discordrat | 712a42256cf7c2f28f3830dc2f75ee733da382fbe9d5aa16c6d725e893309e5a

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

33f218bd11394698c4448e7ffa84c254
SHA1

f2a05b616b318007daf0cde3f938a706aeb27cde
SHA256

712a42256cf7c2f28f3830dc2f75ee733da382fbe9d5aa16c6d725e893309e5a
SHA512

94f339fd837b8529594c76c777a12da45066a99c4f047cd124d8465e3eaef7029e75a625eccf68e91bdb29c1ad2b827faaa005306de07fa28898f2dcfa6b5866
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0Mjg1MDk4NTg3Nzk2Njk4MQ.G0Waz3.y89y4wvxDnICewngCCu5gBaewpajwh45av-jE8
server_id
1242851356293992600

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
295	discord.com
297	discord.com
298	discord.com
8	discord.com
9	discord.com
25	discord.com
83	discord.com
84	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609496628399447"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{D2F59B68-D9D3-46F3-9847-4D6593A351B0}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4504	chrome.exe
4504	chrome.exe
1588	chrome.exe
1588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4956	Client-built.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 4840	4504	chrome.exe	99
PID 4504 wrote to memory of 4840	4504	chrome.exe	99
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4372	4504	chrome.exe	100
PID 4504 wrote to memory of 4476	4504	chrome.exe	101
PID 4504 wrote to memory of 4476	4504	chrome.exe	101
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102
PID 4504 wrote to memory of 3952	4504	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7141ab58,0x7ffe7141ab68,0x7ffe7141ab78
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3592 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2360
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7f110ae48,0x7ff7f110ae58,0x7ff7f110ae68
    3⤵
    PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4140 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3384 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3260 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3952 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5408 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5672 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5996 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5992 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5452 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4528 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3468 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6628 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6880 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6948 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7152 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4796 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5044 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3436 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6396 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5444 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6068 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5632 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2300 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=1856 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7416 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6380 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7164 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7724 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4228 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2684 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8044 --field-trial-handle=1876,i,14580228442727107149,3660960791725469919,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:936

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x508
1⤵
PID:5976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\73178285-e155-4e3f-842d-79f9e72180e7.tmp

Filesize
16KB

MD5
c0a067ae4d059981818d99e29bc3716d

SHA1
0ae7d4378d2f8d9e95ece42c01259d7574c85673

SHA256
30acd247f574492d7adcabd63cf99120fcdb52e570031a6de053d673c0d611f1

SHA512
4fe9adcbf0b564ff0a2c903069017075451c7ddf2515ae9eebf7715fb13c636fdb5b05f17b1f0a81168b1e82f4dba3b8fa6ab34ff3c0de5270bdea81f845b58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073

Filesize
29KB

MD5
852b0b2c2d8124eb0074ebcd068910b3

SHA1
d5725c2f174673a1a71d22d54e36c485cba702ba

SHA256
4bbe4f392079c9f4fea1a49a2fcfd9c67c2f55ed93e55db68ab050912855e06d

SHA512
5078fffab1191cd15220eb2d840cb7feb4bce697b11374a3a856f970496dffe3c01d1eccc8c06dafaae171274efbae052a89e4d57d9ff1149153269e31e71dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c5662f35f28528c76e94be876fd598cc

SHA1
8c3ae9490d43a357b042a7a341bc4907b16d4447

SHA256
61ee87d05e40d6c6ca75201cf4b5f5de8fba9edb5b85d70afb2b34e36e0a5c64

SHA512
194d0aacacc55738885fb29c6cd604bbeb8a1074ce8b044c2d538395ceacc54eb9f79b779989452daef8edd4d8fe65a48fc65cdcb89c7d775d17b57b01321e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
da2b110366b91834718ea64cf4c9d89b

SHA1
87a6848539623ea12afe00791a25543db755c9e2

SHA256
48717d129997b01a2a08cfa7593a95093d1e8701e4e60d7938f8e6fb6dff4b5b

SHA512
6efa95407a2038d34443ddca38bf6b26ac05f095505028235bc71342bb6f45edfa28745301a50bfa3bb707a604545765c793bcdbd8e77623ad727bf06895d924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
86472f3dcbfac6a5b22b47e3b409ce6c

