Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/m...

windows11-21h2-x64

10

Resubmissions

26/09/2024, 21:09 UTC

240926-zzh16axgkp 10

26/09/2024, 20:57 UTC

240926-zrkvsazgra 10

Analysis

  • max time kernel
    30s
  • max time network
    32s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/09/2024, 21:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 62 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8b75cc40,0x7fff8b75cc4c,0x7fff8b75cc58
      2⤵
        PID:2776
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,124005895764941112,1930632931121552980,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1864 /prefetch:2
        2⤵
          PID:244
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,124005895764941112,1930632931121552980,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2144 /prefetch:3
          2⤵
            PID:2484
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,124005895764941112,1930632931121552980,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2380 /prefetch:8
            2⤵
              PID:456
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,124005895764941112,1930632931121552980,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3120 /prefetch:1
              2⤵
                PID:5000
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,124005895764941112,1930632931121552980,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3148 /prefetch:1
                2⤵
                  PID:3724
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,124005895764941112,1930632931121552980,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4656 /prefetch:8
                  2⤵
                    PID:3484
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,124005895764941112,1930632931121552980,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4920 /prefetch:8
                    2⤵
                    • NTFS ADS
                    PID:3340
                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                  1⤵
                    PID:4972
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                    1⤵
                      PID:4932
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:1180
                      • C:\Program Files\7-Zip\7zG.exe
                        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\release\" -ad -an -ai#7zMap23214:76:7zEvent1806
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        PID:1196
                      • C:\Users\Admin\Downloads\release\builder.exe
                        "C:\Users\Admin\Downloads\release\builder.exe"
                        1⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • System Location Discovery: System Language Discovery
                        PID:3040

                      Network

                      • flag-us
                        DNS
                        github.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        github.com
                        IN A
                        Response
                        github.com
                        IN A
                        20.26.156.215
                      • flag-us
                        DNS
                        8.8.8.8.in-addr.arpa
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        8.8.8.8.in-addr.arpa
                        IN PTR
                        Response
                        8.8.8.8.in-addr.arpa
                        IN PTR
                        dnsgoogle
                      • flag-us
                        DNS
                        8.8.8.8.in-addr.arpa
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        8.8.8.8.in-addr.arpa
                        IN PTR
                      • flag-gb
                        GET
                        https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
                        chrome.exe
                        Remote address:
                        20.26.156.215:443
                        Request
                        GET /moom825/Discord-RAT-2.0/releases/download/2.0/release.zip HTTP/2.0
                        host: github.com
                        sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        upgrade-insecure-requests: 1
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        sec-fetch-site: none
                        sec-fetch-mode: navigate
                        sec-fetch-user: ?1
                        sec-fetch-dest: document
                        accept-encoding: gzip, deflate, br, zstd
                        accept-language: en-US,en;q=0.9
                        Response
                        HTTP/2.0 302
                        server: GitHub.com
                        date: Thu, 26 Sep 2024 21:09:28 GMT
                        content-type: text/html; charset=utf-8
                        vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                        location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240926T210928Z&X-Amz-Expires=300&X-Amz-Signature=22097c501e677ea0d1cdb7cfbe995255159e861569ebcdb24680d545e0c8f9d1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
                        cache-control: no-cache
                        strict-transport-security: max-age=31536000; includeSubdomains; preload
                        x-frame-options: deny
                        x-content-type-options: nosniff
                        x-xss-protection: 0
                        referrer-policy: no-referrer-when-downgrade
                        content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
                        content-length: 0
                        x-github-request-id: C261:E03B7:61DDE:6E05E:66F5CD88
                      • flag-us
                        GET
                        https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240926T210928Z&X-Amz-Expires=300&X-Amz-Signature=22097c501e677ea0d1cdb7cfbe995255159e861569ebcdb24680d545e0c8f9d1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
                        chrome.exe
                        Remote address:
                        185.199.111.133:443
                        Request
                        GET /github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240926T210928Z&X-Amz-Expires=300&X-Amz-Signature=22097c501e677ea0d1cdb7cfbe995255159e861569ebcdb24680d545e0c8f9d1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream HTTP/2.0
                        host: objects.githubusercontent.com
                        upgrade-insecure-requests: 1
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        sec-fetch-site: none
                        sec-fetch-mode: navigate
                        sec-fetch-user: ?1
                        sec-fetch-dest: document
                        sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        accept-encoding: gzip, deflate, br, zstd
                        accept-language: en-US,en;q=0.9
                        Response
                        HTTP/2.0 200
                        content-type: application/octet-stream
                        last-modified: Wed, 03 Aug 2022 20:36:01 GMT
                        etag: "0x8DA758FC7B7F85D"
                        server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                        x-ms-request-id: 0cce2807-f01e-002e-33a8-deb342000000
                        x-ms-version: 2020-10-02
                        x-ms-creation-time: Wed, 03 Aug 2022 20:36:01 GMT
                        x-ms-blob-content-md5: BqT81es6Odf1CgcJ3pkA2w==
                        x-ms-lease-status: unlocked
                        x-ms-lease-state: available
                        x-ms-blob-type: BlockBlob
                        content-disposition: attachment; filename=release.zip
                        x-ms-server-encrypted: true
                        via: 1.1 varnish, 1.1 varnish
                        fastly-restarts: 1
                        accept-ranges: bytes
                        age: 774
                        date: Thu, 26 Sep 2024 21:09:29 GMT
                        x-served-by: cache-iad-kjyo7100065-IAD, cache-lcy-eglc8600078-LCY
                        x-cache: HIT, HIT
                        x-cache-hits: 1440, 0
                        x-timer: S1727384970.613544,VS0,VE1
                        content-length: 455770
                      • flag-us
                        DNS
                        133.111.199.185.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        133.111.199.185.in-addr.arpa
                        IN PTR
                        Response
                        133.111.199.185.in-addr.arpa
                        IN PTR
                        cdn-185-199-111-133githubcom
                      • flag-us
                        DNS
                        133.111.199.185.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        133.111.199.185.in-addr.arpa
                        IN PTR
                      • flag-us
                        DNS
                        215.156.26.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        215.156.26.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        215.156.26.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        215.156.26.20.in-addr.arpa
                        IN PTR
                      • 20.26.156.215:443
                        https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
                        tls, http2
                        chrome.exe
                        1.9kB
                         8.7kB
                         15
                        16

