Malware Analysis Report

2024-11-16 13:07

Sample ID 240327-rtf1lshb9t
Target vitutal machine.txt
SHA256 5af557c6563a335081c51e6b7ece453575c240b8ac5e114d1139afee4164016d
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5af557c6563a335081c51e6b7ece453575c240b8ac5e114d1139afee4164016d

Threat Level: Known bad

The file vitutal machine.txt was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discord RAT

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-27 14:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-27 14:28

Reported

2024-03-27 14:35

Platform

win11-20240221-en

Max time kernel

393s

Max time network

398s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\vitutal machine.txt"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560233635293059" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\release.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3652 wrote to memory of 1224 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3652 wrote to memory of 1224 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 1480 wrote to memory of 3792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 3792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 1072 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1480 wrote to memory of 2856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\vitutal machine.txt"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\vitutal machine.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff868b29758,0x7ff868b29768,0x7ff868b29778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4924 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\release\Release\Discord rat.exe

"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"

C:\Users\Admin\Downloads\release\builder.exe

"C:\Users\Admin\Downloads\release\builder.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=952 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1588 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5380 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1452 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5544 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5512 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4688 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4444 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2524 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1752 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1084 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1444 --field-trial-handle=1772,i,2717540405902010158,15787564777292440875,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 205.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 162.159.136.234:443 gateway.discord.gg tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
DE 140.82.121.5:443 api.github.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 workpload.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com udp
US 8.8.8.8:53 workupload.com udp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons3.gvt2.com tcp
GB 172.217.169.3:443 beacons3.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_1480_DCIXDTLYBKBLDNRE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bd6ef41f-18c4-436b-9ebe-9433abbc4187.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ce29e6a33b3fe4a30d256e717cf30194
SHA1 53bb66066a6b258e64d962885d5978921bbe02ca
SHA256 09592b23c1916afe0f72798cd41789b7fbc865725e76bd29b04056e911a54733
SHA512 d6455a033db0d6282a54b58fb0048ddd34e0a82af0eaab995238b3cf9be43ba6d5f7d653a974f832185534acf8693841cf6b4dcd9dd5bcdc6dfa431be7e81f54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19115a21b3cab74f8220cacc6d8e70a9
SHA1 a12f8defdc8f461566010e311b2ebdbb840757ea
SHA256 8ad0101875c6771521d42b2e340ef54255a23755ff058712cbc3c7e9790381a6
SHA512 ae44af5ef80f2b8fa5c5b8d62911134ec5f506748f36d4245e32bb3292363b822c23b2cbfed2dd227aff2e91e27fb05feebfe807fde6bed5980db2f10fa3fa2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 71a1e82b13d69453d4b60f743523e7f1
SHA1 c93f9087e51596f09f49d62a1e3cd223aafa63bf
SHA256 7b89dd2d74d2b80b4de66cb297128fdf69030148cd412430c3235f0700e0abf7
SHA512 25a457c39a5b886078acf802505f04074c07227403e965b0aa7748e2e1feb5d3a7ae89b31cf4dc4e676fe9d2ff1831e3e3e6ac0f5945b6596dbc168e9347ad86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 00bb45bf9f280e113b0f8416113b644e
SHA1 dd8f289285a0e59affb01cdbb0d31c3dafccd23d
SHA256 5be4be7deae13b500a00050670a9f311048cfd0555bb70c0a7da2e3743edfde5
SHA512 c07c9f4353a910d3ca394b07ed9e8e6d3e5b2d025c9424a48405ad42c20346a902339ddd2d55a009857946518d13df8f53c64f15cf6ed150e03fb286a06c22fd

C:\Users\Admin\Downloads\release.zip.crdownload

MD5 06a4fcd5eb3a39d7f50a0709de9900db
SHA1 50d089e915f69313a5187569cda4e6dec2d55ca7
SHA256 c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
SHA512 75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

