discordrat | 5f5394d5a24e19d4b41d3ba6dc25c0b0af2bb0455643c8b4ee67fa777d189d35

Analysis

max time kernel
437s
max time network
450s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
23-06-2024 03:41

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

9a0a67359726859aa8b256302b46a5eb
SHA1

863932f495479b079445ad2ede8c653b3f0694e7
SHA256

5f5394d5a24e19d4b41d3ba6dc25c0b0af2bb0455643c8b4ee67fa777d189d35
SHA512

4cf85b7bdcd3d54ed7cdbd3457bd2d1d18030029e61ff79d1c655e97011cfff2e22fcacbeff297145d1f949073ccb78d12ceedb33b5063a2901d58242ae303a9
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+zPIC:5Zv5PDwbjNrmAE+rIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NDI2NzMxMTc1NDMxNzkzNQ.GxrupB.3WkvmsxGmbImJRlKKkIbJ20QpWwLFOB-YbSfVE
server_id
1254269611520823366

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 19 IoCs

Web Service

T1102

Processes:

flow	ioc
303	discord.com
304	discord.com
315	discord.com
1	discord.com
3	discord.com
8	discord.com
9	discord.com
28	discord.com
6	discord.com
13	discord.com
311	discord.com
312	discord.com
5	discord.com
10	discord.com
298	discord.com
7	discord.com
29	discord.com
50	discord.com
314	discord.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEWINWORD.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEchrome.exeWINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133635881798591229"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings chrome.exe
NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\fortnite aimbot.docx:Zone.Identifier chrome.exe
Suspicious behavior: AddClipboardFormatListener 4 IoCs

Processes:

WINWORD.EXEWINWORD.EXE

pid process

4532 WINWORD.EXE
4532 WINWORD.EXE
4396 WINWORD.EXE
4396 WINWORD.EXE
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2320 chrome.exe
2320 chrome.exe
4636 chrome.exe
4636 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\fortnite aimbot.docx:Zone.Identifier	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

chrome.exe

pid	process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built.exewhoami.exeAUDIODG.EXEchrome.exe

description	pid	process
Token: SeDebugPrivilege	3060	Client-built.exe
Token: SeDebugPrivilege	5072	whoami.exe
Token: 33	1756	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1756	AUDIODG.EXE
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

chrome.exe

pid	process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

WINWORD.EXEWINWORD.EXE

pid	process
4532	WINWORD.EXE
4532	WINWORD.EXE
4532	WINWORD.EXE
4532	WINWORD.EXE
4532	WINWORD.EXE
4532	WINWORD.EXE
4532	WINWORD.EXE
4396	WINWORD.EXE
4396	WINWORD.EXE
4396	WINWORD.EXE
4396	WINWORD.EXE
4396	WINWORD.EXE
4396	WINWORD.EXE
4396	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Client-built.execmd.exechrome.exe

description	pid	process	target process
PID 3060 wrote to memory of 4980	3060	Client-built.exe	cmd.exe
PID 3060 wrote to memory of 4980	3060	Client-built.exe	cmd.exe
PID 4980 wrote to memory of 5072	4980	cmd.exe	whoami.exe
PID 4980 wrote to memory of 5072	4980	cmd.exe	whoami.exe
PID 2320 wrote to memory of 988	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 988	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 4024	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3104	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 3104	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe
PID 2320 wrote to memory of 2344	2320	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C whoami
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4980
- - C:\Windows\system32\whoami.exe
    whoami
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcd5bab58,0x7ffdcd5bab68,0x7ffdcd5bab78
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3484 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4872 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4784 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4060 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1544 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5456 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5568 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5592 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5628 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5364 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2860 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5784 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5620 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4636 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5876 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5976 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5772 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4884 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=1180 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2692 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4828 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5596 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2588 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1816,i,4715427635526766418,12686147405168437963,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\fortnite aimbot.docx" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:4532

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1960

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\fortnite aimbot.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
f40b4e4692f6a96423dafcbf5ff89e6f

