Analysis Overview
SHA256
0377de27cce2b169ad1f3ca2c1b7bc85ba1c4b7ced9d02ad3aeea55982d248cd
Threat Level: Known bad
The file Client-built.exe was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Discordrat family
Unsigned PE
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-11 18:52
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-11 18:52
Reported
2024-09-11 18:55
Platform
win7-20240729-en
Max time kernel
52s
Max time network
149s
Command Line
Signatures
Discord RAT
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2232 -s 596
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6529758,0x7fef6529768,0x7fef6529778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1424 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3340 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1420 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3036 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13faa7688,0x13faa7698,0x13faa76a8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.0.304716212\1821737055" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9f3e5e-f855-4a7f-8f8e-084fbb54f4db} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 1344 fdee758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.1.376277567\1708143814" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1504 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a5c9c2-86eb-4f97-b254-b3866ceeda5f} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 1524 42eeb58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.2.1849152536\2124254932" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 2036 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3648e7e-1f50-463f-95a2-cb6b3e552c04} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 2056 1995d858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.3.347313865\1614018103" -childID 2 -isForBrowser -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf59cc85-15cd-417f-84fd-c9814fb49bd6} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 2500 e61858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.4.692432301\765543883" -childID 3 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08b88a9c-43d5-4d73-9e79-9b8877354c52} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3256 1d5a3b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.5.1799106330\385026234" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3864 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb358e78-e383-4b10-ba86-4c9440c307b8} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3860 20139b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.6.191219593\1558072869" -childID 5 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6056ac9-2b04-4b13-9ce9-1257000efc99} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3936 e2db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.7.234397680\283442667" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3e7b25-de06-42e8-880d-aad44f20b5d9} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 4116 201ae358 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6529758,0x7fef6529768,0x7fef6529778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2944 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3052 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.187.238:443 | chrome.google.com | tcp |
