Analysis Overview
SHA256
195afd80fbc01d33334b27005de6c2c9e78c55220758f816c0a9f6ffba85566d
Threat Level: Known bad
The file DiscordRAT_Build-main.zip was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Discordrat family
Unsigned PE
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-12 15:03
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-12 15:03
Reported
2024-09-12 15:20
Platform
win10v2004-20240802-en
Max time kernel
961s
Max time network
436s
Command Line
Signatures
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706270704349387" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa480cc40,0x7ffaa480cc4c,0x7ffaa480cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3688 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa480cc40,0x7ffaa480cc4c,0x7ffaa480cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1648,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1984 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4348,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3236,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 94.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| GB | 216.58.204.78:443 | clients2.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
memory/348-0-0x00000000747DE000-0x00000000747DF000-memory.dmp
memory/348-1-0x0000000000FE0000-0x0000000000FE8000-memory.dmp
memory/348-2-0x0000000006020000-0x00000000065C4000-memory.dmp
memory/348-3-0x00000000059C0000-0x0000000005A52000-memory.dmp
memory/348-4-0x00000000747D0000-0x0000000074F80000-memory.dmp
memory/348-5-0x0000000005BA0000-0x0000000005BAA000-memory.dmp
memory/348-6-0x00000000747DE000-0x00000000747DF000-memory.dmp
memory/348-7-0x00000000747D0000-0x0000000074F80000-memory.dmp
memory/348-8-0x0000000006D00000-0x0000000006E22000-memory.dmp
\??\pipe\crashpad_4888_HMZVQJLBNXEFODKG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fd0ae78d2a1717b73afbb789d3f19c5d |
| SHA1 | 5553be58b6f277ae71314b10f79c60a326171972 |
| SHA256 | 1a5451cb8c9d7e01fc01797543f6f3864716bfdab1ada2d7a02a68311fc02b25 |
| SHA512 | 662bb1492f804232c5b307c3c4db25dfbdfbca418063068493f4347efe1dadbd5e3adf2c4b8eba8b31220bb96ab3bb5a9c996464cce22e37e602f543df04dfb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5fef59fd758815a16eb764c60668e871 |
| SHA1 | 7d77d61a5e02ce9cd111440f76c018e30c01cc11 |
| SHA256 | 6db2706f1125947f0078237ccc0321bf5b00a88e832856193c1d75b4bbe2c228 |
| SHA512 | 88d9acbb080e81475511d84119903b20dd57596682186dec44093e5bbf45f410469b0b29201a0b44cfebfc5f281a887c19c77ea0ccd00413315a1deb53467644 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5749c54333674e914d635b8f01eccd42 |
| SHA1 | fa086f26d3046168aaca7eede92354b8afd91ed2 |
| SHA256 | e455135c7700e7f17ab4729b308f645fb4f1168d36f811ea467357c01f736041 |
| SHA512 | 38234191d360f130ba64c6ce246868b413d4f6d9d7b53882f313f570dba2a7150b3a39649f9703c7b46d6dbaab1240709c97bd4c48d3c46d64b9c876c5ee97e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8bfa7fe33f31eb2b239ccae76e04594a |