SHA1
9e5cc9c388de3212d974bf7a0106126cf38c89c1

SHA256
378cdb654afeba1c790fab544a148bd30d4317e68e1b9cf8d73a001eedae2ed5

SHA512
de91b6397e9bd5f756fc6641ffa04c58c099db030ecc7d6990521542c8b92bc0c6fee71ba351a0ac2efd9aae1f0ee2353dcc32032fa819fd529f7e36795faa4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
3ac0940190f50b40d4ad5beaaff6cb4b

SHA1
25e6ddc0e65895718c948ce1fb1341c85139ee16

SHA256
91a10fb1dbfe58f66ffa25677bdcda28f823f9978cd4e3c83f77fbea64673688

SHA512
7605197a7f744f98a62cec042447a1fbe99e794ce51cf600a6fcfd9509e4a83642ed8f66f3787d742331832f1a8df8827f29598c54cd76fd42814d68a52a5561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
caaa5222d179a24ca5540080c7018b99

SHA1
1f415a7a73a12a4c16f25709504f4e4e4beae9dd

SHA256
b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf

SHA512
71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
69KB

MD5
921df38cecd4019512bbc90523bd5df5

SHA1
5bf380ffb3a385b734b70486afcfc493462eceec

SHA256
83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f

SHA512
35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
328KB

MD5
5d4114cb033dd9abefa79daa8bb1fce3

SHA1
403170941671bb5c568c2a535cfc5d3e0c6798f2

SHA256
6d6e9e73e627d6becbe74b55cd632ced17a11df4e70a99ea305e76184e13dc2e

SHA512
8df0ac9df4d07c8d5572e5cfbd94f1d30fff4a8346bc6807f864550c78fa3293595eabdada7e669192d6b0fac47c06032bc94120ee9a3d4445791e865b54bd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
105KB

MD5
989f75e894f728b36d6b1608a96fb908

SHA1
c5c82edad1b5668b151799a74e017a16732072ee

SHA256
32a2da14d39f556bcd2747be3b2599227b6feb35c4e06d5ea5402c03562b4d1b

SHA512
8f1aac4b0841caa18302b2313629ce7002d251a4e4e2f2839a987667501a43f2785863c647dd87139a3bb866a103aae2fb423425e258bb9ddfd912f499b7b97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
18c5b6925d871a290210c87dfa0d5953

SHA1
408c8c880c07500429091d80bcec7d2f0c16995c

SHA256
85848d56e74d4240dc416524e9e2cba13b31f19a19f05f604f3c8adf71b42c46

SHA512
77312721b678e7d8bd2a8494fb97b5d01851c7d9a9c2c625d3ab54b1aa8b548200bcf650aa979df4739e58711fcc3ec099f6c8de8c7766fa322153bd0e4d5269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d43027b022d0deadd13503fa32b4cbd1

SHA1
9bc33a675d41d0ebed0bbbe5f7f95ddcd8a5ed28

SHA256
493b9eb7146576f45590ca13638a6fa9337f57fb20281df61d5230000eac99e3

SHA512
b79f0e8d292382b794ee2c2487ca2f3c8b98850dc0f10d60af602bee2926946b2190aed4309c20137b0da1c28768cc744647703e117d7ea2fd029c9f7e46f2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
d957021ad6532026836b870d9df13dfb

SHA1
3724c239ba2425b7641185b1cf44a72b141ae9e8

SHA256
4f5047ecdaee9f64cb7817e9287a3eac99351bf970f088de85bd7a7ecd198ca8

SHA512
0ea885b522015f5ad8ae118dcf84f79342338f9f48228a577bb21e2ff2e95595061d9b0996f4df020036bdd3a01d42c40fafce496e7bbeebc608332c4d8fb2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0f3b5342b4e073505f3c1d5f2e85b3a4

SHA1
5cb8f59c4ca48019e7fa3c51da532e17a69578c3

SHA256
9d116a181a9ba10573877839b178ca8bcaa34b8368c64da7f6c546c7fe23a558

SHA512
8430163f1b09eba4663284ead543ed0674526a65e0e9149cdd7cc2ca908aafc2bd659496fe27988971b90ecb9731ed11d9a9014a11b08ec5f443cc7691696f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
f98757b1a60bda9a52d3021c5e24a887