Files
memory/2232-0-0x000007FEF50B3000-0x000007FEF50B4000-memory.dmp
memory/2232-1-0x000000013FE20000-0x000000013FE38000-memory.dmp
memory/2232-2-0x000007FEF50B0000-0x000007FEF5A9C000-memory.dmp
memory/2232-3-0x000007FEF50B0000-0x000007FEF5A9C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_2900_ZFZQUMLLIWZOFBAJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90d2f68dc0952ec214b471651f7a05e9 |
| SHA1 | ebd19fabfffe916a7d3c31077e2939ec85a79ab5 |
| SHA256 | 3dda2e3d2750e09914d0eadd1b1a8caa4561bf1a8c838c1faab203a5072d323d |
| SHA512 | 16152ee4835a6cd27b1d04afd5722a57fbb28b4d7595c2544dda6b7929a52de80875af42b6a7bcb1032db15164d94876f06b99f257a038d109e374a456414835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2cc0f07aaaf0c8b94000c8dd11052bfc |
| SHA1 | 4fc07a13388134557cab61542b8c08800e10618e |
| SHA256 | a1fc0b7ae70b04005052da0bd03ffc1d16339a681e01a724e7f1433d2fe4fc7d |
| SHA512 | 9bc70dc4a44556af1720435cd03648099064d94e9f9985a919fab72feee528a3ded69a06c3e525d714570d2f48b652200b96e8095b4f99e60937cf3878c637a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e3c550467240fc413960f55f644c5c50 |
| SHA1 | 6990a8b0d5f907ccb8972e0c177f324d0e72c4c1 |
| SHA256 | 5d5da72d6d6991bb7cba6974d0d6af8afbb0104f523e6731ee7f713bf6f0aacd |
| SHA512 | 7b9c91a5ece04a96f06a08985396a0cc3c6e114f29d4763c12bc544a3ccfb686a4618c48f1c9ac42ff7b3d6a3ae46b198020c8b15c49f8c3e4a38d3e922d6915 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7b124f4f-67df-40cc-9f57-fd64839b50fe.tmp
| MD5 | 6079ef3496e783927c9142cb17f2b9b1 |
| SHA1 | 41370a1840d8ecd8ff5803ce20c698e743ae81a2 |
| SHA256 | 08866cb8939423736d2192daf46d87e673dcc66ea286d22cca73484cba2ab9af |
| SHA512 | 526a00233370c58af9bf613729673df90c7f985376f2ed841fce192ac560519c69071089ea6b0c609cf158e09c22d0ea412a2e92bc26f4552858553e64dd8be9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 5f779a4d46d5beef01bd8bbb0d2f5998 |
| SHA1 | 2eb54713d1553ffab5188f8608e3e20912deb71e |
| SHA256 | 8adad10100fe7c6c8fe52576b125b49513ba492f381e08ed7f387bee79cba5f7 |
| SHA512 | beda5936fa84b3fa553993306f5b169e8de72c8ebb97f25eb9ebd71693e5da9ffc81931702d4e4ee1633c86acce20a969a49e9196f8f8cbd617a42aeaad451c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\a04d1970-4996-4e6e-83ab-f871986d9e73
| MD5 | 18f130dd9ae99a46223718227401a5b9 |
| SHA1 | a938c3d771752ef391b43dee7e81ecb59399feb5 |
| SHA256 | 83b32df70d0964c262241ce10e2a942a02c0ba9c1b3ffd49fe8f3805093948a6 |
| SHA512 | e27200ff1223d1244534842294efc61149a9faa7e89330609515eae295274e2a1589f64c81476a4abacda67208910ed9ff54f191e2cb661a13f69e9bfe223dba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\715227be-c0cd-4354-99b5-42d096b690c5
| MD5 | c060bd5b36a5594df0a36a5263f8bcc8 |
| SHA1 | 42d81a161fb0c36614583e46c9776e94db21e974 |
| SHA256 | 2b6e261dc743717f8bcfb4f243325ee41910e89393cbb290bbae146e5f74e094 |
| SHA512 | e2df00af5f34e60d57330b502732d8ea241f77d4ba739451ee512b6e31e7aca6edbff8313659d8fcaf09f946d4109c8985c84e74e2acfe9f61860d5fae41a84e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 96cf796eebeb92eae7e5a722c9ec712e |
| SHA1 | 6338b3814c5f5596c3532d28e185b6008b7b2d9f |
| SHA256 | da89feeb69aa0709b4b72e399fc9055a3f80dd8efe60589a67a0fbc98881b5ba |