| SHA1 | 52d8620e408884f41514b730a9c3c2ae94b59355 |
| SHA256 | 6327a0a764fb8971bf05e6fa215e0f2fe54759e4d7c2278edec47f791ff2cb3a |
| SHA512 | 71daeada286faf6c419e06d77003144bfc84022b3358784934e3e87a91aa709d5a7fcbbf943b2b3a736f6add88dceffab54da417a81fd83fa8e721f30df3ab05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac50f0355d063269a02715828a67b4b5 |
| SHA1 | 1730f7c0443714ae8ba126998efe3f60707d34fd |
| SHA256 | 2abd5d7b60982b6bd81928411bee5e43d5ac461c3b0075ed62f39d3557faa679 |
| SHA512 | 41144ee0cdab3e2f5dafa81dc07fbbea63766998fb5d7527df96c4d23b19c9c9a40c980c6b69113104a890368f54c16cf2fe5544a95ff78d10f5072171ea0647 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2d18c941e4bc403bc44ec3e633845471 |
| SHA1 | dbe89850afb769bb44a0163b253065401d2c29f1 |
| SHA256 | b5c668cf4e3a7211b74999a1bbebf855189dffb58c78c336f977bceb9bb225d2 |
| SHA512 | d9599bd68486b14fd156ef92c33d44114facaf31a04e1a5f28e7482b6aff5424afa9ea44700bac43d5029406833103213899a6e22cc5c15b956f0888d83ce2f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 818543500626ec81200311da3c1e3242 |
| SHA1 | 7bd3dae8a43874a4d6cac5ef980e5681ea57c320 |
| SHA256 | 89875f1987d2669b6f5864a9d67826fa3bda079d073a2fdb01afd0430a708864 |
| SHA512 | 9ba1e01aa1e79ef29cfda5f62836a591f50b9fdd5ed884e9118ca8eace938e40094c84cdac88f31adea9c8ee5e178c3371b410b2232b33184f8ff168b8c90f2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/348-154-0x00000000747D0000-0x0000000074F80000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 89f10307a4e87f78ad0b6081cd8e23f6 |
| SHA1 | a26e92f89231b60cbd742d0a259d63eebe2388d0 |
| SHA256 | dcf169dc4a6449c4cc490dbdb448505ec91dd219619f32496100649c259388b9 |
| SHA512 | 5845e6b34d0effafa10ba9c5eded904c13af64128ce3a152a3c2cad9c6fa38b7358916a0948eb6288c9c9ead23bd5195e16c77c49971fb53d6ceabc1e276f0f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | ef48733031b712ca7027624fff3ab208 |
| SHA1 | da4f3812e6afc4b90d2185f4709dfbb6b47714fa |
| SHA256 | c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99 |
| SHA512 | ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
| MD5 | 6c9a79b09b8a4537772a32b088d9213a |
| SHA1 | 8acf486d04982e7c4dd2fa22f69a00f18e52e994 |
| SHA256 | 8fdc26a5fbb5cc6c370cb484be835fd6bf0373528fa746400e82ab78c24b8220 |
| SHA512 | 5ef3edb84017202bfc7bca61de76196048895a55762aa9f519a2f29c3f7285b640377821a7b4be56faa1a7f043d0fb1d1cf604e0a8933f847e94d43f9655c415 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 2895c6d5d7cd504eabb2aa8ae7ab8c69 |
| SHA1 | 0ec383eb88ade14fa7abcff298aa334a54424390 |
| SHA256 | c7821b1009841618377c63ecf336bc3640cf3daa5e4003060c89ecf08f03d08c |
| SHA512 | b271e3b74c7c0fcd888c9348c88b4be306ea7ffd88d36c8e6cc0e297251bc26f0a990b8b05f49b7459f10b1e0f8cda07d27c87bee995734318fb7170d0a46c4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
| MD5 | 8890618b637979cec674ce5e417dfe33 |
| SHA1 | 7282c4faa5a920fb31a9dc56d505925bb9191913 |
| SHA256 | bbb98d525bd00f662158b0ceb98f137e56f140db5fea3ba7322ee652849981d7 |