                        HTTP Request

                        GET https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

                        HTTP Response

                        302
                      • 185.199.111.133:443
                        https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240926T210928Z&X-Amz-Expires=300&X-Amz-Signature=22097c501e677ea0d1cdb7cfbe995255159e861569ebcdb24680d545e0c8f9d1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
                        tls, http2
                        chrome.exe
                        14.7kB
                         478.5kB
                         232
                        353

                        HTTP Request

                        GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240926T210928Z&X-Amz-Expires=300&X-Amz-Signature=22097c501e677ea0d1cdb7cfbe995255159e861569ebcdb24680d545e0c8f9d1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream

                        HTTP Response

                        200
                      • 8.8.8.8:53
                        github.com
                        dns
                        chrome.exe
                        188 B
                         162 B
                         3
                        2

                        DNS Request

                        github.com

                        DNS Response

                        20.26.156.215

                        DNS Request

                        8.8.8.8.in-addr.arpa

                        DNS Request

                        8.8.8.8.in-addr.arpa

                      • 8.8.8.8:53
                        133.111.199.185.in-addr.arpa
                        dns
                        148 B
                         118 B
                         2
                        1

                        DNS Request

                        133.111.199.185.in-addr.arpa

                        DNS Request

                        133.111.199.185.in-addr.arpa

                      • 8.8.8.8:53
                        215.156.26.20.in-addr.arpa
                        dns
                        144 B
                         158 B
                         2
                        1

                        DNS Request

                        215.156.26.20.in-addr.arpa

                        DNS Request

                        215.156.26.20.in-addr.arpa

                      • 224.0.0.251:5353
                        chrome.exe
                        204 B
                         3

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                        Filesize

                        649B

                        MD5

                        990a0a3a67e5dab3b0a7eea4e3649e00

                        SHA1

                        022e1cd2558e193b74075134cb6fa404b3331a64

                        SHA256

                        21f45a26e7907d42548d2e38b39629536229fe68afb03e775ecce83535f13668

                        SHA512

                        21dac0fe068dcea56f80f2539420770506adbfb51d4fd54dd8772332c7eeda228e3dacf1424d2d6ed76ad2ce3abb6b4d9648b38e98e42b03453c3532367db58e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                        Filesize

                        1KB

                        MD5

                        ea95c65237c31617aea72706bf559cc9

                        SHA1

                        8406c2be0794fc1790e5a906ca3f0f56a09bee97

                        SHA256

                        cad68ca0037107e540bea1f01b9cac8b7202d56875e4e3a2d254c188591ffd95

                        SHA512

                        375da16d43b7864178ba184b8fd272a5ce60f97d363e8474e174b5c0f134c34ea136ceb4c59fa1bcb01a8a4e233e07cbcb93e3875cff63ca3fdd13f3b60ece07

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                        Filesize

                        1KB

                        MD5

                        75dad88df344c7d8bf992d4104b409fa

                        SHA1

                        3dc874be77c41a3b22be05485493f5fbd7c2c71e

                        SHA256

                        a76e509f4e57600c315b2872e01bcbcaf44d97336956c8685d97c7fab51b1c52

                        SHA512

                        7c61a5995bbbafd59301e36130596036c248b2d975500311657ff42e700a751e7044efed4c429cc245a041f52ed5d8ce23fcfe5c3400954a7704773c63dfbd10

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                        Filesize

                        2B

                        MD5

                        d751713988987e9331980363e24189ce

                        SHA1

                        97d170e1550eee4afc0af065b78cda302a97674c

                        SHA256

                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                        SHA512

                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                        Filesize

                        523B

                        MD5

                        027879b839897a79d35a846370d41e99

                        SHA1

                        6a0ed830cf367dd2876f45e561779eba703bd48f

                        SHA256

                        a44d92d500ba95107955c5ebf0458e3d8560e923364c947efc8d26ec4463f614

                        SHA512

                        7dc701ae36a5cb3e9a1fca879aac5e9d18b60546a00bf84ffc6016d3b0dc76c0744cd7b5bba10570aee8eb692c08bdf7077e350af358b489c64fb768a0e4a44f

