Malware Analysis Report

2024-11-16 13:02

Sample ID 240912-se18nszgqp
Target DiscordRAT_Build-main.zip
SHA256 195afd80fbc01d33334b27005de6c2c9e78c55220758f816c0a9f6ffba85566d
Tags
discovery discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

195afd80fbc01d33334b27005de6c2c9e78c55220758f816c0a9f6ffba85566d

Threat Level: Known bad

The file DiscordRAT_Build-main.zip was found to be: Known bad.

Malicious Activity Summary

discovery discordrat persistence rat rootkit stealer

Discord RAT

Discordrat family

Unsigned PE

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-12 15:03

Signatures

Discordrat family

discordrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-12 15:03

Reported

2024-09-12 15:20

Platform

win10v2004-20240802-en

Max time kernel

961s

Max time network

436s

Command Line

"C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe"

Signatures

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706270704349387" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4888 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 4512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 3696 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe

"C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa480cc40,0x7ffaa480cc4c,0x7ffaa480cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3688 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa480cc40,0x7ffaa480cc4c,0x7ffaa480cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1648,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1984 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4348,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3236,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 94.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.204.78:443 clients2.google.com tcp
GB 216.58.204.78:443 clients2.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

memory/348-0-0x00000000747DE000-0x00000000747DF000-memory.dmp

memory/348-1-0x0000000000FE0000-0x0000000000FE8000-memory.dmp

memory/348-2-0x0000000006020000-0x00000000065C4000-memory.dmp

memory/348-3-0x00000000059C0000-0x0000000005A52000-memory.dmp

memory/348-4-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/348-5-0x0000000005BA0000-0x0000000005BAA000-memory.dmp

memory/348-6-0x00000000747DE000-0x00000000747DF000-memory.dmp

memory/348-7-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/348-8-0x0000000006D00000-0x0000000006E22000-memory.dmp

\??\pipe\crashpad_4888_HMZVQJLBNXEFODKG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd0ae78d2a1717b73afbb789d3f19c5d
SHA1 5553be58b6f277ae71314b10f79c60a326171972
SHA256 1a5451cb8c9d7e01fc01797543f6f3864716bfdab1ada2d7a02a68311fc02b25
SHA512 662bb1492f804232c5b307c3c4db25dfbdfbca418063068493f4347efe1dadbd5e3adf2c4b8eba8b31220bb96ab3bb5a9c996464cce22e37e602f543df04dfb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5fef59fd758815a16eb764c60668e871
SHA1 7d77d61a5e02ce9cd111440f76c018e30c01cc11
SHA256 6db2706f1125947f0078237ccc0321bf5b00a88e832856193c1d75b4bbe2c228
SHA512 88d9acbb080e81475511d84119903b20dd57596682186dec44093e5bbf45f410469b0b29201a0b44cfebfc5f281a887c19c77ea0ccd00413315a1deb53467644

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5749c54333674e914d635b8f01eccd42
SHA1 fa086f26d3046168aaca7eede92354b8afd91ed2
SHA256 e455135c7700e7f17ab4729b308f645fb4f1168d36f811ea467357c01f736041
SHA512 38234191d360f130ba64c6ce246868b413d4f6d9d7b53882f313f570dba2a7150b3a39649f9703c7b46d6dbaab1240709c97bd4c48d3c46d64b9c876c5ee97e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8bfa7fe33f31eb2b239ccae76e04594a
SHA1 52d8620e408884f41514b730a9c3c2ae94b59355
SHA256 6327a0a764fb8971bf05e6fa215e0f2fe54759e4d7c2278edec47f791ff2cb3a
SHA512 71daeada286faf6c419e06d77003144bfc84022b3358784934e3e87a91aa709d5a7fcbbf943b2b3a736f6add88dceffab54da417a81fd83fa8e721f30df3ab05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac50f0355d063269a02715828a67b4b5
SHA1 1730f7c0443714ae8ba126998efe3f60707d34fd
SHA256 2abd5d7b60982b6bd81928411bee5e43d5ac461c3b0075ed62f39d3557faa679
SHA512 41144ee0cdab3e2f5dafa81dc07fbbea63766998fb5d7527df96c4d23b19c9c9a40c980c6b69113104a890368f54c16cf2fe5544a95ff78d10f5072171ea0647