| SHA512 | 7318d5d7dc7c5658f7c7121864b01782f03698c59f6ae7905936dc39333e493baf95101347acaf3b021dff07fcc5b7ed35d29aedc55a504944ff6aac6a2cbf6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 26da0a6207b601de1a2806c8a9687284 |
| SHA1 | 734d292d04f1159ddc5f992dc0a2bfab416eb56c |
| SHA256 | cb759b316c4188697db3d31a7f3ab60ef5938ca9896f6dc92a8b697bb387a076 |
| SHA512 | 7c09ea44f5fa1f25fc34fff1b8b2f39b092a445ad0d5f62ef313014b5a90acd055bbe9371b8696d130b71a419f32081f843eb982b3cbd6ce5f79bb4562379eaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 9e6b30575a76a8ba4df38f30b78a0d90 |
| SHA1 | 4e851810bcdfa261cc3e158d9a1aa9b2d4573bfb |
| SHA256 | 043401dec2b498b5622fe363c059c36beab51103945b529d6f8e574f3503f103 |
| SHA512 | 7bc0b8a2b976ce994307381e96856ad907de46f134bef20eed5b21b73e10621a001073714c9f64d8af2dddb1990085ab837b1087d9d02822b0c6bbd9b5106d4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 59cfd0cf02a1fe3c882fdf77d84778b4 |
| SHA1 | b179eb734411591aa55af1d62e08b47267e8eb53 |
| SHA256 | 96b2655db9bce8b7c0769de7f4becbe2141e4d3db5fb1ae92c3538693e03b8dc |
| SHA512 | cc76a4efac451521c65c9410c96e036a289502684c54ce09fa36bf948dbf1d77a3f2bc0785e0fa4464fa725ef83f1e4c81fa9c6a36e6ca86ffe2f66eb1ed2b6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 8bd5fc9bfa0a578e71a51800d5b7fa46 |
| SHA1 | 9837b9bd1a6a85269799c3dda82c0da0cafc9758 |
| SHA256 | 4c7764cea2bb1026bb98305f7e28eed1ccd938454528d76dd8a8e6af4a213d52 |
| SHA512 | d779aa642e843d2660e91244c32e69b37ba1618fbf5381d1cd5448fa5e52f41f6d72ceb2079fb06607bb55cb7f42ef0d22e5b8db9ee31b26c7b2801b30a29700 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | fef0917ff59d7a84adf6ab308184d5b1 |
| SHA1 | 92468b4a826eeded68037975b11b3ec4f0eff722 |
| SHA256 | bcb30a6047e4eef04f2776817a16d0150f1a45c32ed5eda8ce9a4028d73458eb |
| SHA512 | 9085f5285f3df495454b806f260367c6ba421bd9004c25e6e9979638b9ca7bc6b2fe1547aa13d7c5139313e8aa01bd794ee37d00e2375e011aef062628e2f605 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 32fa6f5b7bc1faced20a65b49aec892c |
| SHA1 | 800aee5c400e423b333c52e747c2d29ef48475fd |
| SHA256 | 973bee4c44a5c727e6a76a91517e065c125ea628265e8bf9e5bc42003999eac2 |
| SHA512 | 3899db88ab2e5bd11eca0f1a927b6ee6a9fbafea2400a45acde388e3d5fb6fee91d156bc4b079a95947c687c0e7b73c35a8be2298fdbfc137ea7c482d37e097b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
| MD5 | c6573b6fa57fe03c842c8287b2d50ba5 |
| SHA1 | 3fc4296aaf0baf943835b312b176aeb0404f0003 |
| SHA256 | 9e42404c161be8b2d2796a15596c45947a117f9ed1e30a3aa15ef0efd3d459fb |
| SHA512 | c2a0135d11371ecbc99c26da1c9e7d6b72c12386e7395af9aea38989a058c1815fc29e6e11e91af77f7290149de64558e1f330c76d8db84c97b2a0c2871e29a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
| MD5 | d6b0609c4b6edb45553ff9afbfc95e33 |
| SHA1 | 2697657b75906d3653f48080ec1f3993c07bd8bf |
| SHA256 | eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e |
| SHA512 | db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