| SHA512 | d1a6f5cf655e72f2ee8fb0c9cbed3d36828740c01e65a8bea1baede1a84d2044d7da9373a6d14703de8dcb0fe69e53983f51db3e4baa36f858676ff6ec123c9f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | bece0acf9d7f19d01c7943c54d2ad372 |
| SHA1 | aef59ca4b0fe97f32db128e103bfb98aee3b5e29 |
| SHA256 | ce40f79585195148ac86928d18da80b963cc98d6feb83c1c2e75e8b6d6ef39f8 |
| SHA512 | 105fb01521fca054766d1d1e46cf3bf177b8bab44800f7bbad9a84f388af32e745474b3cc4f70c1fd779b4e7bcf0912502860092e1824f7ba4b52c612ba5a70b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore.jsonlz4
| MD5 | 41fb03d9cb136dc6a082dce5b03604d7 |
| SHA1 | 287dc4381156ae6c1327fd87b5b9bbb38d9747f9 |
| SHA256 | 0d99a8ce27eb6318c85f09912608a22143fc22b3328f1ea006dab27f73fb4ee3 |
| SHA512 | a712d72e72fa00502e4ed806f51396baf7b9bf73d3915a2ae27a763b6bdd9737e2d4ab32ad6bfb13f6bb319f3c029de5bc57d63173087be8c352d14ca5458edf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js
| MD5 | 67f78183a5ec0381eea43e6d5b4cda4d |
| SHA1 | 2187a99f2f66bdbbe983ca880efeea2a18427348 |
| SHA256 | d98f142a25d990f2b4b9d240cf2dd0d9d734bd98231a9e41ea3cfb68d4983d4b |
| SHA512 | d198af5aa2bc5a47605343df795ac856089f131304b3c282c9b3e8dfaa424e8c34ea40bc74ead62c0ecfd9f506268b62d814b5a7d78b61f5f6eb9944dfef7878 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | dbb5191d2ee4e9d21bb2ba1a3986f6a9 |
| SHA1 | 13940eea880602244bd2495ea9a427b4a34eed92 |
| SHA256 | 8b4b144ea734ee31e81ce151a47b5810d465848a9758416a402fdf303fa49612 |
| SHA512 | 3b5bc335ae0ec5283d73c9a4335bda9b90be3e68f8118a83d5fec6fca79895d14aaf79abf85c95e09009f57738a8449e3586f5221c0610ed53d61c73fc26a073 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 4af14b992d16a9097ddb4009c70b96b9 |
| SHA1 | 2606b4a060c324c2048ea8d54374d4f2402886eb |
| SHA256 | 6ed45c34d54bb5f6e8b2a14aeb78406c243ca3d5eecd7a00089957e8c98dc7ce |
| SHA512 | 3d7642f60e8a54040b80872747cd6f37017c77ad3ec3f4370fe5641f8a0b76ffbf59f6592f9851d35ee192789b525e2e20d9cabb4c52f00cc08ea3bd94fa8987 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 8a53a3cb123d7c28982fa906ccf760b0 |
| SHA1 | b6faf3bd02abdb127df88a7fe141f40867333170 |
| SHA256 | 23231de20289163b186606932e61d22f4dec0e64d74a5070074a1beecc3483ac |
| SHA512 | 3116375e12d73879f004055dbb5ae4792d3d2b885b03a8a1c70898e87d0fd2974167e6342ce2b767a3aa4149585fdb994b9cd1c8317113eed416e84e2673df2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d28accfbea5aa9581c811fe00471420 |
| SHA1 | 6cd29fdfef0339c7d67e6cbf81f7f77fd9c66af7 |
| SHA256 | 6e32c99331f035a69f6a537f3f7b1a83e75404e92388b020e5c3b06440fabcee |
| SHA512 | 5a97e4f2801cfc4ec1a15dd37766d6b8ae5306fe7199b31f76043ad39040d774babbd6e57c85c2c12d7453fe492a3ef54564527c4ab888b88857329a911723af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
| MD5 | e6305367badace56469a80ee5699626a |
| SHA1 | 43c630767f2e7b53541f007d12fc152bb0dd6b42 |
| SHA256 | c6bb8753b375eb83740a84710049bc0bdf3c9a16aa79089976b97c8e844378fc |
| SHA512 | 368a6ffbbe92d1ae144e140f3e9202116905656d295e95fec8032861b4dd7618df29c9c520981078a9cee35e73f22a204f39e531abcb6bec5cbabb46c420d0a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13370554449998400
| MD5 | dba462cb8b20c7f4beaf800fcd2bc0f2 |
| SHA1 | f5d9fa57af01b9038eb7b61c63202eb49ec76c05 |
| SHA256 | f87eb88995481c80908681acf9a715e55893891f2c96335ef2caac16eeec76a5 |