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2d18c941e4bc403bc44ec3e633845471
SHA1 dbe89850afb769bb44a0163b253065401d2c29f1
SHA256 b5c668cf4e3a7211b74999a1bbebf855189dffb58c78c336f977bceb9bb225d2
SHA512 d9599bd68486b14fd156ef92c33d44114facaf31a04e1a5f28e7482b6aff5424afa9ea44700bac43d5029406833103213899a6e22cc5c15b956f0888d83ce2f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 818543500626ec81200311da3c1e3242
SHA1 7bd3dae8a43874a4d6cac5ef980e5681ea57c320
SHA256 89875f1987d2669b6f5864a9d67826fa3bda079d073a2fdb01afd0430a708864
SHA512 9ba1e01aa1e79ef29cfda5f62836a591f50b9fdd5ed884e9118ca8eace938e40094c84cdac88f31adea9c8ee5e178c3371b410b2232b33184f8ff168b8c90f2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/348-154-0x00000000747D0000-0x0000000074F80000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 89f10307a4e87f78ad0b6081cd8e23f6
SHA1 a26e92f89231b60cbd742d0a259d63eebe2388d0
SHA256 dcf169dc4a6449c4cc490dbdb448505ec91dd219619f32496100649c259388b9
SHA512 5845e6b34d0effafa10ba9c5eded904c13af64128ce3a152a3c2cad9c6fa38b7358916a0948eb6288c9c9ead23bd5195e16c77c49971fb53d6ceabc1e276f0f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 6c9a79b09b8a4537772a32b088d9213a
SHA1 8acf486d04982e7c4dd2fa22f69a00f18e52e994
SHA256 8fdc26a5fbb5cc6c370cb484be835fd6bf0373528fa746400e82ab78c24b8220
SHA512 5ef3edb84017202bfc7bca61de76196048895a55762aa9f519a2f29c3f7285b640377821a7b4be56faa1a7f043d0fb1d1cf604e0a8933f847e94d43f9655c415

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 2895c6d5d7cd504eabb2aa8ae7ab8c69
SHA1 0ec383eb88ade14fa7abcff298aa334a54424390
SHA256 c7821b1009841618377c63ecf336bc3640cf3daa5e4003060c89ecf08f03d08c
SHA512 b271e3b74c7c0fcd888c9348c88b4be306ea7ffd88d36c8e6cc0e297251bc26f0a990b8b05f49b7459f10b1e0f8cda07d27c87bee995734318fb7170d0a46c4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 8890618b637979cec674ce5e417dfe33
SHA1 7282c4faa5a920fb31a9dc56d505925bb9191913
SHA256 bbb98d525bd00f662158b0ceb98f137e56f140db5fea3ba7322ee652849981d7
SHA512 7318d5d7dc7c5658f7c7121864b01782f03698c59f6ae7905936dc39333e493baf95101347acaf3b021dff07fcc5b7ed35d29aedc55a504944ff6aac6a2cbf6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 26da0a6207b601de1a2806c8a9687284
SHA1 734d292d04f1159ddc5f992dc0a2bfab416eb56c
SHA256 cb759b316c4188697db3d31a7f3ab60ef5938ca9896f6dc92a8b697bb387a076
SHA512 7c09ea44f5fa1f25fc34fff1b8b2f39b092a445ad0d5f62ef313014b5a90acd055bbe9371b8696d130b71a419f32081f843eb982b3cbd6ce5f79bb4562379eaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 9e6b30575a76a8ba4df38f30b78a0d90
SHA1 4e851810bcdfa261cc3e158d9a1aa9b2d4573bfb
SHA256 043401dec2b498b5622fe363c059c36beab51103945b529d6f8e574f3503f103
SHA512 7bc0b8a2b976ce994307381e96856ad907de46f134bef20eed5b21b73e10621a001073714c9f64d8af2dddb1990085ab837b1087d9d02822b0c6bbd9b5106d4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 59cfd0cf02a1fe3c882fdf77d84778b4
SHA1 b179eb734411591aa55af1d62e08b47267e8eb53
SHA256 96b2655db9bce8b7c0769de7f4becbe2141e4d3db5fb1ae92c3538693e03b8dc
SHA512 cc76a4efac451521c65c9410c96e036a289502684c54ce09fa36bf948dbf1d77a3f2bc0785e0fa4464fa725ef83f1e4c81fa9c6a36e6ca86ffe2f66eb1ed2b6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 8bd5fc9bfa0a578e71a51800d5b7fa46
SHA1 9837b9bd1a6a85269799c3dda82c0da0cafc9758
SHA256 4c7764cea2bb1026bb98305f7e28eed1ccd938454528d76dd8a8e6af4a213d52
SHA512 d779aa642e843d2660e91244c32e69b37ba1618fbf5381d1cd5448fa5e52f41f6d72ceb2079fb06607bb55cb7f42ef0d22e5b8db9ee31b26c7b2801b30a29700