| MD5 | fe993339a25710ebec86c051941d462c |
| SHA1 | 1a7a578b7a32bbe2102a789c2321090d406838d1 |
| SHA256 | 59ce81d41051a1d16c02906cd586fcdeabbe7ee30ea7b7b1bb0970b981ffa443 |
| SHA512 | b81201876efadc61a8fb48718abb16f7f458856f2ee676db8b0da36790492ad930585c14ce200e7a9e079b8115b15e20ed95176cbfdc337b3ab732e5fe72bbd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 1fae47216a7cc07a8dfd2642509f354f |
| SHA1 | ec7415e16aae2250bead6f7073fd30071910ac52 |
| SHA256 | 887b37a3d8c93a6756ab8ba95fdd88aba576397980833247f57384fe1ab76421 |
| SHA512 | b574ccf2e72cf676db721fab59c264cfd271771daf8011e8160c43b012a62b9bde851e92005565235e063680e0303adf94d3d107a4f66480fcfe5e00f3e25be4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 9cef7c62c8220a8f71387f1f19ea48c5 |
| SHA1 | 063e4daa85ce4bd7e7bddd47d582c986dcf3cd5b |
| SHA256 | 27a4798c40ddc1a6d1ec940e9dc1b6cd604d4503314e3f9bff370eada0e006e5 |
| SHA512 | 5a138db2259c32a81488aeb5dbcdb5a95f2d352ff3e8b2585205a4bdf6bbde2634bb7b83ba0fa663e223a4d374d81e8ab5fae8d77373bb74738ef79c6aadb75d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | a66efaa590a0d16b1874a35836ba0a4b |
| SHA1 | bb750c61e162420271f89a90f2b58f43587680e1 |
| SHA256 | b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654 |
| SHA512 | 2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
| MD5 | 3047a4fda81ff0fa5a05ccecc7e3a1d4 |
| SHA1 | eb57b86a2691c7e8034b0111c135ce5d44a3dc26 |
| SHA256 | 84ddc1d83dd3e5ac06a82abba927aa79c6889742fdac72c8618f8f607a52aab0 |
| SHA512 | 060c346432a4856033b38b382974647162f67b9c66703f6585fa87fca540619a80b8548d7dd5637118863aec8293b2617c334e127950d1696285d3c5ac28d609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | aef3266771808db52aa4980d6d78166c |
| SHA1 | 443bba76a49514dae2f14a06434158baccba4db1 |
| SHA256 | 8b259606fd10d2f4c5f7c58d11b78d2684b4ee81d2decbd1beabcf7c01ae3c7f |
| SHA512 | f602c49b6e694f5d85476bd3310e5701ecd00277ff45336653e380faaa1fbff1a81ca5e5f14880d44d1f8d1847cd87344ba5af77ef024fad267806cc6a0992d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | 551eb03bb74dba185e3f32cc48384838 |
| SHA1 | a9e01ba1853ee533e58241db0f8a8b8387c9177a |
| SHA256 | f426698d5cf75a1d1428d8a3b00b5e2f55955028fef175d14866c438e8c2136a |
| SHA512 | d33df7e3bc937950fe6e50bcf36afa8986ced42ca4b21366095c6dd0ec28df98f6bf2bd6eeccf40aee0b151fd1ce1f602e8c1057fa8b2f15f1324a87b0757baa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 11ff92796d131faf3dbfc6cfcfaf6cec |
| SHA1 | 5e399c67171175132e8fe6ebe5a1383303faf3bc |
| SHA256 | fbbf7fb085500e0b6f99bf518aaff545655a284283d30fd91f925af49e972ae7 |
| SHA512 | cd832280388a1f4b4bec2249cbb3635802904a667e7ad0bab908d223b7fa7d20e8445a74f3fc06e8e2740f91e1de0b6cc5be6ec600130c20eb782d9c964e47f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 7c07cba97076feb534a6ceb599af1739 |
| SHA1 | ae69b26ca370955104efdc12becd6e6cf79f5b6c |
| SHA256 | 53d51c7fdae825142c975bb14c25cc33c44f50c276165226962be546df32d0df |