SHA1
7992a831206d6a75c0885ca2eef0a14b30488068

SHA256
b27e06a3bf0aa74a4c80285bdee9a31e8fe8900abc1be96ea7aadb42dec0c869

SHA512
1e761f02532581248e679b04fc778d0e4d43fa3bf7de83e5540e39a82a2f59c3dac5d80478b49b656e4f91cbe477d503ebfa6340a729f748a4550796f05c8c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
112395653089c4f5fbe23a25898b58a2

SHA1
de276b42e957ffc8217d68e85b696fcbb458630c

SHA256
af79f77c0d2aa6bd9e67fb642abad5d5f2e28936adceef8fa0485619e13e9a18

SHA512
50b0607c27ec02fd7dcff8c65c1254d8abd351d757490bfd9f9ef15c639658fe05d9832cb6f9edad75858d19662576df90b3cea47ab4dbfb12f5062ddbddf14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
61dfb5aad3582deedd11f543fe516100

SHA1
d4dd0a00b28cb5ceb3dbbdfaab2814a83eccc74e

SHA256
298097c5208c170963e060995c6e646bc19c6185e14e22681f4854f0bb963ce3

SHA512
2d460f7cadf25b4cd7903d7ac1ee79480ee8da45ad16e0a3d5ecd0c3501fd7ce2490ac62f7d7bcd6c4a42ec3fad2af32fc4e0689185021ff5664b6c0d1144c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9be31c19cc280db6ab11b723863ddc71

SHA1
a4e5f0331f85e1a1124dd83f448ecda30554f456

SHA256
b89ce583e7b212de84659eb2d2e391c493c96a3d901efa8e26426d60e9a13656

SHA512
798be880c825b42e38f96e2975fc3056495ca59cc4888d99834309d198526681d03aedcaa5f5ee752d5c017f3478058c97ba751bbd8cb68cc2b5d7b4d3118a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e9a2b00a69e4150262f3d9d6047d65fb

SHA1
838a9aa9d7d4af7eab8f03b27720e64efc943c4a

SHA256
74b4ffc4c5530d566ee234dcea949407128772cd4ae6b4e26128fa2e91758138

SHA512
ea5f986a37b301b7b77b82ab7ca19571cabeda7cd58bfc676c7ea06d8cbedbf4ab61536114ef831d8c8d8174130a7203e1fe0926fcf9897800fc0777bcd508d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0c8a8e74b805ce55d32d0dac136bf6d9

SHA1
dc2c4fdd7404be2cb698c683955bada83e606043

SHA256
0df7403cfd4ff815b8e98d226585cba802980a279b24a9f035b5bdb9bd698c21

SHA512
594251ddbef20e54675de9c3883a79aac7912f4982be7fbf72fb7795bdb0462e7251beb9e10b371fe56931ed992333a0516a5a91a0cce8559180949b90b69093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
886250f258411f170c73ae9efa3c1397

SHA1
572471f66cb560bc69968b0892840e993118c281

SHA256
9511882f262a0429e04b838164afc11953e1c19cc8a7366f67d6d490c9edcbc4

SHA512
c998a5e5c880d225a8b06df742e375c91ae0b962712d554cc57199c5485e3405fb1e6bb21b1d2c353cbf69a5b2ee51effaa4ebff67cd3dd447826cee7d20e963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
89dff3e8aaf02f47bd308b8a6f83207a

SHA1
fc96ab0cbd9c064d9e4b7ce768131cd0962da195

SHA256
3c330a70a69c780d7598cffc8a8abfd6c3b67906b6859d216e389b00644de383

SHA512
77afd08a26d706ca6b5f4b02a87792bcec8bb73456c8f834332d369487a7abb0e25b12dc4a07760bf9206f04a6bd2a12e0b2f228b26f1ac00451255cdcd4c91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
64435100be6b5f9ede0091aefda66be0

