discordrat | 938c2eb722a3b1ad48d3fb6bf74938fe98256ffe55db0a5be224f86f67b48263

Analysis

max time kernel
114s
max time network
159s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

406dbaccdcd62583619a724b7885958d
SHA1

71817181337169472237d20f2527ac5bf093ddd0
SHA256

938c2eb722a3b1ad48d3fb6bf74938fe98256ffe55db0a5be224f86f67b48263
SHA512

d0561b7bfdf912c50a553e92fcec952c0f1d5bc56bf506683601cfa52975d0f5e99928f109ca77702f299013f740bf95bf3a0762355c2ad5e0bfe23bb88094ba
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMjI1MzM2NDU1MzE4NzM2OQ.GVCXSy.w0dE2BG4BS8aXMOYgU7CJDrRVaNjbjTCR5MqHI
server_id
1322247001022398504

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 1684	2148	Client-built.exe	30
PID 2148 wrote to memory of 1684	2148	Client-built.exe	30
PID 2148 wrote to memory of 1684	2148	Client-built.exe	30
PID 2716 wrote to memory of 2460	2716	chrome.exe	33
PID 2716 wrote to memory of 2460	2716	chrome.exe	33
PID 2716 wrote to memory of 2460	2716	chrome.exe	33
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 1812	2716	chrome.exe	35
PID 2716 wrote to memory of 2640	2716	chrome.exe	36
PID 2716 wrote to memory of 2640	2716	chrome.exe	36
PID 2716 wrote to memory of 2640	2716	chrome.exe	36
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37
PID 2716 wrote to memory of 876	2716	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2148 -s 596
  2⤵
  PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6859758,0x7fef6859768,0x7fef6859778
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:2
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1332 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1432 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3712 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:8
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2768 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3980 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3772 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3820 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4052 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=284 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2060 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1760 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4116 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2684 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2372 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3776 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4004 --field-trial-handle=1204,i,654632071971436056,15562934456157109377,131072 /prefetch:1
  2⤵
  PID:1708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cb83eb89ab9e8ec7addd95d9e56bc62

SHA1
153c66d94bd692797c439c51bb12973d9fb4a5d7

SHA256
8b77d646ac01edfbd940c4e0c55975ae3bed6965531b59fcf9fb4ed3e06eea49

SHA512
f1fbf3c6d568b99ca3391bad6846e1b820f2f520e89095fd904e61022423587ffccac526e306c3cd87e991fb95774a6e5cce1531e929a0f44269050188f4fe77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae9a4b2f5994c61954b4ed813ad1fd6c

SHA1
6931b245a63ce05c3988a1cda2d906231c097170

SHA256
b2c8d81a4682320d3826e3674fdd0af837dc07b3e2407995cc239c8f662fa85e

SHA512
c42029a1025bb357d6822dad54f785526a40e8d92181c9a8060256a11771d225a3466c60dc83173f03928821c70410a950ee518aaab30f1dfe92b2be6ff7a6f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad3cb4bc0aa54af6a545043f3d15e1b0

SHA1
c3cde2c23724d2a87532a932700d4df3bc1fe91d

SHA256
f9b4bf5c97950b2dca4c4e2160f45d1b4116cc8bdac7abc9d12da1a8716a430b

SHA512
ea9d8ea8bc9d5f71d94e5c90da42472362d5c82ba137a11ceb8a4e322eba2d2af70233691b65c2e71ee3d54e892c59256359c6109f56c2ef9681af098fbcda3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e86f44e32003fd6ca49f8d0da3979ba6

SHA1
d9b45fbdb94f5c47c11e8246624cf666dbe6941b

SHA256
b94d1b9d28877bc195e0456390e0b7a13f3b8bf4d53a61799bced1cbcb8fa643

SHA512
84b203ee270a3adcf56e4f5b7b8e8fcc490203bfd890233687a3903fe31720a1230143d26c2818acb1ad4d591aa54a2df658b6befb65274a7faa9d8b33416301

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac7db8f194454603e1bfec1e6c48b40c

SHA1
204d35bb9ebc74b93f621c024f5a181ba9ee7792

SHA256
46dcc798ff5b2f41743fc6ed8c70a2bb678648e5b1e9e12b5064c9b23a5f549d

SHA512
d66f18676e11c5a8f039d96d57927df0ebe70c3e2fcfe416a03f96420a53054e04abc63816b661a4242859dcf59c31ad7afc69a0281211b2641172d54a2d127e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
719206f6b59facf7ab3ec7242b9d36f1