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 fef0917ff59d7a84adf6ab308184d5b1
SHA1 92468b4a826eeded68037975b11b3ec4f0eff722
SHA256 bcb30a6047e4eef04f2776817a16d0150f1a45c32ed5eda8ce9a4028d73458eb
SHA512 9085f5285f3df495454b806f260367c6ba421bd9004c25e6e9979638b9ca7bc6b2fe1547aa13d7c5139313e8aa01bd794ee37d00e2375e011aef062628e2f605

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32fa6f5b7bc1faced20a65b49aec892c
SHA1 800aee5c400e423b333c52e747c2d29ef48475fd
SHA256 973bee4c44a5c727e6a76a91517e065c125ea628265e8bf9e5bc42003999eac2
SHA512 3899db88ab2e5bd11eca0f1a927b6ee6a9fbafea2400a45acde388e3d5fb6fee91d156bc4b079a95947c687c0e7b73c35a8be2298fdbfc137ea7c482d37e097b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

MD5 c6573b6fa57fe03c842c8287b2d50ba5
SHA1 3fc4296aaf0baf943835b312b176aeb0404f0003
SHA256 9e42404c161be8b2d2796a15596c45947a117f9ed1e30a3aa15ef0efd3d459fb
SHA512 c2a0135d11371ecbc99c26da1c9e7d6b72c12386e7395af9aea38989a058c1815fc29e6e11e91af77f7290149de64558e1f330c76d8db84c97b2a0c2871e29a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

MD5 d6b0609c4b6edb45553ff9afbfc95e33
SHA1 2697657b75906d3653f48080ec1f3993c07bd8bf
SHA256 eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e
SHA512 db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 fe993339a25710ebec86c051941d462c
SHA1 1a7a578b7a32bbe2102a789c2321090d406838d1
SHA256 59ce81d41051a1d16c02906cd586fcdeabbe7ee30ea7b7b1bb0970b981ffa443
SHA512 b81201876efadc61a8fb48718abb16f7f458856f2ee676db8b0da36790492ad930585c14ce200e7a9e079b8115b15e20ed95176cbfdc337b3ab732e5fe72bbd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 1fae47216a7cc07a8dfd2642509f354f
SHA1 ec7415e16aae2250bead6f7073fd30071910ac52
SHA256 887b37a3d8c93a6756ab8ba95fdd88aba576397980833247f57384fe1ab76421
SHA512 b574ccf2e72cf676db721fab59c264cfd271771daf8011e8160c43b012a62b9bde851e92005565235e063680e0303adf94d3d107a4f66480fcfe5e00f3e25be4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 9cef7c62c8220a8f71387f1f19ea48c5
SHA1 063e4daa85ce4bd7e7bddd47d582c986dcf3cd5b
SHA256 27a4798c40ddc1a6d1ec940e9dc1b6cd604d4503314e3f9bff370eada0e006e5
SHA512 5a138db2259c32a81488aeb5dbcdb5a95f2d352ff3e8b2585205a4bdf6bbde2634bb7b83ba0fa663e223a4d374d81e8ab5fae8d77373bb74738ef79c6aadb75d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 a66efaa590a0d16b1874a35836ba0a4b
SHA1 bb750c61e162420271f89a90f2b58f43587680e1
SHA256 b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654
SHA512 2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