| SHA512 | 49331bf5645cc0af6f4983dca8d6d1e6d0e1ac2951f54b57bd1af785fe77982e9c428fd620fb29614771de6c99509b2a8e8b300887d426de159ebe37a9e8b8b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 80e2f66541b87b0efd3ba58862ef2ce4 |
| SHA1 | 2c48cd49d4d55678ca7f4f26feb5da93a04494d7 |
| SHA256 | 0a25541ca358e0b58abcbca8f566f7f7b5cd404904e9f0b039de1a53ec22e13e |
| SHA512 | 50a347f2e142e628ad38ef7b327f3694db09b0f3b46c64fc65ad2e1e6ccdd19e63c17eb7fb542888c628cb22b0d7b24e3e9d3872ada0d8ccc14ffb374667d73e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 16035ab9b148a03e4ae3c6222857ea22 |
| SHA1 | fdb1450b2e1346fac6a5c1aeabfaf0d6d72de2c8 |
| SHA256 | 31a9216f3f8fc2a50d818a6663683410e81fdf59d1891350b1e5aba760867f4e |
| SHA512 | 9f5acb0a578b8e38129164ac1768259efa890fb564a418fec61402142f09b645b2a4c810ae8f97254290a5e766390b10d7d30ae48e868eb2cc70e9d2f8d8ae88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 33b3609c293480ca7abf13c62081a9cf |
| SHA1 | 87d63f6a7bb28f9abcdbaebf1b791e338d8366e5 |
| SHA256 | 74fae234dfc4331b6dd67a45abae049c598df96b6652e302de8bd4ec0474be85 |
| SHA512 | 5a6d8e649f38229c13e2a246e85a40de29bd6fb4119fb00187f597a5afbcf2eee1dea0825fff09ff0d36f0b7ae6da315515bc9e82ac4d4aae1d31057058ee785 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal
| MD5 | 4797badd226845df04fb03ba89a90da7 |
| SHA1 | e8d29c9539d723f9f10f42a9eef7dd41bceffc3b |
| SHA256 | e0661db09b8d2c249745bb6ec2da1cf91d634e9f6a20c087c487594f750cfde0 |
| SHA512 | e0a9a38b4fb82edaf749b664666c02072a195386cff3f2e21f903c0fc18635ccee9e22bf6b51fd0fb61d84af08d8cebfbe19a6cc563cac16203c65c61415381d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
| MD5 | 9da1d084e54a7ce14932da1e0abd950a |
| SHA1 | 6ef4a2d986d7fccbf054652656f7dffb8f614c40 |
| SHA256 | 43bcb9ccde4189c349da6891a539de90a734f540050850362d022bd9a30bcd6f |
| SHA512 | c5456af7ca181f2de0531a757d378424263c09081d763577b681c09bd308d87be01a4fa8d8cf94fb89c64058777475e55559d79af07ec7355010c2ad75d62dce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 2e29c41ab8e2c6e696b2b09fd46a87f7 |
| SHA1 | 67009d01187b168ea276c10432b18c9d058d64be |
| SHA256 | 955df9c1085e504fcadbffcf97234327745ba316f308f0d8c1d1cf27be105a36 |
| SHA512 | 5bd4e962d3c8f4fb52ac3cd355f79e598189d9eeee21f26f2dc12ffeb8fb4106159f0610f4c45d1ddefbb1cf232e88e50c26813e7010ec63eb01fc2f8ba39a58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13370627032509196
| MD5 | 949ee9ec24a8d92ba4d49ef0f26c3968 |
| SHA1 | 1b02333c3e02ea8e0c988609fb13f3d564b45276 |
| SHA256 | 9ae4bd0fc167b215cf14e597aaf64ddba64d1f6fe78d810ba48e8b6bf3415d0e |
| SHA512 | 0919f63dcdc0ecfcb5fe63d1508e5465511db30160350151f783c5236839384550769796e254f77ee8035b83d676b9fa5e1afbb8bab1e9d8eb163c15b03d9124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 08ec57068db9971e917b9046f90d0e49 |
| SHA1 | 28b80d73a861f88735d89e301fa98f2ae502e94b |
| SHA256 | 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1 |
| SHA512 | b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 244f50619378b1b57cac81ed24dbee6b |
| SHA1 | 4cf366cd17ac42d4e5552292352465eface489c0 |