SHA1
5d5156ffaac9651cdac8b8da7e7d7937899785ac

SHA256
16f05acfaa28aee2c4c1f48542870743645d07341fc5c946fb834ce4f393ef02

SHA512
d21864abcc2fb889c7d6f8f34749de6d86490eb80a1ee39ac065d2e7ac341e81fb194237a06410026713dbb4e46bd182fa6844bea4641ef6467df7f259b2569d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6064b774b496814780c4a4d02a06a8f3

SHA1
db5266b39ec8b9f1bc137cb6f1d439d57b028820

SHA256
61dd55b64da33179e0b08788967f463f79b5dcac4b94dd3586587f1681300210

SHA512
cca2adae6dad93a7a8baf1ca185c8e03c91746884605fe0163ba4bfc0a70ce563015c999435bd5823120d2360b80c1b37bbd3195e6bae69534ef25b8ce61e1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e411f4c3705164776bd66675268a018e

SHA1
9f7a2529442a7e265e88d119655a9a14f629a95d

SHA256
1448a8ca3f7008c0b5c894d0cbc4a64f0f982b292755c68f74efb128133ee062

SHA512
2637c06473566791663ef57c60d2f9b081d4644bfcd93c0d05d52dd1c4afab2e85ea606816086a289f02fdddd3f7f57939b4e092154a6ca55a33de4e1ccd2a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b57c133dce2dff9e08823533afaa089c

SHA1
d52798b1d9e246ddb2de406cdc9a1abdb450f47a

SHA256
b294e5eca3444540c56ae03cfb1ddb7dafe64c21b9287fdc650de01545a735f4

SHA512
6277441b2ca89be61651a0143d065031d70ffa50433d288557481b2bfdf5ec0d163063980a2a0130bc8020e830a3a92494417b5a2ec66dc955203708e17d0899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
c3b2d10f0d10ec9b45b347c3e22da331

SHA1
3b793a2dc83d9a9b202afabeb38e32a57ef986d5

SHA256
6783b4480c9c9fcc573612d390452485dcc2bd001798f2929eb8322e8aa81d6a

SHA512
99e9a83497926eee262123ebbd2c0b1f10635a1dbfb5210b4f781342d576ddbc237d8a7b74c523da26c02297ff4ac5f8cb55135a365d2f4f01e1712259fedd1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
823732ac16893d8185d37343ea84edc7

SHA1
d0c2defb52897013f6c7707dbdaef187b72a43a7

SHA256
7fb0e84ccf39e94d3257740cd06db2757224812295a730156933463a3c441a8e

SHA512
133dbaacebfa31f65cec69bbf0a97cae3afedddbfeeda8a1c41ac53565362b3c937ba3f320a9b552b7c1a9ef081060cc79f64caba8876575495b8b017c1b8467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
16eac2813e0ae7fa398d320bea04b14c

SHA1
76b4109018daa964a543a6483ef47d29d36c6a17

SHA256
5d6f15956e1d432e4f6d0ddee17385f51110389d22cfaa43b2c2fdf23aedd20e

SHA512
e8dab55324f86d9e58e38db5f01195dfe58c52b18981661ad822c3b16165fb54a750d06fa4e6a4520e7f253f68a2e1554594f207f378064ea8321071817be7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a0985a0696ffdb94363d3ba85b8a2561

SHA1
6a23b29783be9ccaefacc1944f2943004cee0a61

SHA256
4aafc08f822a37f544280fbad26b717cc298d0e41a96580d8581972240220aa2

SHA512
48f871880c3d61c2764c7d1a76831f4ed5825f32486404247191d4c4ec67b919548a50b235021ae482e939bbe78e473e9a3342d46ede8eea459be4f16ec373dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
51740698ec3c39730579aff8668be1cd

