discordrat | a6fb6e92dd59821ace2d2d656fcef7d2626549d08d7a9e52128c26ecb0540fce

Resubmissions

04/10/2024, 13:00

241004-p8pvysvfrr 10

01/10/2024, 02:20

241001-cswx4swcqk 10

Analysis

max time kernel
67s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MONSTERspoofer.exe
Size

1.2MB
MD5

c3a422c8bfcfeb9652be8a313f5282a1
SHA1

67a4ed15aef79cad2fc20a89712bb21c241c7b56
SHA256

a6fb6e92dd59821ace2d2d656fcef7d2626549d08d7a9e52128c26ecb0540fce
SHA512

61a2d5ba690a2641bca6e62726096a38f5d32b7403d7afa0a9d213208eaf3b0c51328f5c34452894db388eafebc80ae3c7ac4ba82e55553db29388c9b8c596d6
SSDEEP

24576:iuDXTIGaPhEYzUzA0qQlsYB/CONxCOZRUvXUaUfWd2ucScKDxP+Ua8:lDjlabwz9DVBKONtRUv85yx73

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5MDQwNTk0MjMwNjc5OTY0OA.GPNnkH.G8_UXZHPr4SDr15gYrkcD-QvN2Vo_UWuinxjDQ
server_id
1290406547163316309

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	MONSTERspoofer.exe

Executes dropped EXE 1 IoCs

pid	Process
3260	backdoor.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725204313275084"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3260	backdoor.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 3260	3612	MONSTERspoofer.exe	85
PID 3612 wrote to memory of 3260	3612	MONSTERspoofer.exe	85
PID 1084 wrote to memory of 4540	1084	chrome.exe	88
PID 1084 wrote to memory of 4540	1084	chrome.exe	88
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2248	1084	chrome.exe	89
PID 1084 wrote to memory of 2840	1084	chrome.exe	90
PID 1084 wrote to memory of 2840	1084	chrome.exe	90
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91
PID 1084 wrote to memory of 4304	1084	chrome.exe	91

C:\Users\Admin\AppData\Local\Temp\MONSTERspoofer.exe
"C:\Users\Admin\AppData\Local\Temp\MONSTERspoofer.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe4b28cc40,0x7ffe4b28cc4c,0x7ffe4b28cc58
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1932,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3804,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4648
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6bf0f4698,0x7ff6bf0f46a4,0x7ff6bf0f46b0
    3⤵
    - Drops file in Program Files directory
    PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5124,i,6018597309481897377,10252389338906643653,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:2608

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f84c83f47d2f1d0f2f77189262fe3e53

SHA1
58922a140fcbb97af650b9b8cfcebbe3a52432df

SHA256
40304e15e97f415f4130f13ae87aba031c6396c50c067f3d6426fab1fd4c5cce

SHA512
1546f526294e756dcda8da57ecd333e56e87855f6e45437c2ea8257643a306d5372d9ca0f1f098ea4959737fba21285866c74736186e1c0ad23b2b9f92e7c11d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9306fba95e4851e6ce19bdcf5dc822b5

SHA1
1a2987527224de9ad700f1cfc04c91336e58852c

SHA256
5bbadff626ba445fc3a3747c015e2c972f5ffa439ad1de7a36ffc6230995156c

SHA512
ff311e619736c17c8894ba65e764b97664b1123428456392122dfd6ba11c4d943f8f497774ebdf8018f556aeb6c8599c800b8cba9ae8cc2f3fa6127080cc7d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d18bd7eb0efdcecb1fb8b0cac600d3e

SHA1
1adb35968ab44c6fb22b5340d2b0a6f24fb9114a

SHA256
4270f07193b82f047fd06229f1b86dc3750fa716474f001205b3af2d5b0146a4

SHA512
6df7a2af01be855fe74c8ae05c9ac9216fef85e309caadb9ad30ad10d9dff784b59aa678c54e16ea027e3ec388433a5353a35327c747f313d8f6192100f03a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5fdfa86999167cd5a6b68868bd1c585