SHA1
150fddffa8c861d2e5f517f152b2bd617ff28c51

SHA256
76ca16035176cd4edcc5924a794c56125fb6dadb527e1390aa6fa89e02d16060

SHA512
4cb3482dd3fd768f534c19b44936bb7b1349f830e6c0bfbd400832940f950c556b7c183c76e5c22071d41e47f1a9e1eabeb818852287d110a930eb1d3f05f9c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
772c00c68e05fffc2e4189edcc8bd4fa

SHA1
35fa10f2ccefd84688ea500fbd24d40563230af5

SHA256
9f0c9d8e8f42cead4451813d1f2b328816960d6812ff9ca9996db28ea283bd95

SHA512
69913c95c91c1b742362edbe19247f6f3748484258456bb7c5eac01c3897f17493b23dabfba054e7ed209e9a2c24ccaf1884a7f5be038a952b0d1a5e3a4a571e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
21efec7ee5782adee92bf37031124c4b

SHA1
85f6996a19be50d000870b8aabef3ec5278dd331

SHA256
e940bafcede3ffe1807d2367a9941510e576b4b8b0441c9b074058af8266d55b

SHA512
cb719d4947a64e987258ae7d6e996993917ee829718ead1be9c1feaa50d28d961306993418a7671f1eeb94c62f379a27d809743c39059af4265225f7dea995e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a8d8c09806f6ed6f47187388d37725b

SHA1
51c3fadeea61d96e2f6f033e864ef1e5dd704c7e

SHA256
4ed2226bc59ce5abb2f2e4cf8e9d1f1ec27f08ad7229a4e8b84c192cd7d152af

SHA512
0b6fb4af9606001d3df942080e54668fe9ebaef6650b396aab16eec5628b87231db47cf6c3c06230c940b2a625293ea649e8faafc401e51028f66181849b771e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da3d3e19bda072b7c87a9d901381390d

SHA1
630964bfbb83c0f56b143d9f4515c2b6f3131730

SHA256
95ac718ca7a46fba20291416f0e88f22a46e5274b2a7ffe145dd9416fbb74eb5

SHA512
4ae9e051bc722c049e263d161a0f812b0256fb6caea2a23b7c1e78db8bd2f224b414d71756da61a39ac42316fabd776c3cfaf2aeeeb314ab5e46588fa14f8eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9727a3f53afec304f78ec5b4057f70d1

SHA1
791e9d7f3243761405a0a5e724614ee7b817ae16

SHA256
d7665ee71d692d4ba40cfeb21a0b6ebe2626b9b82aa1808953220b7d006ed929

SHA512
797fe3913c0d12394da4759c0f3d65c9bb399812f43e1d94152612cdd968297b872db28cbae265747ffb5ab06470b7a97118282126376218759444f7e6aaa8e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9010d82f0dbb17700fa567789dc3f9f6

SHA1
896789b03cbe08a7b267f421ca783b4ab7a91214

SHA256
84c3a24ec3b82127906698f1c7135c8ba312b0fbc8a50f3f36feab9f626de903

SHA512
f6b01a1c59bb490831ec16b316346b1e74071d70bf2f4d9e542922f8e2bc16b06bded9854ef1a0fd1b925a31175b5153ed428be32243af889a6f8b6318149d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
91fa5886cb64e6553fed84e4883b3774

SHA1
53b7929bf9dfc20b7225c0be655a0cabe3b7d0bd

SHA256
60a3c79c8b1bf2429fee0d05d369095963da68e24c22c6139ab1c5875292dd55

SHA512
459c96fcc22caeb9d04f7831f0761f649c1e3407cd3993070f69573690c796a695047af502dbbc1a630f504a2ce899490c33448913508a4a7f46d806485ad2e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
87bd13eedc7b01a1f71192392a44a812

SHA1
b14c0dd59aceb96c9ba8f602df2bc489f60049f9

SHA256
bf94bfe69e25738996d13974073c7f1e5d0fb2959bd8a954eedf7a8a850c0542

SHA512
ced2d7bdb1b2eec86b8b0a9efef4f167d1789f85823f3407bd93535f34a5c38c1e781b1725b62c81f60b75cc5afa3e6fd38fe39defecbe0c45e42da164f1352f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe581bb1.TMP