SHA1
d61492bfc42304ae9285a8f62c8f5e91cff81157

SHA256
34069f1a33d1a5260d8032cabea43aae69df637c253388bc2234bcebfc921aa8

SHA512
8fd674662a5124cca66b93bf199a46c340614060d3b02328c152f2591f7cbf86afbec1a82cceaa17edc3f03cc6786cc5077a57172841221db9d0d1a2f829b8cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4251bd4bd1e5939cd5bb1ec94f7286cc

SHA1
da706e04846f4990994a2b8aa3f1baa492b32cd1

SHA256
ac04f8944d311524e270c5506a4e850898bf8eac9c492e492c9a364b2502c6dc

SHA512
3f92e5e4a88a0415e0befe17837777a29a37d0cc75eec3bfd784f94119fb3029a6a7d5df0d23e7cb7d8e87aab9d65f770e7cae6722085aeba87d77241a699f83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5d36c7a706bb9dcb5c33b59af95aca8

SHA1
0a7d405837af53462381b4a6d31601c6423370b7

SHA256
adbb3d2cc6c1cf4c8fb23aea6ba1c60955c16d3307af1fa96241a67e45ecbb0b

SHA512
af29a02b3c8ada5214f02232a625fa34c260da04f627f7c4180488f675db9e6da0be87f10053d089b43825ed02429cf41f8647814a0bcc543bd8ccfde67660de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b2e5fea438a07358aba6fc0f544fdd4

SHA1
3461db3dc8eb4f90970bd7cc30b35f62d6af351d

SHA256
60863ab1509c1abfe318592797dea1b28b58d8dfc8126bcb9179da9ae3b60965

SHA512
08e9047ddeb135d5bb19fcfb1a55f8cc7779d06953eed5bb79741ed1a582180eb29f2ec67197c2264653c3398562fe35eb13b5d2d57ccc3e573a8d820fa8254a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a438dcb2d96d1b81119a68a6a98241f

SHA1
c3f583794b88817691410e203e474bb9b97f7c17

SHA256
f2af3f5d3df5aa80ef8089f1011c6bcd5083e8a1811c0c5b0f5cc95a83d93ea7

SHA512
0eb0b3176b0f35e67d31a010bbbeca34e5fea9e76f2dc38bff1ec94eb1bbc2f49f96a360be94d6960c2ff1eba497b4431f90a1bcadeb85f3a5a033532269182f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\07bb4e25-6f6d-4264-a8be-36a44432ed2d.tmp

Filesize
347KB

MD5
2a193365c34f361a0ea933938502a531

SHA1
bb6706693e624767dcd065f221331080b7c2737c

SHA256
b7c405155ca25b9357cd037890e32924f1e402e8c7752a52efb4750a60884c1c

SHA512
758e005caab3c967d97474798a54e26c2e096740fb02238ae77db48156a6230ec31225f8f27c3de6e49b54358345c5737a65148382c535ff67b0ed4781275d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
323d838ffe3693e4f5cd262a432a8b92

SHA1
edaaff16110ed9fd227bf91a457f120107709590

SHA256
20189e9e1de81e44c6ecd2027bc206c647003c1ae19ac1e5a15695d34f44f4d9

SHA512
a6a4e5274289b84f6b79e63088f7a3fac9dc9d5dcd3220b70798c42079e36554077b414c55a52c3886bf82021460a8cad22757d42bb327d787fa6b9a7ff05495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.pornhat.com_0.indexeddb.leveldb\CURRENT~RFf78f595.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0d1658bdb30117abcf69602917abc781

SHA1
3b07dcbe04267fa4552c98276f7e831a26df98d2

SHA256
75a5170f830ace32271f87cb1991c0993a834652d73526ad2aba02df16a37567

SHA512
85c05f9969d3f14c5e08ba75f9e912f080773968768b6d6642e48228c7068c55a0d337d083d9d3e77d4b02cb67a623f11971a484d56de30002ac075e67bc0722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c780fc1416398077914c3808e86b11ce

SHA1
f742239fcddd2c4058de3a14f518d6c22a447d3c

SHA256
77b0880861a67302efec080cbe4d0e6f762e958f8acf902f58fe3678e6b87afd

SHA512
d3d7e4245eeca83a0bf2d0522586a202b47aaf36353629326b12fa0ff648f72ca41f1a0f2c36484263f49c0ea57e57ad2356c15c8888ce844b2bdc097b320c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
3d70dfd8dec20936a75765e166914688