MD5 3047a4fda81ff0fa5a05ccecc7e3a1d4
SHA1 eb57b86a2691c7e8034b0111c135ce5d44a3dc26
SHA256 84ddc1d83dd3e5ac06a82abba927aa79c6889742fdac72c8618f8f607a52aab0
SHA512 060c346432a4856033b38b382974647162f67b9c66703f6585fa87fca540619a80b8548d7dd5637118863aec8293b2617c334e127950d1696285d3c5ac28d609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 aef3266771808db52aa4980d6d78166c
SHA1 443bba76a49514dae2f14a06434158baccba4db1
SHA256 8b259606fd10d2f4c5f7c58d11b78d2684b4ee81d2decbd1beabcf7c01ae3c7f
SHA512 f602c49b6e694f5d85476bd3310e5701ecd00277ff45336653e380faaa1fbff1a81ca5e5f14880d44d1f8d1847cd87344ba5af77ef024fad267806cc6a0992d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 551eb03bb74dba185e3f32cc48384838
SHA1 a9e01ba1853ee533e58241db0f8a8b8387c9177a
SHA256 f426698d5cf75a1d1428d8a3b00b5e2f55955028fef175d14866c438e8c2136a
SHA512 d33df7e3bc937950fe6e50bcf36afa8986ced42ca4b21366095c6dd0ec28df98f6bf2bd6eeccf40aee0b151fd1ce1f602e8c1057fa8b2f15f1324a87b0757baa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 11ff92796d131faf3dbfc6cfcfaf6cec
SHA1 5e399c67171175132e8fe6ebe5a1383303faf3bc
SHA256 fbbf7fb085500e0b6f99bf518aaff545655a284283d30fd91f925af49e972ae7
SHA512 cd832280388a1f4b4bec2249cbb3635802904a667e7ad0bab908d223b7fa7d20e8445a74f3fc06e8e2740f91e1de0b6cc5be6ec600130c20eb782d9c964e47f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 7c07cba97076feb534a6ceb599af1739
SHA1 ae69b26ca370955104efdc12becd6e6cf79f5b6c
SHA256 53d51c7fdae825142c975bb14c25cc33c44f50c276165226962be546df32d0df
SHA512 49331bf5645cc0af6f4983dca8d6d1e6d0e1ac2951f54b57bd1af785fe77982e9c428fd620fb29614771de6c99509b2a8e8b300887d426de159ebe37a9e8b8b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 80e2f66541b87b0efd3ba58862ef2ce4
SHA1 2c48cd49d4d55678ca7f4f26feb5da93a04494d7
SHA256 0a25541ca358e0b58abcbca8f566f7f7b5cd404904e9f0b039de1a53ec22e13e
SHA512 50a347f2e142e628ad38ef7b327f3694db09b0f3b46c64fc65ad2e1e6ccdd19e63c17eb7fb542888c628cb22b0d7b24e3e9d3872ada0d8ccc14ffb374667d73e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 16035ab9b148a03e4ae3c6222857ea22
SHA1 fdb1450b2e1346fac6a5c1aeabfaf0d6d72de2c8
SHA256 31a9216f3f8fc2a50d818a6663683410e81fdf59d1891350b1e5aba760867f4e
SHA512 9f5acb0a578b8e38129164ac1768259efa890fb564a418fec61402142f09b645b2a4c810ae8f97254290a5e766390b10d7d30ae48e868eb2cc70e9d2f8d8ae88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 33b3609c293480ca7abf13c62081a9cf
SHA1 87d63f6a7bb28f9abcdbaebf1b791e338d8366e5
SHA256 74fae234dfc4331b6dd67a45abae049c598df96b6652e302de8bd4ec0474be85
SHA512 5a6d8e649f38229c13e2a246e85a40de29bd6fb4119fb00187f597a5afbcf2eee1dea0825fff09ff0d36f0b7ae6da315515bc9e82ac4d4aae1d31057058ee785

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

MD5 4797badd226845df04fb03ba89a90da7
SHA1 e8d29c9539d723f9f10f42a9eef7dd41bceffc3b
SHA256 e0661db09b8d2c249745bb6ec2da1cf91d634e9f6a20c087c487594f750cfde0
SHA512 e0a9a38b4fb82edaf749b664666c02072a195386cff3f2e21f903c0fc18635ccee9e22bf6b51fd0fb61d84af08d8cebfbe19a6cc563cac16203c65c61415381d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

MD5 9da1d084e54a7ce14932da1e0abd950a
SHA1 6ef4a2d986d7fccbf054652656f7dffb8f614c40
SHA256 43bcb9ccde4189c349da6891a539de90a734f540050850362d022bd9a30bcd6f
SHA512 c5456af7ca181f2de0531a757d378424263c09081d763577b681c09bd308d87be01a4fa8d8cf94fb89c64058777475e55559d79af07ec7355010c2ad75d62dce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 2e29c41ab8e2c6e696b2b09fd46a87f7
SHA1 67009d01187b168ea276c10432b18c9d058d64be
SHA256 955df9c1085e504fcadbffcf97234327745ba316f308f0d8c1d1cf27be105a36
SHA512 5bd4e962d3c8f4fb52ac3cd355f79e598189d9eeee21f26f2dc12ffeb8fb4106159f0610f4c45d1ddefbb1cf232e88e50c26813e7010ec63eb01fc2f8ba39a58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13370627032509196

