discordrat | 9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689

Analysis

max time kernel
47s
max time network
58s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Google Chrome.exe
Size

492KB
MD5

d3ebb8649264196a80f589dcf0c97f9b
SHA1

4bbeef7c604629c5cce710ff78dd1c032dc67fc5
SHA256

9d0e13b30050899624473e710d44cb372a881a38d2802cc6c0ea2e2f54580689
SHA512

fcb8dd306b96ff2cd6c13cd9dcd70330efd2d2cab63548b1089fa207b0249603b8f45f5f2c50755db2a7d877774a7497c2303fc9ab5150529fcf6a24e7f1f9b6
SSDEEP

12288:2CQjgAtAHM+vetZxF5EWry8AJGy0khGPyJm:25ZWs+OZVEWry8AFtGPZ

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NDA5NTY1ODUwNDM1OTk3Ng.GTDu8V.pnAIDXNTNWIQchltJK15s3stoHuo5RxHsi9AYg
server_id
1244095541626015796

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2588 chrome.exe
2588 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Google Chrome.exechrome.exe

description	pid	process	target process
PID 2728 wrote to memory of 2588	2728	Google Chrome.exe	chrome.exe
PID 2728 wrote to memory of 2588	2728	Google Chrome.exe	chrome.exe
PID 2728 wrote to memory of 2588	2728	Google Chrome.exe	chrome.exe
PID 2588 wrote to memory of 2600	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2600	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2600	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2412	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2452	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2452	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2452	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe
PID 2588 wrote to memory of 2896	2588	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Google Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Google Chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61b9758,0x7fef61b9768,0x7fef61b9778
3⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:2
3⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:8
3⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:8
3⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:1
3⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:1
3⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1308 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:2
3⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2940 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:1
3⤵
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2948 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:8
3⤵
PID:608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3520 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:8
3⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1276,i,10569175667699028944,16659615531131980971,131072 /prefetch:8
3⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe"
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2288

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0da03663-76a9-4a4f-9a8e-8878532b54dd.tmp
Filesize
271KB

MD5
94d362c80d141b4af85298fd71a61e92

SHA1
7b2c118765a66b0d2c51a8e38c106131f7ca73ae

SHA256
d47b439646ac83d522b2dc656fb8d0e3981b2f98efdc45163719875dd0410829

SHA512
75d3899ce08237a8f62486c25316a9cc201e3b26babd4ab7087497c8663e3767d1f83506d663cb2d8401426b0f4e53a178e5294fc2efaacb6678002d437bdbef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1e9ce0fb0fb7821c8f88bc3cd72d028a

SHA1
f2caa6cdc618eb7510630df092e3f58572f7c915

SHA256
076518beb6b865b888693095dcbecc3b6c790cd3231be694f9c0c0afee12bb19

SHA512
17b9cd810b0418ea8090c3e062f9092f4382d51246ee9b528ebc75098a62424fb57b8b1779ad8cb9bebd906c42560633e6631816770de0b98461e46f08a67e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
bc87dd563fac05eb681934f4f86f0915

SHA1
4869818eb706b1ef7239ce69f3f25229e153b90f

SHA256
ffebd4ab604897e7e925407eedbecec492beedcf83027abab2a49d02cf9c5da0

SHA512
94888686e16d76f22ee3a4886c130b67f29c381e685846a8069418c4756dfd6a52375cb40b66fa7bbc6d8d61ad32b7617a5eac3e7cbd5f32732b2cc3be3707ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
271KB

MD5
def39ebb39328c5da6c835eed62f155b

SHA1
85064c0860851cea499b5c4aae0a50d299821e0d

SHA256
7cf330d0671fb2c49dd1c2d04d7a445653a64bf6e017f7ed3bcb2326b4624c32

SHA512
7e222d91e32ce309ce1604a259533b19a21afd01cb6c9673ef577b0edd2228270657b14707b5b571faed3b030dd5ed4055d8a3566dccf016e4106a9a99e1e5a8

Download Submit
\??\pipe\crashpad_2588_OFILGOAVTOREARTN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe
Filesize
78KB

MD5
9553a880a3c466fa75a66e0c39227e12

SHA1
792c1dad18fb2cbcec2d481521562f03ef87a349

SHA256
2b10f66d9a5a6e56e89b939b3606ebb628035a96ea64fc45f792ecc59b30d286

SHA512
0abe8444f4d80f6e40571a7e12340043a7ee42aafb8fae20f5d86c40c2429527c4d4def9a71965fd861474aee7a0d4bbc6c230400bb3eee39d37bb2145a83099

Download Submit
memory/2776-185-0x000007FEF51D3000-0x000007FEF51D4000-memory.dmp

Filesize
4KB

Download
memory/2776-186-0x000000013FC40000-0x000000013FC58000-memory.dmp

Filesize
96KB

Download
memory/2776-191-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2776-193-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download