hxxps://discord[.]com/

Analysis

max time kernel
599s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
3	discord.com
6	discord.com
7	discord.com
284	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543383568680120"	chrome.exe

Modifies registry class 57 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002d5ec171472fda013e7fc65e522fda01d852f24a0071da0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{0EE65DBF-1A68-493C-AC4D-E12DB0B41C3A}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe
Token: SeShutdownPrivilege	1840	chrome.exe
Token: SeCreatePagefilePrivilege	1840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe
1840	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 4628	1840	chrome.exe	84
PID 1840 wrote to memory of 4628	1840	chrome.exe	84
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 788	1840	chrome.exe	87
PID 1840 wrote to memory of 2944	1840	chrome.exe	88
PID 1840 wrote to memory of 2944	1840	chrome.exe	88
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89
PID 1840 wrote to memory of 2188	1840	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://discord.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7149758,0x7ffcc7149768,0x7ffcc7149778
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:2
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4668 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4980 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5004 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5012 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3028 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5152 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2528 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6104 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4688 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5820 --field-trial-handle=1860,i,1874529151696072490,277849707886474552,131072 /prefetch:1
  2⤵
  PID:4852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x338
1⤵
PID:3824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
987ffd94e10fd36ae6251f93fad09ad5

SHA1
9749b74519a19e2c0874da06242831451432a2d2

SHA256
44838992c43969664a9602e584674bef3627a20d2342d171883a3a0b57b51f03

SHA512
626edc9117c34ae9088ef9059daa78e779f48cf5cd9bb64df293566e406ef8a2549cb95b6c5dcb57c36902c27e9650d6c2ddc06a3ea418919e9c26505fc5e80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d23c0eac79226741c6039ecf40a9bb32

SHA1
0145862d615f32fcd6f1611c9ab109c77e20bcfa

SHA256
62dd49681a8c1f63e0e940f699d6fd967a63fdacd113f63bafc1f1aa6e2314e5

SHA512
ef55a7e4b949f7674883ec5724ba1bdfcd8ed80b17c88c2c782b0f49f1e6c08d98fbed3e5119fb8000ea08499dbdd516b3e1763b1d604b21a3a80e6d92cea8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
77fa28ba2e56c94249a4bc5f4f72b1a0

SHA1
fc6b75ae2c3ab22c02b88aeed879fecb3d826111

SHA256
ba0b2cb5f5a21fde2088d3c85e7b472f473558370e04a8849cdb29874385db97

SHA512
93eb6cbc83bbf909c4a95edd16fbe04cf1a90c779b97388f44c3ba3aa9398c305aea53a14a9b430b69081c115c93d0446ec78e2a7ac05f92e805ffe02df635a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
77f12550251f524743efbfa49413cfb9

SHA1
aa506994495fa0f949319dc873be723620c33d3b

SHA256
c1ba9c4f9e059d18441b147ee60d5bd847e070a9efdb1454c31113654b00d72e

SHA512
79c92bcf7622607a26bc9391ee30050553467e4b6c5dde1d334cbd0f1b9953a1c096ede51d3ddd4ef922fb04406f7914f9bc33085516116eac6279b42460b0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
2e4be249afbec55b7346be5e34bfe130

SHA1
b49a6b055aff1c6808d74455355003714c35e701

SHA256
f985526f7f4956cd9bb553d74b5db9fc39b1aff2186022ab5cf2b884e890e739

SHA512
ce90f7b392bb23a4c79873b6759d4b0b54d2b656a2c373c0df98c8698100bf87ac9c8373d28e0154533a80a0057a8fdd0bc287213203e0003037f734afd34e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3dac7c5166985451f4e7399ec6d666e3