SHA1
766bfa09f13173b52364e9c9f37d57d7bb77232e

SHA256
ab9504e2a775e1e7c583e7be2d08ae0e543e3838d26a4dbeef540735cc766c46

SHA512
d5808e3623a64f674e83159d3a291a062a4a9d36dba0bcbe852fbabfac0c679d19f03c85bb8be4b15c3d36d6a1796d2aff5f114eafd27ba6021226e01c2e27fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0bc9b1baca151378017f687ef4c49d22

SHA1
9b0872b2b62ede7f220b997d7b2dffd4d25689b7

SHA256
30a7224243f6cabf906e473a2ba461459ee635b718a75e46993e6561236f3477

SHA512
9b833f05f741c4c118bb33cc040b1762e3e285a57170fe7c2d219acc87a98419aebff9c23cead258932b9c0ea0197f0c27da6f1c6ddedd6ee5cf39277984338f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e31622af627e6f2314534f63c3e4b201

SHA1
7408a865c20a93cdf4cd8e2d25b597583ed7fda7

SHA256
3e3eb5e15b266f7825a427b2b732e229a78b13babf45f6d1a501d1407606ffcd

SHA512
2dc97ccb69d6376292f49ee9d9e881075a4036c47e0147ff393d3e214fbc23a72601030aeef0db2e8312ef036ba1c82e187f91cbda1244cd8d4d54663c016660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba69564da995551c88e537dfc1dc0851

SHA1
f8366cf2305c781dc66e6d8d3b7bc3ea9bbcb806

SHA256
0ea7c6fffe5bf554c1e6ea94cc5ea226476a1c643c2f552e2f2a9c3b8eb4b5fa

SHA512
5d968cec0df5c0c74d48504c0c3c8a08d8fa9ee6e2a42ed5e6f25bf884228c99dc69e8a324888f21fa6429f0f5e7c31124e8583d15ab7f8a14cedc9f08a2ecce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6ecc3d882023b2b1646bc57bae5700f3

SHA1
40922a3309d3fbdf6f75b91f1067b1c1a05fb7db

SHA256
b582ebd75969976311939839d69a9bb3cc966bbbf0e2d28c102f1db21d50641f

SHA512
04d503e00f99a125927c58f0554ecf227635e13d227d57023c0b2cceebb7a7aeb0e2e664bcd94eb09fe8b6a07b6bd640a5658e93cb4d6429ee40e161fde9ff1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
204103d6040012d773a2566ab5c98e43

SHA1
3c341d1a7ca3e2c300bc69d576c67a0f849aed74

SHA256
b7f12db67db92ec05ade1442209c9b43d721217e13ed9ec903919e4a12c6258b

SHA512
82be97df4856049c8ea2553d3ac2e1ee49500327c1817955ef10d640949c10477d77c2e27d0c2dbb5d5d84f0e1ff04f717b8d8bb321d47c6f5526c5d43f61b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a72fa4e16e52dc7a5cf136aca8deefb5

SHA1
8a846039c2d309a30f9ff1d30f000aca4d91fed1

SHA256
a2c3a39862f3e0ff59a524e54973d6e582de04131033c7618b2bba0f2547b9f9

SHA512
3d3ae455fd6988ef05ad91dc3180bfd5964b740ce6bac98eb218c0a970d61826cbe09265f404c0ba16008735813434d3ba48ed54aced7244866bb1953c18e5ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1a9ce24cbde5a88bdc35a63fbe59dd0b

SHA1
ad81623df9dde636e360da6344be232f92179997

SHA256
b908e27394319c70192a278f580b9d9f5e32624e72e8dad885ba4dd9f8949d64

SHA512
80b5e99178713208e2ffe314170384bc898141feb593061eed838008f73fc8136957c787a9b56db9a783e79dddc9b6fcabb3d6f051b042e19b7cc37c4330ecb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edc165150e8bf78ed9ab01e390251915

SHA1
b2193e133f33af5ccb543e38506beb9cf1936c4b

SHA256
be7bb9f9a7d3fb29097e9f3f6589a81548fad8696bcc66b3387c12027486491a

SHA512
aec2c936c3d5645042d90e2245aedf58e93527b8fa33ca19c5fff75d46edbfe579128bd045bc5669c1ef28cc662757701e453adad2431bd975de5dd8ee7962e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ebea34f247c242cbeab73f82ed51ebb6