| SHA512 | 24225c6ef7c329f6c50f1f027e0d0a3491a525703b3d3d86548b7265fb6047fafb480752f66134d8f09ba24d1704f3bd3d1dffa7f6b1b6bfb81fab48f4185e58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log
| MD5 | fefeb20bb016f79bee65b866f4ef9f82 |
| SHA1 | 6dd2513b9a0f267ce2935a187f0877906589874a |
| SHA256 | 230d671e7b30430b4b15cb4f2457d5a66e6d0d80047eb3e0ff03e7bd129744d1 |
| SHA512 | 1c3a4365b8a30e850a44fd0685cec6c1441e3f1bb766953c6e28250ba5af4938b4f28236dbacce4d6d7ab2b9069e635b327a3c0baadaba70f1105cb347988c5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log
| MD5 | 90665348e754e2e24efebdb080703c9b |
| SHA1 | 0a212ea41a1453dee445bf3f9773711e0cbfe3ab |
| SHA256 | cadbab74d5731b950589e2c1430f3c0bce3adaea5896690ff3457012a9de30c5 |
| SHA512 | 9c724f4d0872d546eb9a4852297f669f0523bbce098343ee9dcc6bcb4507508d884d3343b06ac3ac53ba82c4d753899a63a7aa5a7b8f28d615f30cf71e5cb605 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007
| MD5 | 03d881fc5a4ab4013bd1b30988abb179 |
| SHA1 | 9ad861569715575d7b676e5683b14dd3cffec304 |
| SHA256 | 5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8 |
| SHA512 | 29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007
| MD5 | 22b937965712bdbc90f3c4e5cd2a8950 |
| SHA1 | 25a5df32156e12134996410c5f7d9e59b1d6c155 |
| SHA256 | cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb |
| SHA512 | 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb
| MD5 | 299d7ece0cbca4f231f4b7b329dfd01d |
| SHA1 | 1cab3fb3114647e500e975f02e6e41261ce414fd |
| SHA256 | 733b95bf49541b86821b5e3ca1ce43492b897e3a760ffe9176c8c0644c1cf5b6 |
| SHA512 | 833ac6be8aa3d0f854d58ed4bb291a2f944c87cef8503dc5309914b32659f471d3ecbf536a2ea6dcc7d389826ad3e33f1b1caca80f0cada8ef792ec0d16a945a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log
| MD5 | ae502f6f9cbb19d0426861336f2d77c6 |
| SHA1 | fd28d9947620b67d3f0726c474e12fb5be0398b3 |
| SHA256 | 035a60dc6d95e094c26df47435e837d4fc97ab99c547888e5aa4da46fa135c3a |
| SHA512 | ba577b533176975c8cd565a4701d7adee274ca99c87e4bf3ea19f2e117b1b83ba2ede3db83f6f63862aa427bdaaa81f48c8a35d9cdc7262f9a2a996c57096c82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007
| MD5 | 61c22786fd625f0e68e668ce2f2f4069 |
| SHA1 | 5e63f1ded1fbfcdb004da5f4bd9b9d3f41eeb0ce |
| SHA256 | 2c0248caa9603b6782ba43028b036445216782ceb6c3bc93f1105030f828e396 |
| SHA512 | 7fd9cc680048d8e4730cd360836979d4f0f54666f9cea87018e0b6602ae707503a62b84bde1a701410694e434c26dc2faa85e7a2d54d989b6464f0161248febc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | d8152b6ade6006ed6740771fd6151196 |
| SHA1 | e85b886e6bfa41091c874f95b361276116c9635d |
| SHA256 | 41c79ae9f3ca7603a3244444841afa3f66d4f6dc085eca7604c919ba3a7123c8 |
| SHA512 | 3d8b6c2fe6c0e3e18916efeacbb597f176da1c823f6fbd8bac37c3f546c86f8f18b00711243e558d744abc922f2cb1646b94a73cb13a1397005114ae963998ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log
| MD5 | fe62c64b5b3d092170445d5f5230524e |
| SHA1 | 0e27b930da78fce26933c18129430816827b66d3 |
| SHA256 | 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4 |
| SHA512 | 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007
| MD5 | fb45dce6bda278c7d3d13b393437b975 |
| SHA1 | 401dc4c3873fdefffb73d4ace2c33eba4da6f031 |
| SHA256 | 39ec38c22a26d9b457a468bde28023cceead2c76c189a2b9ab9cbbfd7ae62607 |