SHA1
b8444fa5c18b8273e381d1813cca9f69e1c6f7d1

SHA256
5a85765189636130b77c52c01ee16b37617a6c0a8d556755446bee6231d08da2

SHA512
0d932648635cdc1155ccd6458b4d78b847d6d4a9c7224a60fe0b2182ad07d928321aa5fcdc026cd8d536f843c9c45078b0eb49f4a7cc74f2c9daf3bf4f818c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f9d9fa5eb40563eb3968eb6248208b04

SHA1
544fb2a19ab6ae01fdfc2a2f2d03cad3c5dac93b

SHA256
fa446511414e835ce951215cd4ce4d6d77aff975d4bbd4c2bca3a1048425cee0

SHA512
db4d5b6c73ad1cc3c967fa13359639bc0aa357c064087171d930b8d15ba4949597fbeced73e4c0f413f3ba5a9c5a574d518e09aa049759e23ce2b732f1ba0481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0d3fa6dc79a927843614e41d23d23508

SHA1
392ed5b1418db4f1af922c910d811075c8531969

SHA256
771396be0ff4346f448b326869af2b75e689263b6e30598e5426942173b979be

SHA512
eccd405d4a988d179ffc3ccaa9857e750f7e132525f87f40be97507a1679a0c20bf440b74d443747f7b8ef119879b5182f73c568b8ddbbd1efdf3a87c1f361c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f22fe9f76ad4391c4fee8749258db3b5

SHA1
5aaec50881d9ab285b590bfc4271acd49de56939

SHA256
b375673d68c7e6cd0ee906dd75b6b057d813acd8def1152bd208a8b3de7bbe14

SHA512
842e504af353474f045094e78ae1869eed41691e34a3d27705d664c6b0c8781bc2408f7181d31ecf8a8d894d7c7973b43aeb5af0fe7c85e1e6585af7fc939e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e90354a134298ae010eab6710538dd9c

SHA1
561864823462e5dc53188bb9a3cd87be58c3dd9e

SHA256
13e02e8b40f31c6c5509c578bd2e106a10d4fce37688fcef63d2d9bf6eb3d3cb

SHA512
f58642fa41aa0bf1f10e7bacd3bffe7de51e0b9613f472c04298e61ca3c5588622c80d0bbc414056968461a2380259a09d060f8cdb2c9cc9607d598f565f4015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e1fe0879ccea44c38c39a86ae275d06f

SHA1
92eeac72a19586e9e41a501e7741da149b7778ed

SHA256
d903985df172ab7a89036f52e00eaf34d8917c66510e48a8dd2c91a987edaed8

SHA512
17d9b89d782e5c2c4db9f5aa1e385ab94ba89449a2d2f621206c7d6704129d696276a5bf241ac7917325788e9f85778449bc3cb2a6ac30f17f1200dd2d160033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c41fe7104c5c0b48b5afe8880ba56e1

SHA1
19b8385ceb5ddbaf2b5c443ebcf8ea97fa34675b

SHA256
8b5fc73472f38a13e728db558fbb449804f02d8da56aae08bc17d0b96ab9966a

SHA512
1dee9cc2c27d25514320ed5af566dff366e273b61eb697c8c7d15c1949001e915d1f4c222dcd759f8048409a2f13152434b85c401759d94df898f3527e226940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
885ee30f9073e8b3a1c7b400b53530df

SHA1
0aee94f9475e0c03f44eddf1ce18632115a29036

SHA256
5be79d8e87f145f2b71778ea559bd35cc8a9378556febe4bcbcf7db74989aea1

SHA512
e7a53bbe22e734d39026c81b3a29232889cc2cbe765e650f6864b0dea5a53a3b745b9cf9a85bc586fd2d9ee2511eabaa8ed0df1b1ee1af191e7a36c070fbc40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d1271d5b6a50900b4a8cd002308ebf3

