discordrat | c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Analysis

max time kernel
319s
max time network
327s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
OTg4NTc4MzE5NDUwNjU2ODA4.GJB_CK.pGGNRyaGaQAGmQrFjvmnUeTW-IdHcYf2pAyEXQ
server_id
1163956714090016808

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Client-built.exe

Executes dropped EXE 1 IoCs

pid	Process
5080	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
636	discord.com
77	pastebin.com
78	pastebin.com
623	discord.com
628	discord.com
632	discord.com
76	pastebin.com
624	discord.com
633	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640727228371047"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "137"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
4920	chrome.exe
4920	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1476	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1108	5072	chrome.exe	101
PID 5072 wrote to memory of 1108	5072	chrome.exe	101
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 4532	5072	chrome.exe	102
PID 5072 wrote to memory of 8	5072	chrome.exe	103
PID 5072 wrote to memory of 8	5072	chrome.exe	103
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104
PID 5072 wrote to memory of 1972	5072	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3760,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8
1⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb7edab58,0x7ffcb7edab68,0x7ffcb7edab78
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2288 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1740 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2392 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5068 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3400 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4244 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4356 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3384 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3144 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3408 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2460 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5228 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5348 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5500 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5544 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5832 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5920 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6260 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6404 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5788 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6712 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6880 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7036 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7184 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7396 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7536 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7388 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7392 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6988 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6980 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6976 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4796 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5332 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7308 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5652 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5544 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5312 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5824 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7008 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5876 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7380 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7368 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=3380 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5172 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6412 --field-trial-handle=1940,i,13304559130201144305,15558506323926235876,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5080
- C:\Windows\System32\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /s /t 0
  2⤵
  PID:412

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390a855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2797923086797b813717842144938d17

SHA1
5047812ff248bd26e3d350d1f213610a602b7264

SHA256
0a8a51934736ae3eac692695c4ba9da22978ac1c8434a78221d5c8656cb76956

SHA512
76c1b51b8c6680dc1806fe5ef424c5ef8fece740c66e0a230ca607866c867ce4426d732bbaf3a1ee7aa6f6d033019211f8ba2cb8794331a6d00fe7beda438b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
73b6376a2b2a8fde2288d70e379aaf2f

SHA1
93afffb304d94b373de19834090be5524e2d1b84

SHA256
a7c4be6bc14f21c497a77a17fa8138480efd960f4ebe7230fb1bf49b3e2e800c

SHA512
02b4b719c1397b66063d43db86ac22971d74d9e1657b55cb88ffe4aa5bd748340fd2bc464fdb45dbaacd81a53741f672b8f8c555e27420f5ea6aac8b10497acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5218eb512f4575570c4f3be17a3b532d

SHA1
f359cf1b93c12becdbd05bafeff9ba956357cbcb

SHA256
08824d5a7d3a6f7b986892a4a30185820fd333cecb969a4e20dbbd4514868ff3

SHA512
11c566dc50c1d3b0e74b7f30011ace4b96f0075ee7c805e8885ed66b99e990fa9dd651133da08227764aeaaf11e7d2827eb30846c8eb8d2f3d3006a6bdd4aee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
972741555518e090854413295cf79786

SHA1
eb1f0b398522d94f0c4ed1b0f9a59514e9d20059

SHA256
d56f36e6836c98f9bde63a7e01aa8c228d8e51904c8bb3640dab3ec53549df66

SHA512
9342d954ea84801497583862546ddd0a7c49fa652c40d5679c7fa871575b2da7740550aceb2eb29ef1d375bff427689f32bc890fd6287858d91383bf55c6a1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
663eac0ac1e97c8395eb429872351f42

SHA1
1715270897e9d180ad7c4f900486f5aa32b461b3

SHA256
82ca9241dc3f3014ec5fc31c53b4756780f9713377f8d4e6b4cc69beb5a932c5

SHA512
619e9eed3bac2851ba6b70b3b28aaf3133a766bc3f7680c928fb730cd46b42bdd8459f5304147211a32168bad6586db296b8183fab110f754d3937ceed9c5b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2e5977919ba024f87db20c5f84bd443b

SHA1
c90ca62423e012e20590722458ca233492d59500

SHA256
c82bbd522937764b6b93da0542d0b2299a884e2abc8b930347008948d5b84f93

SHA512
eb2f37dbc0d46359e6441ca2a07818d5aec67d85f56b0964f477489b7ce4be17ee6342c8d2fdb6def78e88f1ce31cf539a21277c67364edb7b93e13a7d1552f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
01740179f81a74da8963fc7d149a890b