MD5 949ee9ec24a8d92ba4d49ef0f26c3968
SHA1 1b02333c3e02ea8e0c988609fb13f3d564b45276
SHA256 9ae4bd0fc167b215cf14e597aaf64ddba64d1f6fe78d810ba48e8b6bf3415d0e
SHA512 0919f63dcdc0ecfcb5fe63d1508e5465511db30160350151f783c5236839384550769796e254f77ee8035b83d676b9fa5e1afbb8bab1e9d8eb163c15b03d9124

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 244f50619378b1b57cac81ed24dbee6b
SHA1 4cf366cd17ac42d4e5552292352465eface489c0
SHA256 b503151e0d9b489471576f6c4dd13a1b378dfb4fb7f85ac3e565a064d10ee058
SHA512 fe18588c8fe7949eb35ec7b3f1667c34b469c78f3842c84565caec63f3740f62543d08a9b613b73e0b6c2c5d7f201d331b801629a63cd2fa2f081171aca29f53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 289fce643cf3cf00a1a4d54aee193042
SHA1 0787adf2de59e91124cf3419f696d5f39e762b87
SHA256 a2bdc345ef78a8fbae394e92656d80b5be42bfe55e305cc7918d0f8c3e09c181
SHA512 d304526d43d5f1fa956062b43c0d4ca3c3fc6ad95f60599523b1e77b61fd57d170747ed9788b075baec3d38ea1a60c0259fa0ac842610ea7dde813faef6dafd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a2764cbb5a2d8c07c2bbec4014814a9
SHA1 d86728d51dc4d0b6737d9b8c8334fffddfee803a
SHA256 1ae61dfe903250799a8334e24dfb3d165cab5aeec02478bb602d521cf310ae53
SHA512 c2a52eb7b53dbcd11daa63c47b136bbe85526655ffee0609152991976f61341df5a926c0c6a71c3a6163998858be4077a4671a8625a6a346d82d5aed66bcef04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09649df83ea7ec69b6b9372fc8446245
SHA1 2c77a1a72c3e00ff126280411c0b66559ed410cc
SHA256 87b13153ebeb1c4d0ba633ac36c5b1221a2eb98babfc0046337ea480c51e8dc3
SHA512 a30d580ceb7da52f6fb2aa8b1b944afe7c6be27c52af9d0a9b093cac0ab0861db9752b2e0af93e8146fcc9dbfcae0f7a98cb9bff6e96c1b7a45c39c857d2c5c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88c640d73dbbf1e02f3cf9c2f842662d
SHA1 c44637733f2c03d9254f4da9d1804460aa9df943
SHA256 92c8789ab466c2277bcca0c9d89cf669eda3a07a87f1f1082b5dfdfd8baef1f6
SHA512 51d165184d2f7a56ed3b412ce266762d842308cec951cc688312b2299772bd8602470495d46cec43f470956beb1e25338227811afd91aa6b4e275a5e171ea37e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 bd814d061ae12eb036898dbcbf1aa3c8
SHA1 81d214f1c2b376bdc77752aa265bd80068e2e9f4
SHA256 cf9b73446c2f06052e31cee6d141c001d2373f8491cf1059c3814a1b0eac98ab
SHA512 7ab62e1ca20ac1faf2e1e86c451ec4ebde8a62ea0bc286034855b04ec9880f2349e5ea835b25de8356c553b986a5d2f032d199fbf3d2e321abd8f4be8e3ebeec

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-12 15:03

Reported

2024-09-12 15:05

Platform

win10v2004-20240802-en

Max time kernel

93s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\dnlib.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\dnlib.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-12 15:03

Reported

2024-09-12 15:05

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\Release\Discord rat.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\Release\Discord rat.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\Release\Discord rat.exe

"C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\Release\Discord rat.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.136.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/2312-0-0x00007FFA53293000-0x00007FFA53295000-memory.dmp

memory/2312-1-0x000001803BE50000-0x000001803BE68000-memory.dmp

memory/2312-2-0x0000018056540000-0x0000018056702000-memory.dmp

memory/2312-3-0x00007FFA53290000-0x00007FFA53D51000-memory.dmp

memory/2312-4-0x0000018056E80000-0x00000180573A8000-memory.dmp

memory/2312-5-0x00007FFA53293000-0x00007FFA53295000-memory.dmp

memory/2312-6-0x00007FFA53290000-0x00007FFA53D51000-memory.dmp