SHA1
5cb2cf63aab29dd6e9db38249a8b0fe18a498dc3

SHA256
eec2a31bd71cfbe6cc76edf77d1928dd48075b1b0dfe73c95269904fb2b34046

SHA512
6310ae70c1ba3804923590427a03668ec020481286ca128aeb60143c984314547c323d5b81e268d6dab2edecf4e0e8e2b488730cd6dcdd1da89be3a291cdbed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0efc8ef6acff3f610d31180eac04330c

SHA1
f4e6fba2bb2940ed8d7c87b8c4e468be888d3be9

SHA256
ef084a70eb9a6f6ef77ca51ceeec9da9d20cc15d2872db7f9cc7f786a0b8ff18

SHA512
b9f48823b50a91c8216dc48a00a954d2377ee59637bfa72fd18e355ab3060a07ae04a4ab6234369dbcfbfe014e64141c8424ce6555ef6d9313a7185017ae3895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f49138edc56d78e4878426bcf4222e4f

SHA1
416ec946e0137fd06e06266dc9a898dc2abd8ac7

SHA256
ecb85e7b797bdc1c4fcb2c5987d562b6cc8f0707ea53baf89413d36588bea9ef

SHA512
9cddbd1cb1106c6b9b252eb4667ce0d5b68250e66a80c0223a2078ead2c7af785b220defad25e3554c2e7905dad5ac26f853c62a934e12ba60d29dd334bc07fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
faf7deb8f5694fd222d56093205dfa6d

SHA1
623938e82d724a1312fa5cda3626a0bacc2b6126

SHA256
595f4ca0cd1dff7395fdca5a0415162c9d855ce6daa344d82d02a6537f7b1bfa

SHA512
598c2654bdffd6d2eae6b8cb78146e2ca402cf210c50096cd79336fce017889aa6665f3bd1f8fd7b2acc083bc1667b8cd7d7b9d058d5721851eb6a84f7b18019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0f7abf8cefcef655d08f6eba5aa4fce6

SHA1
d52ed09ca5b1bb32831bbbdd9174b7ab62916ff1

SHA256
82b2ec4fcccada07671ab0dc6828a3168da570f21cfc4fd4e7653716dbe0e89f

SHA512
2eba07b92a693509c21343ce32aba6e6682bc0970f30a39e68fb46abdb10668599f9a46ab434069b88434e1e21ac290b14873b9343c9601601f5ddeccc66038b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fda12ad2-c6cd-47bd-9b21-be3779064bfe.tmp

Filesize
1KB

MD5
4a220998d574bdad5e899f41f5c31b1e

SHA1
636b6475d116dfe357a818b5ccb6948b2ed4b96e

SHA256
05220ba0b93b69c6a5d1dc7e96eea7e61d5fc3e2dd47025c612f87bd8707c845

SHA512
dcbb92fcd76c127f3e7aae2abee5133582620e80368ada9d53f254dcb8419f4221f6c71288fd253d79a095a46fe2bee250fa1d04ce3b5f6ab8d4cdff2b63f2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
17592a8b5559433cd4f56408d9e6ee77

SHA1
3b00dc6ea4237ec6ae0f527a7f0866dcc24a3004

SHA256
27f2580f9db1892757297645c1c025ac20e0ee6f7390d807c777be2d52ba674e

SHA512
8e0807704ee0c253cbcd47b00d9a3b2cb24bef3382040153ba85bde70ee7fedd84cf807e065816a317add5a9da443587bd6474f9d29891f1016987b70ac69f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e075dccbc4e4d861b28af8ddc29beaa6

SHA1
94f4ba1281b536823e9415f438d75fffa6cd783a

SHA256
8aa57134d4e999d4e4a18e7cbb8368eb86804381d5adc7a4507d2025779f399c

SHA512
035201360f0eac6eaab886d93ef0fa94ecd331ba1760239990cc78f7ec55185d7ff1b7cdb8ec49d2d6043513bbb98bd4192a5d7213f9c243d42c7dc46cbe1984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
12270ce230d7ce78f08bc02e45c24b31