| SHA256 | b503151e0d9b489471576f6c4dd13a1b378dfb4fb7f85ac3e565a064d10ee058 |
| SHA512 | fe18588c8fe7949eb35ec7b3f1667c34b469c78f3842c84565caec63f3740f62543d08a9b613b73e0b6c2c5d7f201d331b801629a63cd2fa2f081171aca29f53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 289fce643cf3cf00a1a4d54aee193042 |
| SHA1 | 0787adf2de59e91124cf3419f696d5f39e762b87 |
| SHA256 | a2bdc345ef78a8fbae394e92656d80b5be42bfe55e305cc7918d0f8c3e09c181 |
| SHA512 | d304526d43d5f1fa956062b43c0d4ca3c3fc6ad95f60599523b1e77b61fd57d170747ed9788b075baec3d38ea1a60c0259fa0ac842610ea7dde813faef6dafd9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7a2764cbb5a2d8c07c2bbec4014814a9 |
| SHA1 | d86728d51dc4d0b6737d9b8c8334fffddfee803a |
| SHA256 | 1ae61dfe903250799a8334e24dfb3d165cab5aeec02478bb602d521cf310ae53 |
| SHA512 | c2a52eb7b53dbcd11daa63c47b136bbe85526655ffee0609152991976f61341df5a926c0c6a71c3a6163998858be4077a4671a8625a6a346d82d5aed66bcef04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 09649df83ea7ec69b6b9372fc8446245 |
| SHA1 | 2c77a1a72c3e00ff126280411c0b66559ed410cc |
| SHA256 | 87b13153ebeb1c4d0ba633ac36c5b1221a2eb98babfc0046337ea480c51e8dc3 |
| SHA512 | a30d580ceb7da52f6fb2aa8b1b944afe7c6be27c52af9d0a9b093cac0ab0861db9752b2e0af93e8146fcc9dbfcae0f7a98cb9bff6e96c1b7a45c39c857d2c5c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 88c640d73dbbf1e02f3cf9c2f842662d |
| SHA1 | c44637733f2c03d9254f4da9d1804460aa9df943 |
| SHA256 | 92c8789ab466c2277bcca0c9d89cf669eda3a07a87f1f1082b5dfdfd8baef1f6 |
| SHA512 | 51d165184d2f7a56ed3b412ce266762d842308cec951cc688312b2299772bd8602470495d46cec43f470956beb1e25338227811afd91aa6b4e275a5e171ea37e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | bd814d061ae12eb036898dbcbf1aa3c8 |
| SHA1 | 81d214f1c2b376bdc77752aa265bd80068e2e9f4 |
| SHA256 | cf9b73446c2f06052e31cee6d141c001d2373f8491cf1059c3814a1b0eac98ab |
| SHA512 | 7ab62e1ca20ac1faf2e1e86c451ec4ebde8a62ea0bc286034855b04ec9880f2349e5ea835b25de8356c553b986a5d2f032d199fbf3d2e321abd8f4be8e3ebeec |
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-12 15:03
Reported
2024-09-12 15:05
Platform
win10v2004-20240802-en
Max time kernel
93s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\dnlib.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-12 15:03
Reported
2024-09-12 15:05
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\Release\Discord rat.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\Release\Discord rat.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
memory/2312-0-0x00007FFA53293000-0x00007FFA53295000-memory.dmp
memory/2312-1-0x000001803BE50000-0x000001803BE68000-memory.dmp
memory/2312-2-0x0000018056540000-0x0000018056702000-memory.dmp
memory/2312-3-0x00007FFA53290000-0x00007FFA53D51000-memory.dmp
memory/2312-4-0x0000018056E80000-0x00000180573A8000-memory.dmp
memory/2312-5-0x00007FFA53293000-0x00007FFA53295000-memory.dmp
memory/2312-6-0x00007FFA53290000-0x00007FFA53D51000-memory.dmp