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        Filesize

                        9KB

                        MD5

                        05034e572a2dc25a4867598e35bff198

                        SHA1

                        32ec47ff6c05329cdf94bf62fb74e33550669fdc

                        SHA256

                        57c7fcdeb555c689c0380f39be824e3f10b34d653fade5c37e66708a8bd4286f

                        SHA512

                        ce9f61d33e4ba7978192458137ed239416925a1c395fcabe49a65dd03d4c3d864edcc0efb680b240ae5f4a0f322c4c7f2c0368b8b53f904f6a89014be1e00c9d

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                        Filesize

                        9KB

                        MD5

                        a3fc90a9906293bf9b7dc2073887ed38

                        SHA1

                        d675034faa8f3ac64f5b81c5af6c769517e679ce

                        SHA256

                        f2702bba56faf11fc47f5dc4a9b768d87f222eafacc6f54a582671ac79b0a0fd

                        SHA512

                        ff3563263867d532913031e825250a3d73e9947a39fc16257d12094a180982c8461ce408d9ab984640e226444fb528b51eb3fcdff7a60ca57ae1fbe1a966b6ad

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
                        Filesize

                        264KB

                        MD5

                        f50f89a0a91564d0b8a211f8921aa7de

                        SHA1

                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                        SHA256

                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                        SHA512

                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                        Filesize

                        195KB

                        MD5

                        d29e276a202d71d87898e52fb29513a4

                        SHA1

                        b03e9a665f1988608068fbd5a86f181da9ffe6d3

                        SHA256

                        51a754d150f1d9a54ecfd2a4decb1d68230da4ea4088497883bc3095688a4b87

                        SHA512

                        694c8266ae1984c4cd1d479b8e164f4d25685861bfa1cdad74f85d82411961a22696d00e4c0918f5e090cf10db4bff12b5769a96955526e9b25aacdd1fb9d39b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                        Filesize

                        195KB

                        MD5

                        1d84c004aad6220ef75f86f2b792b968

                        SHA1

                        4fca05774f9ab566b86fdb060d55e5000854b594

                        SHA256

                        f011c096f5c3124a4b15dfda7e55f3e717d2c76fa1534d89e01a3eb58a175982

                        SHA512

                        fed6d8960dbc08c00e57a94a23150c301d53a18158c1ec7dcbf84c19f73c6ddfcf38695f9dd43d517b4d03816b39709632875bc894778b4aaabd74167ea04acf

                        Download Submit

                      • C:\Users\Admin\Downloads\release.zip.crdownload
                        Filesize

                        445KB

                        MD5

                        06a4fcd5eb3a39d7f50a0709de9900db

                        SHA1

                        50d089e915f69313a5187569cda4e6dec2d55ca7

                        SHA256

                        c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

                        SHA512

                        75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

                        Download Submit

                      • C:\Users\Admin\Downloads\release.zip:Zone.Identifier
                        Filesize

                        26B

                        MD5

                        fbccf14d504b7b2dbcb5a5bda75bd93b

                        SHA1

                        d59fc84cdd5217c6cf74785703655f78da6b582b

                        SHA256

                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                        SHA512

                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                        Download Submit

                      • C:\Users\Admin\Downloads\release\Release\Discord rat.exe
                        Filesize

                        79KB

                        MD5

                        d13905e018eb965ded2e28ba0ab257b5

                        SHA1

                        6d7fe69566fddc69b33d698591c9a2c70d834858

                        SHA256

                        2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

                        SHA512

                        b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb

                        Download Submit

                      • C:\Users\Admin\Downloads\release\builder.exe
                        Filesize

                        10KB

                        MD5

                        4f04f0e1ff050abf6f1696be1e8bb039

                        SHA1

                        bebf3088fff4595bfb53aea6af11741946bbd9ce

                        SHA256

                        ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa

                        SHA512

                        94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12

                        Download Submit

                      • C:\Users\Admin\Downloads\release\dnlib.dll
                        Filesize

                        1.1MB

                        MD5

                        508ccde8bc7003696f32af7054ca3d97

                        SHA1

                        1f6a0303c5ae5dc95853ec92fd8b979683c3f356

                        SHA256

                        4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a

                        SHA512

                        92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d

                        Download Submit

                      • memory/3040-72-0x0000000007E80000-0x0000000007FA2000-memory.dmp

                        Filesize

                        1.1MB

                        Download

                      • memory/3040-68-0x0000000005340000-0x000000000534A000-memory.dmp

                        Filesize

                        40KB

                        Download

                      • memory/3040-67-0x00000000053D0000-0x0000000005462000-memory.dmp

                        Filesize

                        584KB

                        Download

                      • memory/3040-66-0x0000000005980000-0x0000000005F26000-memory.dmp

                        Filesize

                        5.6MB

                        Download

                      • memory/3040-65-0x0000000000890000-0x0000000000898000-memory.dmp

                        Filesize

                        32KB

                        Download

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.