SHA1
5c6d526ab9175486b4f6ad1df31d19c2c4b6e2fa

SHA256
8a4f50d5758396c1b084b956454fa56806f6d4ae1a298158da4dfa7d1d373e42

SHA512
98cfc3c3f2ecdcf5690353eddb0ab0c6b3ee1d32df712e83c7e2f0fc1876290218db86e8569c5903e973d52b534aeafd289aecb9eed3cfaece69b8d83b6ce6f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
311b03ec8327a8d4ea656b4f1e138a3d

SHA1
68b9e7c780759da675fd142d2d64e9f276e59274

SHA256
a1360ccc0e3fc7067bd7af3196fe0c4625ce94ab79db44d03fadccf936fb1d46

SHA512
c320b0604414a5ecd9a2ad16e523ebab2ee10965c94c3c4ac680cb4c3f5b8c7ceb9f7cb4a4fc1ffa90b0a6713afcf1a6f7641556349178d16e214b287d5f491b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79da91e19f1e35b6c83931fd77fbad40

SHA1
745f58395a1b975ca3ba56375644928683953f0c

SHA256
62b08025f7c5327a93983f05dc53bc884a35e3bc5ca9b7d0fd0a9b216424e7ba

SHA512
2a72e53a566726cc55113c37f9450f5d9a067dcea3ae9a686ee4de2b91dc25a5d20561b0a0a313bd78a64afef1bed108af12ece158a129dd03ea18491f520d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e67a61228fba2bf6f9556070bea08f7d

SHA1
0f309ea1a6ae9e4aa25aaaf82f92c057c17d46b1

SHA256
68d2a6a998ba960f18cef5fa8acd31c2039c92b035de386b7195853a1740ffd5

SHA512
b4715031120f91b62b74dc93364c470d9b7d23240c847c236faf78e6f1136616e67fc9a7d9f7d69c5f8353b7689b1974b3333a08b136169466ad599aaa0a38b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f4ceac8eb12619310841d829b6cef3d1

SHA1
13ab4bd3e8443582cb366d41e7e7c555214e4eab

SHA256
5ebe5014fc8e9efdd72fb248ef216b950177c292b67f89f51d92ccb4c1d1f971

SHA512
30f386d90df4bf69b9dd90337ac5d671355a8603bc24c7999ab2199e954d5c7966d975c40d96972861a191c9c4cddb7d5efc86a18389a676b9361d93d830c52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fa939aacda9139fdae51413a1f911fea

SHA1
5496e9a2d2f74c69fc7044ff1d7a1224c2baa91c

SHA256
cfd1206bea682f979e0e31ac5c73b9b43565754b0d9228e03f693f2a44e48e63

SHA512
85285746020e0dea4cbe73d606b735c3d7dda7e8ce32671e2182c7c1d795462864c2d3c665af72323c8cc24a5f152f17d43bf2f36115941e46b29617852e5a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a43a.TMP

Filesize
48B

MD5
9c78915a17e8be1f5720eff6c37e895d

SHA1
a7c4ecd6ab26d012619678aa341271b52fac51f3

SHA256
2352228afa8d75391987a84938064e73d3961c65b9089c5bb40f0d5fce5628f5

SHA512
e17d34c9cda2ed15e8348f50cf873d31dbe97ad0805249890a2f1e66b4e5ee7484c5c7fcf55fb81f33babed0cd529f07e2d2c8dedf40bde9c6fe25b02b2731ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
79f98f88084e576e63034ef45524e374

SHA1
4077266802e76338c87eff2cee2995227622744c

SHA256
c53eb42a924587ccaa9cd626460b13305b9a6cc0bf287e54f2881dd1949a83fe

SHA512
d9eb165bf97b356eee18764fbf7510c5c207cfeb361967a78f5a42ca5349930028a2de9e8f70be91c8944984c1d58886342deaee146ad9f107503a9e58af12c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
940441f460b8e78df07864b553ab93b4