SHA1
d3b9ec1e9d2e717d6203ef88ea716edf6b565118

SHA256
784595d3102f1b42f8578456c2c8be9fcb2bf6e275f9f5f99740d85247a11282

SHA512
54dfbbea0c51698c0ec9bba377257b474b1e1015c94e254131e920e52426803b576405b514e50781ba6c95a4ab5b5b6fc5033d2de84385f0a9d5a098bb5b21fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
91686d32c63e740a030fd7fd6920bcf2

SHA1
b2bead624fe6771adfe959e89c5690e8891126d5

SHA256
c2823600d8925c3cd5e277ce98b8d945849c916d1c0c98b19c73a867e3161d18

SHA512
2b8f36a96857683ccbf4d4323c0c12f753687c2d6d275bff41fa303b98cbd4409ca4a8fb86ef41041958fec218f5b6d7f4171ce4355e45d58060241325b36f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e5f8c293b0f5987fb3f2695327db318

SHA1
5fcf415e273724a9b8a6701133eba6ebf85cf882

SHA256
1202aa12279849b0909beda2081b606282b4703664cee1f43b113da7f89650ba

SHA512
03292e3aeb3df0f2f6f96df5fb7aa164bb9662f44e1d4f6afb675f18c720b6ef7583219bd36c59c4301a05c4b7cd4917b05aedf81051e01b3f5febc99adfb51e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7b86547996ec26f98f809d364296934f

SHA1
f9a8b34f0dadc7034001b851be7c2761ddeaaa8f

SHA256
62ea736836f17a63b9ef5956bed5c66d36554ea5c3d21b759e1509a34c128224

SHA512
1505fa213fe728b2ea16a863a0ad0654e09a1e172aa855cf8bbb81b174633a60a38de44b66156b2be08e4fb387d37fe69f3c1c0db0cfd36bdadd342b1bb26a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
247a0a1201b00c558dff93d1bd3f38b4

SHA1
c45014acc720a89a3a3e1d7ac281f3a86bbb3953

SHA256
2f30c27e17d34de8f56f349348a5e54b53a74bbfddb31401a192698c154aba25

SHA512
5192e90ccae8b4860cbbd093069b1ea8f39c62e7399b0d3c7c8fef2ebe9547c4cb50fe0cfcd83214519a6e0c80b675f32c630fc888be477e73f9ca235a30d976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9553ea46ab3edcb2c4bf1ffbed09f37b

SHA1
c3652877173f6291c7eba003f5fda1b3dfa7aa28

SHA256
47c97b119357ef0460b15664eda4b64f33192fba0dad93c858175090ec2a2157

SHA512
0dfb5a9cb065e7da1261d7f627a6cc7b27955602290806a6ea58b8c32a0a570d213c7644db8fbb9a1981e6434d091ba1c7ce296b4cdb2844d721671c6700fe2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d78e0472a35d93c72ad4f94800d4addd

SHA1
d3ee74f1267956ab0d3e9a4323d205d2bb58a407

SHA256
9188324d1780a53e58585df41aefd985ebddc49f4e629c06af4051bb49bf9c47

SHA512
1589a53cd31fa6e5ca48244e3898fb466c65fa45237a4febc4ec4fc189ab10dae7ce70caf260f65adc08ddf29a1f8509c99615754aa6aab66a4def3932fb1b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
967769722c9f54a2dd4758c59d54364a

SHA1
a87e0bfa8e31b330824e0201f09757c818679197

SHA256
34a7f56d302d960e2647b311cc19f6a0e214c063b9fd48c28139058b11051be2

SHA512
64b36c0d9fbbcade6c820330c89e7c306969915e5ca4235d6cd1590c06fed2db43015468ffb4aada84ed557a1dea5557c5a42e8086505a29f2a59f959707acc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
391KB

MD5
bdd69391a1b0ba4ed8f709de0ba6f83d

SHA1
64842044090cb874f9df642b89cb32951fcb61df

SHA256
fa285d4e7a380178ef8e2a25306af8bb24b59c730c9eac97eb0c1fc01378146b

SHA512
63937e14e13adfa94fe04f40b8906ef81024823221dfbc7380816f1416e61608de7167e9aa998640559414fa3e8b09650b17b4951ecc62c5288adf1740aabbf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3B6D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3B8F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2148-0-0x000007FEF53E3000-0x000007FEF53E4000-memory.dmp

Filesize
4KB

Download
memory/2148-3-0x000007FEF53E0000-0x000007FEF5DCC000-memory.dmp

Filesize
9.9MB

Download
memory/2148-2-0x000007FEF53E0000-0x000007FEF5DCC000-memory.dmp

Filesize
9.9MB

Download
memory/2148-1-0x000000013FEF0000-0x000000013FF08000-memory.dmp

Filesize
96KB

Download