discordrat | 9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Google Chrome.exe
Size

492KB
MD5

d3ebb8649264196a80f589dcf0c97f9b
SHA1

4bbeef7c604629c5cce710ff78dd1c032dc67fc5
SHA256

9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689
SHA512

fcb8dd306b96ff2cd6c13cd9dcd70330efd2d2cab63548b1089fa207b0249603b8f45f5f2c50755db2a7d877774a7497c2303fc9ab5150529fcf6a24e7f1f9b6
SSDEEP

12288:2CQjgAtAHM+vetZxF5EWry8AJGy0khGPyJm:25ZWs+OZVEWry8AFtGPZ

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NDA5NTY1ODUwNDM1OTk3Ng.GTDu8V.pnAIDXNTNWIQchltJK15s3stoHuo5RxHsi9AYg
server_id
1244095541626015796

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Executes dropped EXE 1 IoCs

Processes:

backdoor.exe

pid process

2196 backdoor.exe
Loads dropped DLL 6 IoCs

Processes:

Google Chrome.exeWerFault.exe

pid process

1620 Google Chrome.exe
2840 WerFault.exe
2840 WerFault.exe
2840 WerFault.exe
2840 WerFault.exe
2840 WerFault.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2196	backdoor.exe

pid	process
1620	Google Chrome.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2744 chrome.exe
2744 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe
Token: SeShutdownPrivilege	2744	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe

pid	process
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe
2744	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Google Chrome.exechrome.exe

description	pid	process	target process
PID 1620 wrote to memory of 2744	1620	Google Chrome.exe	chrome.exe
PID 1620 wrote to memory of 2744	1620	Google Chrome.exe	chrome.exe
PID 1620 wrote to memory of 2744	1620	Google Chrome.exe	chrome.exe
PID 2744 wrote to memory of 3024	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3024	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3024	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 3016	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2728	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2728	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2728	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe
PID 2744 wrote to memory of 2464	2744	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Google Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Google Chrome.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6499758,0x7fef6499768,0x7fef6499778
3⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:2
3⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:8
3⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:8
3⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:1
3⤵
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2200 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:1
3⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1564 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:2
3⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3240 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:1
3⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:8
3⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:8
3⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:8
3⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3868 --field-trial-handle=1396,i,555239179532703695,13126086766294667364,131072 /prefetch:1
3⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe"
2⤵
- Executes dropped EXE
PID:2196

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2196 -s 600
3⤵
- Loads dropped DLL
PID:2840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2328

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2432

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
24ecb8af93692ba8ce8f9846c378e269

SHA1
2aa68c32706e8a81a47f5961bd43a4d2ba393886

SHA256
2e5b92d76edec80341ba20fc68b87cf9daa9a0227f0f2681aaf49e351979d729

SHA512
43304c0b77a36774447df3ded0f2a6de32fabd9fb7f2c5f7f7527de5c566ce7f2dd29218798bf9dfc2b5aa70c9ce70077c387a404e45f10eef40007f847f8df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
d101e76b979ca91b1421e562be52bef7

SHA1
31b55726797021a040a056a79b1f0f6d2f52e1ba

SHA256
12d7c4f2cf89e702751b25bad98a4b9d5c77fc6caaf6145edc1115c91d9c2867

SHA512
31defb8ccd7ff4b7467a949ce50d9cb73b365a61cac38879344932ec4bfc2e02dbf10dc09559371d33527f55033756ee1f4d03579e45bc24bbda3ba0ebf7fb3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
9f676d31155b1bcb1732d3c6d72c26ed

SHA1
67e2cb2d6b715c4ef892034cd8a448bd748a5fbe

SHA256
f4deb9bfc1e4c410116e0027f4249ba623406c86d5a5df4b23d64e5315ee0660

SHA512
076f1635f0d87bfc1c68d711b0b29abb0a1b2a7abd111303a17d36a4ace42961e3e4a36ad4fa1a0070147e93da4be8399ac7a3a631c62a1c613b5e6c9683b28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
c0c6a2116bac44fe04c129ba30a4c87a

SHA1
2631cc5b2c84434beca036e91d2c6fec5048fab4

SHA256
7dbcef8f538fa2fcfe70f55559f0a88588fd0a3c5cc4828de7cf9a456f41c1eb

SHA512
11a0e8493c8d9c989ab7a259c658dd6099cf87dffc54a48d1d3f3fe06c51c6fda361cffd6e3ab96e8bd2390d70fe8fb5bac5ca6ba611b951b1466b78c84716bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ac2580e8-27d0-4232-87a8-fc62184f8c16.tmp
Filesize
145KB

MD5
43115a5ae4be26fd5233505175890b11

SHA1
aa71ab150c6eb475df3c9c6f7edd9dbf0c35a3a6

SHA256
8f727697f1260d72269105d4a15abc78a37a880a6deb5360683b5aaa66c07503

SHA512
824852a05616fa4ab79d5f3209b2bc8d1c09a5e26ed834de08dacabf70a752634c8408c2bdc9af06c5cb52b757ce04cafb2105ef68feeb10218982126db8a748

Download Submit
\??\pipe\crashpad_2744_GDOSCIQZSTNCGYSJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe
Filesize
78KB

MD5
9553a880a3c466fa75a66e0c39227e12

SHA1
792c1dad18fb2cbcec2d481521562f03ef87a349

SHA256
2b10f66d9a5a6e56e89b939b3606ebb628035a96ea64fc45f792ecc59b30d286

SHA512
0abe8444f4d80f6e40571a7e12340043a7ee42aafb8fae20f5d86c40c2429527c4d4def9a71965fd861474aee7a0d4bbc6c230400bb3eee39d37bb2145a83099

Download Submit
memory/2196-244-0x000000013FCC0000-0x000000013FCD8000-memory.dmp

Filesize
96KB

Download