SHA1
da4a8ae35935432a003c6a6eb73b4ba16507f95e

SHA256
eba0b28d21a031f13b04db0cd1fc3dd4e052dc8d33c78333f16e377d49628065

SHA512
444b21dfaf270c53f501c994d2366da12ec828e9d0b178fa610f37f725c899f9e582a237f466927f25ad046fb1bf62d216bed5125c54e6f423a99c23d8cd6121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
459e4fbba4bb88159834a8b44e96e29b

SHA1
0a26be20eb2956252643786f038f2981b9c7f06a

SHA256
424f0cc2d3d38107c6b0eaadf544b60a8ac57ea4f5e9d4d98f59d715fe1f070f

SHA512
eff8abb0b9bd469476d9b8abe8fc6d93cc0a3bd418dc1b3123079607df59437fec2216de849290ff6f7d9d11ec940adf510dfd89d5e772886b544e12c22787ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
154c7aa4d1215518fcbc36c2c8cfa32c

SHA1
769a40a19905f8ec3a692d6d6ce506e27c81b8d3

SHA256
3d916c4fec17b38c68a5b3c90db24a9b60747f2246f36a17d5e6671332de47bc

SHA512
6b4ac77e71dfe118c3b30cd05a3ba4e2ce0f3b9705b949704283f21e6f10904e9d55e4c89eb98df5c239dcf8e083c3e848ce21921907ad800b4a4a964a690d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f7f41b49-f780-40ca-bb97-1f55959b3a4c.tmp

Filesize
15KB

MD5
2d34ae8bd3940ab0d8d43be03ae070a7

SHA1
4d8162107564fbd78418f813dfddc9174339b345

SHA256
9a225603ec71c385966faec891744ecb24c43ba1f905559dfd86f018661c7863

SHA512
6a792d15d1ea4a782d68f14216ddb5144361968d667112a7359bb07011e425e7f96aa0f6a9e8f4d96cc07dd86babe74aea26dcf521bc84f4419775cf2b81aac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
3be2596bbc8e71433fefd20a20501a1a

SHA1
cb8a5207fb55a8f0407b046eecbe2786c6b1b1e5

SHA256
e464a8ff9745fe7cdc5713606534026784b3e212b9404d7f418a3b8c91f732ac

SHA512
b0493bfcff91ae783814af5df82df886054b1e4635eb7861c9f9b23d9458d6032ed6360fb430d47bb685bf5062b42dd3c75689021366207295054a1c758ffe2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\backdoor.exe

Filesize
78KB

MD5
91f7ba30e21ff940fdbd4cb6710877fb

SHA1
295eba51d268bd17a2a69417a82d0b8e553b8bd5

SHA256
16034a6012684b81bc3eb6b5c39338eeee1a93c49274e63d0e725be617ee5a68

SHA512
1a1cdcc8ba13983cc86619133aaf162d90e9d5fca3ed4f949c364a2e4a4564a4c9cf9bd1e84305ef92248c99cc8fce92841667f82cdd6a8ad0d20087b847aab4

Download Submit
memory/3260-17-0x00007FFE500D0000-0x00007FFE50B91000-memory.dmp

Filesize
10.8MB

Download
memory/3260-60-0x00007FFE500D0000-0x00007FFE50B91000-memory.dmp

Filesize
10.8MB

Download
memory/3260-59-0x00007FFE500D3000-0x00007FFE500D5000-memory.dmp

Filesize
8KB

Download
memory/3260-18-0x0000024342F30000-0x0000024343458000-memory.dmp

Filesize
5.2MB

Download
memory/3260-16-0x00000243426F0000-0x00000243428B2000-memory.dmp

Filesize
1.8MB

Download
memory/3260-15-0x0000024328130000-0x0000024328148000-memory.dmp

Filesize
96KB

Download
memory/3260-14-0x00007FFE500D3000-0x00007FFE500D5000-memory.dmp

Filesize
8KB

Download