SHA1
4deab82dcc05c22d95d26a78ec2b24580d7abddc

SHA256
59ef47981ad4a6decd976c75bb786c8c61e859fb731407b25e226402bd64da11

SHA512
69c020c5a0e6332ce2b3982b5107f1e61f6a04f4a1f354d9999122712bc45a9c0acd33520fd0d6a5c04758b00940e2e6af3be6406b7df860006102d81551f7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
998893332904efa8f77f79ec110b8bae

SHA1
66bf534df10b5043eb862f0a43a6f3bdccf5ac28

SHA256
82a39a919ee13504b8a3369dcf0dbd72da12038ce23a56d0ffdf8cb8659c62eb

SHA512
b9ec36ecdc1ccf9c7fbb33087527dbaf4d5b9826ea180678dd4e1153d7f6a1de4ace4188a27849186d6062cab8f48beaf1a5790bea9b077cb1c9d5fd7014b45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
40eccd77253af2aff9778ac14c22afd3

SHA1
7eeb6287421dab31d3171af7ee91b5207d7e39de

SHA256
a926badf56a81dfa35ae1d764b0a24ddd4be1ac909aa84daa1f0540af59dea28

SHA512
b65d8264d4df13419c8404e55ce0d9aa6b25c3185384d5ae1211ac80490533b0cfc605533e6bba5792b739d4542ce287b0aedca867a295b563529eb46cff43f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4537659c2200c975acef2d5ab8c95739

SHA1
bd293a446a0f3de6fcbb0d2625ef4529fab96824

SHA256
a3e85be179d6af7e815f4838591b89da1c13cd6b8163da73add5123251e631a0

SHA512
bcebca88ca89fd9979e87de78b7d1adc5fedbbeab5eca079d70dc6e03e860e24d472bf0e6991adef9ffdfb1833af479f33743cc0c8b3980df7a78d045133a69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c3caa35a482254f8a2b62e1559b8f1d3

SHA1
567d3a7285c0333951aec6b40df2ae737aa66d59

SHA256
a8ca305e30fd498e1b9db4c414a2540fbee17745e9c72ff9d882ce3202aae8b7

SHA512
9f39eeea2c1757d6b198e266d4bb3e648e693325c2b3de9a22889fe518544b1092dd24f8dbc145e91c3993ac475a3e6ad3994d04f3d34a8fbb54855ad4ae675e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
809c89e1aeb6cb3f2e03d4a484b0c134

SHA1
1b44df38cfcf1c8b5240f6d01df5174dcacc8c14

SHA256
67ef32e9b26576acef3da4658e614e9e57dda9cae661c82146793cdd69ce62fe

SHA512
2d9febb0fe4c28d4ccbf4746f1b28b7057cbd2af471d16492b0713d9dd8826bf5533d49c948620f9938d3894a6c6975140cc84873ab90951ee7f2ae5f961b9f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
312b6ba6cc7af0de6e2e65eeb5e3b21f

SHA1
d7b697284212862469d42f30a22001b51dd3ec2d

SHA256
2902ff4c071094fc068f56c4685a4820bf58c2eae67d49d208e066cbaa43f6e0

SHA512
692cc90e6b030dfacc5920c5cb94c26e1b981002179c5e9c939c4954c4b1fd779f2e4d586c45fa62261b38855272687cb5a12ff2a4b70502424ffef0195963a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8632e86284f4e7fd7a18595db600823f

SHA1
de5cfa4bf7b9a4ba4f852485453e97bbe0e43b7d

SHA256
26fe8517105a759f1ebc70a77e38a05cd126252655da6238812482ed9eb8de19

SHA512
22effe777f9c742c31f6f015c1eccef1b01659eedd024f5e48af8d205c28cb85c4a621149099f5a619c485c89f78752ef5168f5d792b2bd95fba296475f815f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fa846d2ab7a86ae36fad3b11e8142652

SHA1
876baf4e20bc506d0d867071d83ddcdd806bb874

SHA256
9fc0cffbb13e93b6ca2cb66fdee3cd571b9d017ce2dcafd8e66bb23779e83f4e

SHA512
d00584caba5f142565e916cc066e797ee0689df84be61a04986bde9e62cb3209d5b88450552329cf44c1aed09abbc7afcdd75582287932bd85b50b32a3f3d907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c7281bc3a1de362c9c6163e04d8b0655

SHA1
347b149ba4e5c427585d0fd22be5cc8497180fd1

SHA256
c3a43c4090aea0b068ff1461d74632d44e1cc57d72db453fc37a86c7d9f490f0

SHA512
7da802a2111966413acafa06fde48959e2ee14aadca24a0ee30394cd3be79d0e17fa64481692f1b798c9f100b037112f4044553cd30981ff8801c692e1cfc291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
aa61f86792b92fabc8d76a3c51fd00d3