SHA1
c4343cf65b6ec1187aaf43b74714247d62967d87

SHA256
33665a038ddcd540f3326bd3db2c6255abe6f9e03e65ca83f29f00454835705c

SHA512
99acf215234f9c919219dbc5137ef4573cdf37884b4c42fe075a00b63d39b5ba732af6527e27727b89e136e5734fc53b86fddbcdbc0cf1973f3f9d0b57c67b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66a6532ee8c13653d5c57ec7a2e8641f

SHA1
bb3b44c9397d2acb5edb6151645ae032c7f0be7a

SHA256
c65fedd57b57ae6aa34bcd7bba50b93a8926efabf1ad5789c87c203aa12ba791

SHA512
a5c84ad56d40a3997fd4bca29cba4b1048a7ff49b6da4cd03bb55c2b209d65006666e65f14293d4274507bb448eba6d9539dbef4ca3b7789494766030e021cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a9fcfddf2c4deb90e4a490606d9125c4

SHA1
d89ef0f7956999642fc144e9b4d6919bca38247c

SHA256
6c83fadddb31d5ffaf34f8a79783a89e99a228ba813ca0336decfdad48a2cfdb

SHA512
2145135b903d44f7551c3d07486b7c5cad0553347a72d12fceeea57b81e806ba9d7018f84e4d8e87cf0fd1469ec87de8408a66a8082af7ed5b8d810fd7de990d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
f9ea4e309248d88719ad98484fcb47bd

SHA1
babb4b6901c406668bd0b21f3b11f65a26769a34

SHA256
955c4d57711a2083dbd0955fd857dda4e2bc5dcf45f7683d4307196833588391

SHA512
d1d32edb78b10f09b5d870ef475e4384dfc363c68ff237235308ea224f307c1df0a496f39b3892ca01c86c1a167d0be01ed45006619e434145f65fd77bf695d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
231bc26410235334e6fe38691c7e643f

SHA1
efde5a0ad0a76923b55040bd0e35c174aeac309c

SHA256
f145ca157c6b99f146980de3b7f8b4b893e183a9a22d476724962159e53e11a0

SHA512
a8c672f0727cec94050c3318fae15537b31b0df15a16bd19d5cb852c8cca7efc6d0a9682667a55dad4c661783baacc6e84f5f00778f9c33860abb9c04456c1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
e1f64e17b68ce2b2482f8a0457b68880

SHA1
6dc40ad0a67f21aea8d4f2eee9031a7362aa2fcd

SHA256
91b52b33888ba0faddd1168e32fd1ee907de1e6117f2b52eddf54335a34592c6

SHA512
547d316e3db60e652fe001000847fd641fd2c1e8d2258166c713631889a51e20e44dafa56c71ee6fef741f80c36494809d602a3c7d1accfb5192f9b1baae9d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
ce57dd6f867656dbbe1ef2147126c2ae

SHA1
2ab75d1c7fbe248e5cd1e7b1eca57d5ec32aaafd

SHA256
c01ba4ede71434b3eb505196aade2c65ee497552c767ab52077e5cc17d914448

SHA512
396b454b0a3d3220b40a154ef5a13a42adb53755c185088bcb1a6fbdc1ddfb39827dbd21ce5c3436025ba7e5028964ebde12200277f5ec5369f70e1cca1eb9d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
aabad53cda4891bad4e2797cf455ff8a

SHA1
e89f49f96c11936967f41dfe98a2c15010d63d85

SHA256
3b6636ebb7bb3a748d9417b08f56d0bf24a2ca1260d92c37878910cfd4c210fe

SHA512
dda403c9b92b6dfb58fb4d2c2b3ba3e03873209e84c72c4afbaf6da2bc675d8085a45b3cff4b75b871d2fa310aab9b469c8d341e8587860f46caba2c3254fda4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
f389efab8562a50fe70948196f73628e