SHA1
8b720db2915524c36d580cf7c279e2b1596e3f0f

SHA256
0b96f58a8440645f9a1ee12e8e5eeca99871e6b27061602ac3f74f3dd98e7db7

SHA512
4121a7b1e035944908459bf5024532571ef5e389cb31f06857ee4640a8e5b10e6346af08f25f83d95e6f2c4767bbd283a25000d8cf1e9d6fedcfd9246a87c3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
291245d207ace924ce4bf4c1087e0924

SHA1
fd96d4f2aa3c52ab85fc624acff59dd1f5a3f08a

SHA256
48a4515b4087fa0d9757a785df470df66bde1c5589629da2b40bc475836e2320

SHA512
5afe1cb902c97fd69023f4c7c4b0c730b1209fbe870e9872c18b18d95bd40fc3d2fcb41ec44810234e7c2cb0d5920ca222c3cafac1d103901d4f8a3a24da9d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
0f30cf5ca87bd7c96b1c5c80a7c27442

SHA1
3797a3286acad7d77fdc3ba44254090b73e2493a

SHA256
d1d3d352cfc91587d49f726e156093956d757f12cdf1cf3066cf809eab2467bd

SHA512
1ee363d28e01bfb797654cc69cd2ae16bc8fab5e635a136d6429522dbccfcd0cd07df894630b591d659c45afd4183809b3e9a946c1ce657d3ea3a460609ad7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
9ab34516da623a98711fad653d91f9f5

SHA1
8fd2c60aeab0850674b6b4af540bbaa99b0a1c5a

SHA256
328db78027ef86106c916d6cf917c34098294f2a5cf484a14a55c25a291dfe08

SHA512
ecdeee665c1753e148ca63bb3885a486141ac274d205e898c4fe10b939943f72945aed9c337655dc8d296049f51f1979e113eb409ff091e270c95cde90669dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
1cd49864e72b6aeb95ea9975f8c6fcca

SHA1
cf9d1d2f0a5505ac4cfe0fe8bb4ebeea96e060bf

SHA256
bb8f22b8de367e793b0ccaa1cc92591832aded4a90ba42a612750de0dc7db5cc

SHA512
5de0b9dd2e62cdc894f255bba3732928d42e88cf7a455dc74ee813b0c276774409eec65674314564ab7d2294e9bd42b8a68fc4ee000234123d0136630bf8fe8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5838af.TMP

Filesize
104KB

MD5
ff50c4ed84bcc3413776bdae0d4a221a

SHA1
738e9d78e9ef007b415845a024988666b5890fc7

SHA256
2a43b8d64a5fc2d89b4cbd5c34c9ebae34a4b5c13b82b547ffada8a665309040

SHA512
b413134b2f4ab548f29f19207f12382087cdc1f890d8392ed3a0cea8cb6895f04d346ead56f79974fe84c28f7ef063915beba1a7c13c1403ae519d30f22d64a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
7a9a48ac60829df3058dffa5330f8c25

SHA1
dc0659635650bc54526a1eb10938438f36977b93

SHA256
57775dfd7cadb462426c9a176a5b773a20f63c20b0348a6fad5721dafd2f71be

SHA512
7ac0b9c8ece70ceb3f9d17da9cb0d0c684e029cbff70c30ac25f15cb8a65c6050f4dd5e808d50c7be541e183f083062faab38bab55e5ab48a1080388eb679401

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
c877d9a81a5d76b35fc4656981677178

SHA1
e50b3d2bc021a0cde1e7fb2c12e9dbba528910b6

SHA256
27721d3351a9c16d41232fb32f37044c62dd7806fe1db14319fa1144f72769fe

SHA512
537c290413d736483f5349bd2a1d75c1efd429afd21fb816de916fcfe809ea3cb570eaf23b75bf7977cb743264e6b358761c8eb8553d62e0faf390a950c26824

Download Submit