Filesize
138B

MD5
5c2179b4ff936eab3d1bf7373e8499e6

SHA1
bca25b37e53a8152de9c5db85631fb5a75a32250

SHA256
ddcdd73a8f3373de6481ba0a590e7097a4b08425576cd03cca337776e6a18159

SHA512
c3cda6aeb8aa473aa72774be7145678b296e20ed8f531b65000caa25c173a7732b504ba27dfcd24cd19467ae6386262884e99f1fe3a388694aec20ce1af7a2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
ca3702436e65ee9a6a4d3fe839c79b0e

SHA1
11321b7f7faf9f9796a6e3df57df5bc57200fc25

SHA256
ea9493d8d8672a39311c7c760abd8b348cab329fcbb94a530b9d702bc5e17573

SHA512
7651b8ff416525f87f381d39c770a9e04e92d4a89467650e6a76110637172ceae346170f818c5626f74c66b2a6964ff8f83cb30cd4e291f1c4e5c7b04ae12cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
fb300153f1d573d466b7b31eb4f8cc4a

SHA1
d975508acb7f1ddec292bb7eab1f6d932c897ddf

SHA256
45e6df5720e0a716c0f7a992410585c20e99b2794dbe0a32b7c51b9e657bd947

SHA512
3549f505c857083468238c97d1eb80b2b13bea063b1df86b9126bc8e70bdfabf0658680fe170fbaf07b67aefc8d7a80648188954c80da78930afae6ada5170e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
d6c9e11797312ff854cdc1b330bb8319

SHA1
ccad8ef81e5c07c7386bb3d2e03013b65458fc44

SHA256
bce5e20c22b7f13c242bb0c8421e81240c57d450a417af92ff426018d85b6ffe

SHA512
585ae2ba2ecad0c3343b578235f78a33736d1c1fef1e638970f1e279d8205a534715b178c1ba43e0c76eb9a6827cac342ca3249f3adf02e03fe50329c4ee4e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
e1857c78de98797f1f1009aa11c5e616

SHA1
3857c214c514dd3cb4960c2bcc67e18a05998549

SHA256
7f21aa1fe4f54d607410d38758626ccb3e165cd838438aebf4cd8a27cbd53406

SHA512
78eb30e1c41bea56408a9618b356ac4e1607e9ed6e0d43029b0a1237d8fd698bfce0502d89f1b43e03c38973cf128fde003726f77ab46d6bde1f98d8781f852f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584716.TMP

Filesize
89KB

MD5
2ef365b8f5dae097cc6ace37ac7d624a

SHA1
b56381be2e081ba6ee0a142f0a4ef02f77209eec

SHA256
897de9d739ed8f6a58acec9fa4ab51c3f6a4199bd8dc28fe859b953c577c1130

SHA512
3867a455f9bfb2268eb8df29edd73f953c420cdef1354307e1fd9bff36429e9a7ce3cc6149d84a941232160357028f6687de059d2519d2ab566e4073412077aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4956-0-0x00000262FFF60000-0x00000262FFF78000-memory.dmp

Filesize
96KB

Download
memory/4956-6-0x00007FFE778F0000-0x00007FFE783B1000-memory.dmp

Filesize
10.8MB

Download
memory/4956-5-0x00007FFE778F3000-0x00007FFE778F5000-memory.dmp

Filesize
8KB

Download
memory/4956-4-0x000002629ACA0000-0x000002629B1C8000-memory.dmp

Filesize
5.2MB

Download
memory/4956-3-0x00007FFE778F0000-0x00007FFE783B1000-memory.dmp

Filesize
10.8MB

Download
memory/4956-2-0x00000263001D0000-0x0000026300392000-memory.dmp

Filesize
1.8MB

Download
memory/4956-1-0x00007FFE778F3000-0x00007FFE778F5000-memory.dmp

Filesize
8KB

Download