| SHA512 | 966ae0e1c36342af2abab8e62713646fc4c17d8013fb160fcd58891e47413b89cc5adce1ce52195e7b985c3e3f9092f63171dcb7a1fb572195b008a88d2b5aa5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 7564187f03580f394d371aef63e051e6 |
| SHA1 | f9feeca47119726cc6de8813b502d969bf04e198 |
| SHA256 | db8172a5e016d584be658f77489c24ed8e802ef9a58759e8465906bac34aed9a |
| SHA512 | b1095e23a785ab4fb0599e4bb73b1797852e6cd200503ba13196f31512c809b9f96a6d7ecfb6454f772cda0a1013088c002a18fef48e0298d1feac773867e476 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 10060dd78e29651b793edf1f01c7b17f |
| SHA1 | 136e97beceba9ac4cfcdc6c0bb1374cc3280df42 |
| SHA256 | 87cfabc625001c02f6315670ddca6273ca131ab9417648c2096a1e91a688593a |
| SHA512 | 26cc8756d5556bb34e1062b421627430de282d1e8a415013fa1b26eadde92bf2eb91e639953de2ac518d36826ddd8b9f1ab837e38aae717fd9e133c23b4aab5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 550d8197a1a7a870b3ddac35b567bbcc |
| SHA1 | fdef35f38aebeca8f3cdab54ebbf8de5a63eb71c |
| SHA256 | 8bd6d149dca1621402b887c7142d3a87e46b774662b8f5290df234046e8f3d0a |
| SHA512 | 19a775ae64ff90d7650356081c7cafaff65f584f9d961bc37b467d4ff622095974e271297fe9199f633c9da8125a16537a627f2bc1a28f52ce7e46fe43854816 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 020ea105c9c4627958f7385ea5d22450 |
| SHA1 | d5bbde3b67b7071d92c379d94f380ce40444eb54 |
| SHA256 | 0c532e5738827643886820a942fa8341e27820410e459beb2b7797fbd8ec7a65 |
| SHA512 | 73f98b8140322b0874b697285e2ed7cd31af6506b73ef6bcb8d3e25b404fca0fa93a74847f046071fc7047d1351cd15b3ac294e4702b82578543483a069f5428 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | b5053c814a7665232eb3572de0bb62d5 |
| SHA1 | ba489f2eba7b30585750415f0c4c29f7bda6c17b |
| SHA256 | 23bb184c7abd0dd92533aafff168b5b18ad7ea89d67366a22e42470b848a60ed |
| SHA512 | 110221e000cf84200e1aca7331fbab3067465188b46139703ffb0d56d5add4e54e8b7fdb6f1a4d32788858d26a979779d04a595f66d2d16808470beb1d4f78b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp
| MD5 | 979c29c2917bed63ccf520ece1d18cda |
| SHA1 | 65cd81cdce0be04c74222b54d0881d3fdfe4736c |
| SHA256 | b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53 |
| SHA512 | e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
| MD5 | 1be22f40a06c4e7348f4e7eaf40634a9 |
| SHA1 | 8205ec74cd32ef63b1cc274181a74b95eedf86df |
| SHA256 | 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691 |
| SHA512 | b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 400e5c12d27f180b4b0c3e89ccabc11d |
| SHA1 | a3d46aad8deaa9733e6f616087a8239f1c788d2b |
| SHA256 | bad772710ac1affa68503421750a749ac967d596c964fad552c82dabbfccb262 |
| SHA512 | f5a73f67874b81363f0bfef2246dd1eb7399ceeeb6ff025f3dc108b75f76ff75506445094d7323169d4f31b43b512a126182e82ce2d27cc1e16901f9ca8240fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb
| MD5 | cf061b40d1b911f7df8b27022fecfe65 |
| SHA1 | 9a7615512be4c78099595603946d68b6aeb486a1 |
| SHA256 | f2b82eaca2ef045acc499632084f4586aa31a677de60bf1f4b8651aeb0302c85 |
| SHA512 | e4685b14e25e7edd7ed6577297520665d4aa2a81672c1123ec84da4d6b53314c1e284ab8d633f97c71d593877bc3dc9d73aaa4d6a24725429b6353a216f9edc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006
| MD5 | 78c55e45e9d1dc2e44283cf45c66728a |
| SHA1 | 88e234d9f7a513c4806845ce5c07e0016cf13352 |
| SHA256 | 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec |
| SHA512 | f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log
| MD5 | e9c694b34731bf91073cf432768a9c44 |
| SHA1 | 861f5a99ad9ef017106ca6826efe42413cda1a0e |
| SHA256 | 01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85 |
| SHA512 | 2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | abcb34d1dc563744639908b87f0b3a18 |
| SHA1 | 7d928b1441dceaef3eb4fb2d5ae76a53c7b8b4d8 |
| SHA256 | c97eb2969c357a4168d3f534f4a4a0f76e9f7c3356c37c905fdfee827cf4968b |
| SHA512 | a37b634369fb60b110993b5f8735e2d3bc5a4b0f6344dab03e0e0de071ff92773f587b5c5036726510f8b11cf2d4e8ad96e2f48cf7f8004868d216d889ba5917 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007
| MD5 | b6d5d86412551e2d21c97af6f00d20c3 |
| SHA1 | 543302ae0c758954e222399987bb5e364be89029 |
| SHA256 | e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191 |
| SHA512 | 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | b229780e4ee84f249fc2a9d4b6814ec9 |
| SHA1 | e037fe7eb823d6398ee405b7d1a3c55c6ee17411 |
| SHA256 | f1e7997028e7eb2b2ec5504fc8522b0e224eba3775a270d0de0d611ac347a9a7 |
| SHA512 | 2fb0e9b8e00cc167ccbe34480abd1e2ec207300fefa0cf6e18767a183e57bf522b719750f103e87232d740caedacefea1ab469bf951db04ebb7a751de6fd29f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 218a858baf973eb0c40dc8b4b9b56705 |
| SHA1 | 155da62c75afb50d69b68b1753ed9778d4ac0fa2 |
| SHA256 | 1d50da6b0856f26db91726ca78195d196bcc82627b2a9f10f208027a2add0b1f |
| SHA512 | ae43db5ba15168cf102b6c2a16960e06075fa84dc9769900d61dd9ac64fac73e10c384b48407542fe920a179405a42c8bc0dd6c449da0560d3ea0a2f84eaa948 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 71c3f880ba2f754be63ccc1212829303 |
| SHA1 | fc8e51ac843d64fa4e2014cfb64d7f769bb46536 |
| SHA256 | 3aabe5ba553b53c5f3001cfadec4c5c15b77cc50d7a3ad318c4f07e9bf984706 |
| SHA512 | aae9a8074cbfe8d7623b66f7bf7daa40d462b22d4633166b2b9fc89f2d9d938cb12849f4d0aecc9878ed19e6a316522bbf6ae309fea9f61e904715a71ddde870 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 02b4e304c081569727aba4187a30e458 |
| SHA1 | b85dfb4eb8c987b135e5e047986d0f05699843b5 |
| SHA256 | 9e3c483ee1a1db68529f171b57be794d6ebce97f42f1006ab1e2b6827aaf115b |
| SHA512 | 525fdde66ee9e5d9b06c5478fa1988334f74ae9a5ac58ec2b8706aa4d9ea5de48f55b7d671b2db183d1f611d0bad6a473e6ed5e0c9bb1102f4253488f59b489e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | a8c59309eac78e89d2af6763d6cffd32 |
| SHA1 | 370c4c0e850ef3c9e7c2f27f1b30b538338777c7 |
| SHA256 | 9ddee73e8fc21592203048416b24f0d0604055e95482e9de58d1503857c846a5 |
| SHA512 | af733c55bb307ffacb6c27cb563ba9dcc0207b015ec2fa61b09797290748fe28c134c25f98c8878cee41928f752d082aafa47106bc142d8e56d63d778f80b67f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-11 18:52
Reported
2024-09-11 18:55
Platform
win10v2004-20240802-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/3528-0-0x00007FFF5B653000-0x00007FFF5B655000-memory.dmp
memory/3528-1-0x0000021C138B0000-0x0000021C138C8000-memory.dmp
memory/3528-2-0x0000021C2DF00000-0x0000021C2E0C2000-memory.dmp
memory/3528-3-0x00007FFF5B650000-0x00007FFF5C111000-memory.dmp
memory/3528-4-0x0000021C2E600000-0x0000021C2EB28000-memory.dmp
memory/3528-5-0x00007FFF5B653000-0x00007FFF5B655000-memory.dmp
memory/3528-6-0x00007FFF5B650000-0x00007FFF5C111000-memory.dmp