SHA1
5593128363809cab9de4dd6443ce9c71015841a5

SHA256
b6818948964f224db9eae529611619f7c16b62e6e4d7f4fe454e7fabd41dcd66

SHA512
e9e27922778c33a17d0f8004c86c9421d3cf06c775cd728cd1aaf0aedcb669825952d5f706193063936840fcd5becc4d33517181f77374ca6ef14124e0432d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
6b7915ba212ae10c847b310c9d6095a4

SHA1
f4923071faf835bfd958d4cb4dc49b2333a7dd10

SHA256
16992ba91397dd0f3328151f1d1a5406875a2f68bf08e77683a833eb576a33df

SHA512
f17df8557c15eec85237ddaa533c3085bea9770c58765460ff355f463f790b486f7f930fd622be106fbef03d8721ae214fb82d2c76c9faf3e2d0fcb3ce6573e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
2f74097319c1a067d6991ab2e3966d72

SHA1
f880ec86636d07dbd1c184a6d930bc314ede6d43

SHA256
949876cad2fac74a111af4e970cc9792d16619da64232b55ca4e7aa6b4bb661a

SHA512
11d8acc8fef792a13c5981827f0b937e6fc7639496b5680ba7e308fcb460580fd974840adbf1517015ec0fbf98bad62ef44ef0e4659e2f22deebb95ef2813853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
22376a1f53d4f46c6ab3ade2475ba4d9

SHA1
573c0d67912ddc2bb7e16dcebf345016692d6d0f

SHA256
54e8842c6f9131aa0e3b20a0672d73ddf1ed2555ab93f80705d677567150180d

SHA512
3fcdfe8bfebb7e3d4103156e54dd07d953e01d1b725491dc4d5a1a6e5fde729f733c84814252946d67413d86e09da028ab191af157e3bdb91338d4dce0bd6b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
980b3ebd4fcfb36f5f6a8251fdb14436

SHA1
a16774d572347851d463e5c1a57e914e469e938c

SHA256
5bbdf45b23235d79b1fd4c4332a28cada3736cd81fb757f9dfbc875e3ece78b0

SHA512
c6339658a438bafb861d5b1ee32c47c6d491947ff41049f42d4b70581750f69d7773d7d7855a2ec162c59ba76a2cb4e4408874971c22c841abf19663b7c74b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
4a0e84b22c42c08d5b2cb524a67bf4fc

SHA1
e00136e496fce70552df5997c83809a18481d8e1

SHA256
38f567cc7f2f2e3d831090fdfdfccc1f78b046d624e027df455f3d2ee3717a2d

SHA512
2b3e669920b3eee9c7d93a7229a95e15e7301470e3c2e4379358eb4a351ee3b701ccf5ba3ed7de5a45c4b2bc61074bfcf991c9abfbf051bdb412eb71a4c6efb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a0d7e.TMP

Filesize
83KB

MD5
2a1ef12aaa65226d50922969307aff90

SHA1
513abba60cc02899766d8d18470805344ebb2b37

SHA256
91d462b69d0f954b64e9c475f0cf98e173ffe7b44b5fcc91b4447e21dabaf47a

SHA512
facef98af9927cc134a0f3cfcb9e89dd89be3e595a8f2e995cd1913e50b0d8044ed48ba28aa287e8cc12af7e492db159ff8bca22079c33fe0365c9953d2b461d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E1D1C088-701A-44BD-B102-D17468EF12FC

Filesize
168KB

MD5
018f2e9cd0308aec8b757aa05d2e0348

SHA1
6e47825700f9fce5f5f4e66b295177721e2b54b9

SHA256
ae6f4e484692498b20cbe6c1817dc5dac501a868ff5e81722a31f31de91972cc

SHA512
af00d38262eb09137f69ca55a1afc53321e4232fc8e9349cdf4376e599e898faf34d15e2c4244ca5361febebfecbaf892458b0fd53b5f2ef1072b05701e0de5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
21KB

MD5
990b03bbdd8bbd78fc11d63f56a5ebfd

SHA1
547b17491dadaa974a686d1370ab2916070888c3

SHA256
7bdb6e1f8b69afb3b0cb79e58ca5b0d06e691b54fc897032293e10aff38ec08d

SHA512
9b6736ff6ad9f9e3b5acd3c150dfddcb38b0cf569a0899aaa1a2dea46bd8c33b614133ef345b6caef6fd26fb83272c8205bd56be43d000d8cf574db902008d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db