C:\Users\Admin\Downloads\release.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3bfa8b14843ffde9a856f07596885d16
SHA1 acb8251c1ace7522afd585400c8945ddc38d55fe
SHA256 88b75687f7fb2ee7ec48cb7189cdecb749ea89278c44e6824e0d3e4211f3697a
SHA512 1ac560998a2acbc2f1eb398cef29676d25854163f9479f2f8662c1a4695e1322fc82027abf16d0b7da1bb7f0aacf8a6a18b22d07f61969737da9ae9869c2a0ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4503d3c45a6f5f814824b0b35411e505
SHA1 cd2df6bf5cd2519e980fd2ddf8b4fec37f5673e1
SHA256 a661b4ac5d9b5ae20cca35b277e6b4032949e0db96f6c1c9ef1c3f4522ed41d9
SHA512 03bb01182ba272777b0e81d86d777022c6a7a236012866da787e6f28cbe3ac571ed4a166eb88806eaf7cae0dbe5ba8561abb380e48f8cde6ce904a7f9854e2a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 409ef5c6eff06073643daab865d25e11
SHA1 a24566710ba6e4fb1dd0b5e85008e3bf6399ca44
SHA256 5a5c4ff7544d6b9c98fff65df686f2c33945a1d0b0bcea70ce0a7edb92d73f7e
SHA512 ba67ca66d38e384447442780507ccf03bf9aeea5d6c314805b144ba367b15e3eb44ee8b5aa29310bcc0e67e79b0ce31a6138e0c4653fbd45f8ddcb8dc9530910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 610db0446ce26e0aab806d87834678c6
SHA1 90cc2a7c5ad6696893a41b22de5fb1fccd8c66c2
SHA256 bab77ab6f3be917a4f8875c2b45f10cbf456376882d19dea8d8c97083ac65cc0
SHA512 f3155e32ffddbef98baae67444d6ec5ef49b95199a8b5a4c4903cdc4058880c5f575a61e072a85a709cbae4f3404eecf7351362d0000473ee1c690f56b8748ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0bf32b6ccef95e287e22aa0707d70ae7
SHA1 b0282e402229feb32f4345977cd675a4d27d9d3a
SHA256 785058197e3b8c7a2d33318da7dcde6626ca0998f905fd5cf9abc85ab955b294
SHA512 1fccb592c5f4af6ab6b48e1e442f874c2c4ff42056c5b989af69ad6095d0b27989ff0fbde0671e23f31338fe10b650eb49de3334e3aea453376240b44f8f707c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588884.TMP

MD5 d6eedde3c57f862647329564f97ac6ea
SHA1 7047a0f0f8a6c33c2f22d974daf854735ce67864
SHA256 29766c74781908849d0ff894ccbb2abaf4526a41e0916211bbb727dff81d3319
SHA512 abf0f46f45d98f03f71daae0dafdb0d0cf6b94809cd3717c77f037e9f9d1340cfaaa20743da9b6b5a29e3f72ad795f23e750a521bdfd9ede023fd1df60d58f4e

memory/4836-189-0x00000212DA320000-0x00000212DA338000-memory.dmp

memory/4836-190-0x00000212F49D0000-0x00000212F4B92000-memory.dmp

memory/4836-191-0x00007FF865730000-0x00007FF8661F2000-memory.dmp

memory/4836-192-0x00000212DBF70000-0x00000212DBF80000-memory.dmp

memory/4836-193-0x00000212F51D0000-0x00000212F56F8000-memory.dmp

memory/1008-195-0x00000000005A0000-0x00000000005A8000-memory.dmp

memory/1008-196-0x0000000074980000-0x0000000075131000-memory.dmp

memory/1008-197-0x0000000005670000-0x0000000005C16000-memory.dmp

memory/1008-198-0x00000000050C0000-0x0000000005152000-memory.dmp

memory/1008-199-0x0000000005320000-0x0000000005330000-memory.dmp

memory/1008-200-0x0000000005050000-0x000000000505A000-memory.dmp

memory/1008-201-0x0000000005320000-0x0000000005330000-memory.dmp

memory/4836-211-0x00007FF865730000-0x00007FF8661F2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 74c6f7152c5de3a157ed5af455131c02
SHA1 14eb0d0aae122e9430ba6e8b8f114da0caf62683
SHA256 36c1e12dc3fc50d1a9026aa2e73e5b1e5c3abaf6a3bd5cac5104e85cb7f6b502
SHA512 21cfe6e4f58c1db1ab21ececc75196106bc9913b8b59502166135a325f495827f8636498f4e019c0212a8fbd071166909ea0f7cd0cb4577ecf14c29936d22a9a

memory/4836-221-0x00000212DBF70000-0x00000212DBF80000-memory.dmp

memory/1008-222-0x0000000074980000-0x0000000075131000-memory.dmp

memory/1008-223-0x0000000005320000-0x0000000005330000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e4c61eea5fa125399b22f264e601fabe
SHA1 b58be120d631b24c70d554e3cb5944ccc72c9e5d
SHA256 df97b03840ddd8ebae97fa66a65a35c43e54f7002c995357d260977e229e4e76
SHA512 10fe3ae33f509e1fd539d7c69bdbc65fce77879e97168e188d4dcea1d80765a1ad2f87116a855327276baff898a1de0b66820e61b57aaa4566ea69c86bc7d769