SHA1
80cc45b36001349b710c7804fc1388fb97a26878

SHA256
273939a63eb41fdeaf743fdf7f71fb2125797b80e7e6bfb0114b44911962d3dc

SHA512
62f86b819294e8384eda6cfcb5f99e42946f4c9583689744e1dfa2aea0c2089da59c9895f40e707a86b48083f6dd0b0aa28dd5c3b0c1fe971a0d8a715afb33db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
b416e0cda74565ad6cd665e80f2a649c

SHA1
e91a4bccc9dfc73c49f8226ea3aca31af1f5f74a

SHA256
ae086ed122ff34deef948bfeb3abc4c659af6d1c921db5c0f2eac5a4efbbe218

SHA512
386d77ce61ee3f0b66c63e7cffe5f11dd14a2622d9e6a4acc9a86c5fbb6be53703362e88f9535f6900f69a09c80fefd37fd5acf2c2c43283de47a69bfaf10e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
e8cd7f178ece403ea23ed7013e073f4b

SHA1
77aeb1bad363373368d3192d8ca47e95804ac9a0

SHA256
3645555477975bbe121c358cc0b20c416bd47f939f20a4aa3fd3f4c19be9f863

SHA512
ba0fd9fa65402ad8ea76570d75acc93fe239becf4b7755f3b5d2e7c3267ebbd0875ceacb3f1c52d3733bec852e1d2330fbb99d395305a6fcbb0cc12d816e125e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a8f22.TMP

Filesize
88KB

MD5
af259d720d0fd49051eac3818398b14e

SHA1
24a666e27c34dad9eab7d8530c680c890b08dd20

SHA256
b45ae04ed1d99dfb7ce4140b4682352791341b21db422d16ac7625d1bfff87b5

SHA512
711e6cccd1bad95141f7ae46605b784cf49b02965f88b10e8d9e9586482fefb2bbe591117d721e8be4ad5bd046c02e95391191a76909c675a817990451556cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Client-built.exe

Filesize
78KB

MD5
9f8192bca777a039d99372a530cdb635

SHA1
a2556acb2ef8989c7d1b07d1744a0b5fd7f58a68

SHA256
9d75cc219fc049368f2dcd1a0e2b6d770c5c00e25e9fcaa43cbffb64beec2f4f

SHA512
9e32db23374ac09ef4833fd1b5e603c294842dc380daca3aa6f2cf27d5be9df081634c589b97f7850c7eadbf672bf3ad5a2f580b6dbb570a68f7280524de3f81

Download Submit
memory/3332-2-0x0000000005230000-0x00000000057D4000-memory.dmp

Filesize
5.6MB

Download
memory/3332-6-0x000000007467E000-0x000000007467F000-memory.dmp

Filesize
4KB

Download
memory/3332-5-0x0000000074670000-0x0000000074E20000-memory.dmp

Filesize
7.7MB

Download
memory/3332-7-0x0000000074670000-0x0000000074E20000-memory.dmp

Filesize
7.7MB

Download
memory/3332-1-0x0000000000280000-0x0000000000288000-memory.dmp

Filesize
32KB

Download
memory/3332-0-0x000000007467E000-0x000000007467F000-memory.dmp

Filesize
4KB

Download
memory/3332-410-0x0000000006110000-0x0000000006232000-memory.dmp

Filesize
1.1MB

Download
memory/3332-4-0x0000000004D30000-0x0000000004D3A000-memory.dmp

Filesize
40KB

Download
memory/3332-489-0x0000000074670000-0x0000000074E20000-memory.dmp

Filesize
7.7MB

Download
memory/3332-3-0x0000000004C80000-0x0000000004D12000-memory.dmp

Filesize
584KB

Download
memory/5080-475-0x00007FFCA45B3000-0x00007FFCA45B5000-memory.dmp

Filesize
8KB

Download
memory/5080-510-0x00007FFCA45B3000-0x00007FFCA45B5000-memory.dmp

Filesize
8KB

Download
memory/5080-478-0x0000024BD5220000-0x0000024BD5748000-memory.dmp

Filesize
5.2MB

Download
memory/5080-477-0x0000024BD4A20000-0x0000024BD4BE2000-memory.dmp

Filesize
1.8MB

Download
memory/5080-476-0x0000024BBA350000-0x0000024BBA368000-memory.dmp

Filesize
96KB

Download