Filesize
24KB

MD5
b00f3f56c104c94e03cd2ad8452c14e7

SHA1
51b78e45015e0d9d62fbdf31b75a22535a107204

SHA256
ba2b669020334ff01a85bfc900ea4371ea557bd315f154875d9bdfdc16ae8b50

SHA512
93e1609be5bbb414c285f37432ce93294c3d1583ef46c7c6c570c122f0b166c34b0ad87de708005c8af97dee27923ba53395a34c2563cdadf3c0a708848b3525

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\fortnite aimbot.docx.LNK

Filesize
1KB

MD5
834e27d80dad93aef8e7cf8f2433694f

SHA1
e59d4983dddff56d8a97bb68f31f27eb8d51001c

SHA256
f824b1f5e58c5cd0412c50ec716cf1d32119bdbe346f5d1b64c6fd7d8a948fdc

SHA512
6b7306e2dc055e44e949c5d1b418569e434a748c2af93d469f77a7b7d3ec98228f335ffd5a674f510813d6736d65e385267a9fbcd7f0432fa8291a14a57a73d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
239B

MD5
452c0042a8e87ac3ca01e9ebb9a2c897

SHA1
3e0d096abda1a0742c70e7c6a33a444b0f5b6dde

SHA256
b7587f47748fc0fa153fc560a78296b29b9ad396031f66cca9d8acdcc822f3c3

SHA512
9d894d1ada9d846b58cd38b136abbd7ab55fa8fef449a53cf35716b11575270552096be9c37c21c44ca97192039abcf41d22b2206c973a6d588120296332195b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_3CA8D4851DF742BC818FAF1349D5ECC9.dat

Filesize
940B

MD5
4b1e1d94ea2b3843028e35278193d536

SHA1
db13a43f7d35798526dd7fa47b5b758a5b1107ac

SHA256
836d8212dc2ba7f0d0a46af948ad52328d4893304e27d9788c3e11538a6c534a

SHA512
f40f1c02f16b0b3f9c6523411c9eb316eb0dbabc63f3dbfaa6b0f0c2baaf9cff6481417c21cca9b372aff80fdc797155f334fbcafb6b94c2f4ea1eef60ec6a5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0809.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
78034a6e8de00aa76b5f05609b3c9846

SHA1
5e05bb72f012a49f32bf30fda7fcc6f518bb103a

SHA256
9454769c9695e0fd7329cd77a6322ea7c61f522ca550b7f0920855b561226dd1

SHA512
bd70150d5d4a4cd273b30c4707ce81bd2a440d9bfe92caf54f95f2e41d9310f350c901c33044844d6576e618572ecdfc290bc99791f9c05127aecfe245d38771

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
98f0015e532ec7c6c690752f1870295c

SHA1
6b70dd62110dfb1a42f88b64d16a56f10eecdc81

SHA256
28d7695657d7252d8ecef47fd79b8b950663fb7b9668d54220f2390230b0ba4e

SHA512
8778cb65d5d986b35a3ceae8a544c1fc2dcc9d853cceb0a8174c6943608e4369fe95cb54eb187f5b7ea95cec3c2392bbee2ff6ca66a9532ac066bfd2079c7607

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
1c18f1119c1dba66392ac3da2961651f

SHA1
86308323aa6a7fa879495df25a376380abf5d776

SHA256
1723a5a0c95d70336642e9abd99951b98a6a90a2e5df5da6ec4a32d819e18689

SHA512
da8d7eee3f4bcef10c8b3dfc6d5f781dad18e95189227b33ea60564e9295a29764b19c86dc8a3179ae8355c5dd262ad2276398532aa05b3b741f62d5963b240f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
832af5bdcbd01ffbb810d0625a7032ba