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1198d6225f08ee75e13489a54acda8bc
SHA1 fe47a7c6431cefe8f5c5ecdc23efeeb3b5ca30c3
SHA256 03f27c3fb165d871847ec46ce868446b9f7391c378e291f5efead281feb41654
SHA512 2d559c33f227fe6d4a990dd1c470dd8f03fb994cf5603efd85f2a85a96dea77b3309600123ff585042c9223af70a2bc37155f79d94156a65e25986a9aa753911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6b13bec77d8eab53a9867245b9d9d5bd
SHA1 4ef409bd7f2a4731c06442aaf32822701c0d7370
SHA256 458b829df199596a47b0291acc81fb98dd53abff392d0366f62c380dec527666
SHA512 2f4aec2c14722e8ad25ff46a2264d12254260304b894dc0b6cbd1b7854ca2a16286effece525312d30fb17643b79cdfce9bd5a2d76f8cbc3f4b3b6a394279ab6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 86e9c46a44c4f3e7acbfb89af5b4459c
SHA1 63488adc591f3ce8fa1791ba74209317d1aa1490
SHA256 b5c2c4067ae776ff92e3af1eb2e434389ee12b5283d7e8d94db1d360b3c6d087
SHA512 9cdb058afd3afed1c9a1859af664854dbebe52f1a311adcdd66e9b35606ae083a7ee3b5dce0b13c90bc65477a97718a971ee8a77db5821f923a6f7ea71787dce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d785857ee17bcf648a64c7e5ebcc4301
SHA1 a563360780acade2394f6808c4fbba812bc15e98
SHA256 29956e88776b3bcdc2fd89b0d2deb43f7c0846cf9af5e2da6321970a6fc0964b
SHA512 237d938aadadf73fd3de04b8139823f88675a6118a2c3887d2a7846a1c963757a7dff8820c744a1d57819410ae51bcc188ed72ec6cfc032854f861a2ed92560a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7866b1ec39ef5e0fd984b4102db43298
SHA1 c6a3ef692a4bf58aa641819783c4112658d67e97
SHA256 668c46b49a3300eaff59b6d683652cfd32d47f9aae5951d1e3f3524ac9f48de2
SHA512 dcefab499c4d3e9521d56c08a9a347be4bc84b1537d9cd8bfc27b2d09d442a221f8659594754e1bec3b544ef0aa052dd3c2a1cc8796a480924a421562ed285aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae9e246b8e93deac3fa571a795ef202a
SHA1 2c9403a24c20766d11cf1b93999325d468737495
SHA256 79f3dcf7f8359b8f60f8fb1e32bfa49cc2e29e9e5fbc6c2bc5cfa80f4ad27d38
SHA512 109e3911680ef854aceff86fbaecceb949148b5ce992923ee4929c15da9b86225071e29cf8399e68cb294fad235832f1a4797c5a4d3809a02519f2eee22b8ca5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9258c202c28c312c76c454618fe7deeb
SHA1 634df32a9a0f61cf136ce2e569df64842e27f084
SHA256 beb90d90cae793e8987102e8fb866db8710f3e86d2086b558aa61e17ca8c64ea
SHA512 aa0f72b2192e0daf06efdec899491e34ae49879a9b8c8730914ca3d9e027bb9de5788623c1a3d6596ac380030136a8c26617b685cef8bb5f8b2739785e8c43eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 cda68ffa26095220a82ae0a7eaea5f57
SHA1 e892d887688790ddd8f0594607b539fc6baa9e40
SHA256 f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb
SHA512 84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 75b342b1dde577c841dc283e41f7170e
SHA1 4de7f694f0689299b3a971aa176d592ee9b7d19d
SHA256 5143716e86f95ab6bb31b0793be6b0e979580905eb6658c52ff33edf6f564fe5
SHA512 d1ac62c2b0be87309507a596f4ed2eb55051de86370350f45bd7861840498d8f90fafe2273c9f18a116850cc2a284bfbfada7bc5eef27f12edb04ddbd5011668

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8cf6e8c9da0d941fa22539eb41b550d
SHA1 f60cc30a8e9fcea45fa1f6b01e6d30498bf2e14d
SHA256 7b4e671bca9b824fc788b558c467f715c81bc5f7ff27faa290898b828418f261
SHA512 66603d3e5b7dfacc3f72bd2362088f55d7d1cfc997eb06e32e10d5957c349df842e513a07de5dadec7fc0b9503a633ca22b51dd82c5cd8785081e468c9368243

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 417ba634848b946d4fd50a0a37b891e5
SHA1 090dbc7035b311976b8754121d41714a9809ea58
SHA256 066a85a47347050b4e2278cbea2f2a80fd04c92e0df0c72cdded0cd90ea46d13
SHA512 218f8189619f7324f410f332d0e97e3c74f496d353537daa1da39710ce2d3b2123ba313a4bb60d4e60fe4c5cddea08dc5fa77dda360f9b2f975c6de5af040e70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c72cdedd106f2b9cea5be670cb5b5053
SHA1 d4b4c9ce247dd65362aba7b20a741b59b717e423
SHA256 19512620ef2690ee46003089bc32e39a5d509711ae9cd0a67279c89eccf87d9e
SHA512 c4707c9d2f407a73b71db0773fa2532adc23c52cbc58ad32d7d8819dddf37b9b0c9dc7e80ab2d152a0d79d10ed7a0f5077b6019fc2dcc12996ad546966c3ac03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383