
| SHA256 | 67325f22d7654f051b7a1d92bd644f6ebaa00df5bf7638a48219f07d19aa1484 |
| SHA512 | a817107d9f70177ea9ca6a370a2a0cb795346c9025388808402797f33144c1baf7e3de6406ff9e3d8a3486bdfaa630b90b63935925a36302ab19e4c78179674f |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography\hazmat\bindings\_rust.pyd
| MD5 | 61d63fbd7dd1871392997dd3cef6cc8e |
| SHA1 | 45a0a7f26f51ce77aa1d89f8bedb4af90e755fa9 |
| SHA256 | ae3a2936b138a2faa4d0cd6445fae97e441b23f6fdafb1a30e60fd80c37d7df5 |
| SHA512 | c31f1f281d354acb424a510d54790ee809364b55425b1d39429e1bb7c379126578260c6f197834339a34833c90e748483aabd426295731f78fcde9580fcd8f9f |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography-42.0.6.dist-info\RECORD
| MD5 | e802e5860628dc9f46848425f8d2ded6 |
| SHA1 | 6894465388efd98f6711ef483771af94453a6341 |
| SHA256 | bca91b0203bd180baefaa3fc7f0c7dec38a0e951e0b342d595f964ac9dfe6254 |
| SHA512 | c36b7acb6f13744b532c37825882388f13333201078cb7e0af36138c5854882570a5d644ed031ddaa58eba5d3c22e9c288df70ddd3e406c179efd0143386a9d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography-42.0.6.dist-info\METADATA
| MD5 | aab7171a946650583408e85ecaac80f1 |
| SHA1 | 4b64fba42141262645c5c883e28c093c69580f18 |
| SHA256 | d25481fb07657df12914ff2dc4604936af9b1d45288881f1802f39dfe9fe9355 |
| SHA512 | 9c8962c3b9cc657a01cf1e3228ffc40641e7f58075760d5bef48a82a08771db3607005f93ad6389800cfe31c8ed29f9a55d7eab08a66cdbab905cb82df7e8ccb |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography-42.0.6.dist-info\LICENSE.BSD
| MD5 | 5ae30ba4123bc4f2fa49aa0b0dce887b |
| SHA1 | ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8 |
| SHA256 | 602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb |
| SHA512 | ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography-42.0.6.dist-info\LICENSE.APACHE
| MD5 | 4e168cce331e5c827d4c2b68a6200e1b |
| SHA1 | de33ead2bee64352544ce0aa9e410c0c44fdf7d9 |
| SHA256 | aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe |
| SHA512 | f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\cryptography-42.0.6.dist-info\LICENSE
| MD5 | 8c3617db4fb6fae01f1d253ab91511e4 |
| SHA1 | e442040c26cd76d1b946822caf29011a51f75d6d |
| SHA256 | 3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb |
| SHA512 | 77a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\charset_normalizer\md__mypyc.cp312-win_amd64.pyd
| MD5 | bf9a9da1cf3c98346002648c3eae6dcf |
| SHA1 | db16c09fdc1722631a7a9c465bfe173d94eb5d8b |
| SHA256 | 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637 |
| SHA512 | 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\charset_normalizer\md.cp312-win_amd64.pyd
| MD5 | d9e0217a89d9b9d1d778f7e197e0c191 |
| SHA1 | ec692661fcc0b89e0c3bde1773a6168d285b4f0d |
| SHA256 | ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0 |
| SHA512 | 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\certifi\cacert.pem
| MD5 | d3e74c9d33719c8ab162baa4ae743b27 |
| SHA1 | ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b |
| SHA256 | 7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92 |
| SHA512 | e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\attrs-23.2.0.dist-info\WHEEL
| MD5 | c58f7d318baa542f6bfd220f837ab63f |
| SHA1 | f655fc3c0eb1bf12629c5750b2892bd896c3e7d9 |
| SHA256 | 99161210bdc887a8396bf095308730885fffd007b8fe02d8874d5814dc22ab59 |
| SHA512 | 3da6980a39c368ab7f7527fcd5fcdaa9d321060174baae163bf73f8052a2ac1a73f476c3882855965dfc2cb13c7c3ec1a012882201389dac887f9be59540c80f |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\attrs-23.2.0.dist-info\RECORD
| MD5 | 8829cd6bcf32a2b07fc3bca9942a0f19 |
| SHA1 | 76ff04de50eb13c6b875a292dc68c80f7031d8f8 |
| SHA256 | 8d2ee3b85635dc1c0367f021196cf128f22d08a3afb8209b638e1c109ecc0398 |
| SHA512 | 39052963d68872b26072a2c70aff6ad5ca805d341207e8b7f5d5449238bf2ca6cb36bf5080b4cdfcea441c44bc5b8074f264dc7c122e1a515efd957780ea540d |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\attrs-23.2.0.dist-info\METADATA
| MD5 | e32d387a89f0114b8f9b9a809905299d |
| SHA1 | a055c9fbf5416c83d5150d49ca16c58762b8b84a |
| SHA256 | 5b0bc6ece1f22a310fa72154642098b759f413f09ca9d45bedb96218475c9be0 |
| SHA512 | 6eee3e19af46a79e2110678f8d3d15ea4b2eb1355d0fc9581da2c8e91d28926a2771394ea447e15cbc311a9dd9de2a20e2ac0e0abf9db6d4d51982199a12e881 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\zstandard\backend_c.cp312-win_amd64.pyd
| MD5 | 478583eb2f71fa1793829fbde4246bab |
| SHA1 | d67331acf14354cfa4cf9ab3a3e0bc2e1288bcf9 |
| SHA256 | 8c7c7929d3a2742f0407619da235d5b298882cc4c7ede3666ac21e9db22f8347 |
| SHA512 | f4e01565632756036eb38d9663295836b2379b8c4b57de7704a6ee7a24dbcb5a12506ac51d2540991f8fff53ffac1f6fa56814b3a009db6b0cc9f18ab3578fc5 |
C:\Users\Admin\AppData\Local\Temp\_MEI49602\zstandard\_cffi.cp312-win_amd64.pyd
| MD5 | 6da2cb32dc8b529e9592e0fd02a86728 |
| SHA1 | c37f6adebc455a971d647ebb945a539cf122d1ec |
| SHA256 | c0bf1ba65337954bdb71982333901f7118242cc064a945956fe8439704158498 |
| SHA512 | 855ed0196fbb77bc86591346a36bef661f61ea4404c882d3965222b845628d09650431edc5ecfc50718a7a5a6c4d3e317254ba735dae9dd821a9524a4bc287a6 |