SHA1
3609f1a4fda4953438dc782fb1b972ebcb2fec9c

SHA256
641a15f5c42742d69eb986dcd1754a8ecaf5620fba48ce8e1f877dbe259779d0

SHA512
ca0e91280ce69ec016894760cdb66734af1899303e32c7a1ef217b030c70917da36332fc40993a5413d817000fe98cd4c4cdd75ccc98549ad0b7d0d396dbe371

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
da7892ac27884a221a5a44d2d82ee1b8

SHA1
9f40b64222168032f6eddc98f361a374d2a8a089

SHA256
a9b2725f39902999b302fa0d0dc3b1ddbee8b6f946ad50c5cb00110b79de890d

SHA512
13d06be997e0d0fa542578104034cce82a274b77b72eaf7843b2b016fa99c36e4ad4f9c8d88b2b8622bec3490e296c3b53478162453bb460b2dd50a1b6c1c818

Download Submit
C:\Users\Admin\Downloads\fortnite aimbot.docx

Filesize
12KB

MD5
e6829859e3fb02961ca5597586f65203

SHA1
19248cca13e1c64d75933f8b8febc5937df25743

SHA256
6ee02c57c5e326da73c444c57a2f8672bc25be1d17619fc5caa9764a4a39c7df

SHA512
2987e70201ae8059ad17f9a85d47a07b3b8ac9ed695e773c28dcf12b6ff884e73825f0e1e5581e2a9387df43b6bc06b2636254db3ab28472caa1884339fee765

Download Submit
C:\Users\Admin\Downloads\fortnite aimbot.docx:Zone.Identifier

Filesize
131B

MD5
de3430b3c4684f172671ec9382bbf2f4

SHA1
1572ca3491f9ec76c8b17bc3aa9aa8873efa7a5b

SHA256
2ce17002cae285d62ab906b86e9c02daca9bc087ebe0b1c5c7f81e016fc8e76d

SHA512
9ba66247eb6d6b9e3a8395bab808a961a5f3cd249fbe7132f8c4ea75887d8f3d3ba30a74f064c62c78a9fd7b7af12e26f09924e3f266c764b0312ab206c7a99a

Download Submit
\??\pipe\crashpad_2320_KVVPHXFKQEAYSRXN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3060-6-0x00000222F6B50000-0x00000222F6BFA000-memory.dmp

Filesize
680KB

Download
memory/3060-5-0x00007FFDD2C20000-0x00007FFDD36E2000-memory.dmp

Filesize
10.8MB

Download
memory/3060-13-0x00007FFDD2C20000-0x00007FFDD36E2000-memory.dmp

Filesize
10.8MB

Download
memory/3060-3-0x00007FFDD2C20000-0x00007FFDD36E2000-memory.dmp

Filesize
10.8MB

Download
memory/3060-2-0x00000222F3650000-0x00000222F3812000-memory.dmp

Filesize
1.8MB

Download
memory/3060-7-0x00007FFDD2C20000-0x00007FFDD36E2000-memory.dmp

Filesize
10.8MB

Download
memory/3060-4-0x00000222F4AD0000-0x00000222F4FF8000-memory.dmp

Filesize
5.2MB

Download
memory/3060-0-0x00000222D8F30000-0x00000222D8F48000-memory.dmp

Filesize
96KB

Download
memory/3060-1-0x00007FFDD2C23000-0x00007FFDD2C25000-memory.dmp

Filesize
8KB

Download
memory/4396-1175-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1173-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1220-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1174-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1176-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1177-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1178-0x00007FFDB1290000-0x00007FFDB12A0000-memory.dmp

Filesize
64KB

Download
memory/4396-1223-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1222-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4396-1182-0x00007FFDB1290000-0x00007FFDB12A0000-memory.dmp

Filesize
64KB

Download
memory/4396-1221-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-1022-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-1021-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-946-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-947-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-948-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-951-0x00007FFDB1290000-0x00007FFDB12A0000-memory.dmp

Filesize
64KB

Download
memory/4532-950-0x00007FFDB1290000-0x00007FFDB12A0000-memory.dmp

Filesize
64KB

Download
memory/4532-1024-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-1023-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-945-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download
memory/4532-949-0x00007FFDB3E30000-0x00007FFDB3E40000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads