discordrat | c0c315c0924a27c37df67daf282be5c253317b52d983bbfb7ae8465fe2a19919

Analysis

max time kernel
740s
max time network
752s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d894256fa01f9770da3abbec7af18fd7.png
Size

129KB
MD5

f915c7aed5c023bc4258c09aa45f279f
SHA1

75b20edfa4448ebf0ff2855d69a70fd4eedf374c
SHA256

c0c315c0924a27c37df67daf282be5c253317b52d983bbfb7ae8465fe2a19919
SHA512

ebd0cf1ef78eae81bb044a3d47f0ce56896d1198971596c7f6af11ed8c4f6e1e7bb64be121d43f1ce24fffe90dd9653fe5aa372f24bcf926bb8e58207e61a2ba
SSDEEP

3072:d/iT53yCXuMTLi4/b8O5TycE69nxzleFr9QW5/XAIGviX:d/id3tuM3ilSFleh//QIGvs

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
5396	builder.exe
7040	builder.exe
7132	Client-built.exe
5536	Discord rat.exe
2564	Client-built.exe
6352	Client-built.exe

Loads dropped DLL 2 IoCs

pid	Process
5396	builder.exe
5396	builder.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
445	discord.com
449	discord.com
452	raw.githubusercontent.com
453	raw.githubusercontent.com
455	discord.com
456	discord.com
444	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645348605655407"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{8DAA4356-A9B3-4F50-B552-D51FC9F053B8}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5376	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
3172	chrome.exe
3172	chrome.exe
5932	chrome.exe
5932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe
Token: SeShutdownPrivilege	696	chrome.exe
Token: SeCreatePagefilePrivilege	696	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
6340	7zG.exe
5376	NOTEPAD.EXE
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
696	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 3152	696	chrome.exe	94
PID 696 wrote to memory of 3152	696	chrome.exe	94
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 4348	696	chrome.exe	95
PID 696 wrote to memory of 840	696	chrome.exe	96
PID 696 wrote to memory of 840	696	chrome.exe	96
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97
PID 696 wrote to memory of 2068	696	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\d894256fa01f9770da3abbec7af18fd7.png
1⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae617ab58,0x7ffae617ab68,0x7ffae617ab78
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:2
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4880 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4604 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3060 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4384 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5060 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4524 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2520 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3196 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3204 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4136 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4628 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5604 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5288 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5520 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5744 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5932 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5868 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6612 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6876 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6884 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6992 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7128 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7292 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7076 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7100 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7664 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7792 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5936 --field-trial-handle=1704,i,17416821284595953815,9563623958914919064,131072 /prefetch:1
  2⤵
  PID:5476

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6120

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release\" -spe -an -ai#7zMap28869:76:7zEvent15843
1⤵
- Suspicious use of FindShellTrayWindow
PID:6340

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Release\tocke.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:5376

C:\Users\Admin\Downloads\Release\builder.exe
"C:\Users\Admin\Downloads\Release\builder.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5396

C:\Users\Admin\Downloads\Release\builder.exe
"C:\Users\Admin\Downloads\Release\builder.exe"
1⤵
- Executes dropped EXE
PID:7040

C:\Users\Admin\Downloads\Release\Client-built.exe
"C:\Users\Admin\Downloads\Release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:7132

C:\Users\Admin\Downloads\Release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\Release\Release\Discord rat.exe"
1⤵
- Executes dropped EXE
PID:5536

C:\Users\Admin\Downloads\Release\Client-built.exe
"C:\Users\Admin\Downloads\Release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:2564

C:\Users\Admin\Downloads\Release\Client-built.exe
"C:\Users\Admin\Downloads\Release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:6352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae617ab58,0x7ffae617ab68,0x7ffae617ab78
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:7096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4912 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3296 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4188 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5184 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5456 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5592 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5716 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5852 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4972 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3128 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3268 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4468 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4472 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6360 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6388 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6700 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6836 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6848 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7116 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7284 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7420 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7572 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6020 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8036 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8248 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8176 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8340 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8732 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8576 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9000 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8832 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9052 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9364 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9492 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9716 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10004 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9288 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9660 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10404 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10560 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10384 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10188 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9492 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10036 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10796 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9844 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9724 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10228 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11076 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8836 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9092 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9084 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=5852 --field-trial-handle=1924,i,8487108555492560273,4749582607022675678,131072 /prefetch:1
  2⤵
  PID:3620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:6684

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x4e4
1⤵
PID:5960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a85e5add31f209ed527bf82ac0768582

SHA1
9551a7f1878b70b64d4ed23aa8f5d69cc6f272b9

SHA256
9b28265c7c93e93355a28432984cef0ab471397329c2924745ff139d2a585c43

SHA512
4e216dc0fb62569a58c05a34e91658cf481db11e2d27589f1cc556ed2e986bf6d999a51dd35a6cc98c59be97f9f64df3ff084bdd8b8f1739f4589e7c47e11bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
62KB

MD5
1721006aa7e52dafddd68998f1ca9ac0

SHA1
884e3081a1227cd1ed4ec63fb0a98bec572165ba

SHA256
c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84

SHA512
ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
70KB

MD5
c71e661f482d2a7bfc565060281b324f

SHA1
4f66536e4d59091e4ce33e84207965c51330ecbb

SHA256
60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932

SHA512
7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
19KB

MD5
055c39f1ead06724e540b3c0d877cead

SHA1
5d7ffdeb534b6bea5443838f9534fc6640ee1526

SHA256
0305d258c756aeac531d72a410cc42d0ae302cb74a2d8b5dca2ee590b7f5b1d2

SHA512
0e95c4c344e0f81be53dcf1c441525f10a8a231e39e3614912dbc14fc6b6575dbb68dd93f741b80c0da986270003b97b5adaceba996b734b1678150e8ce5dd62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\25b2d5c6c7e115d5_0

Filesize
19KB

MD5
02e2a8307a66fb10b43f13197efba0ab

SHA1
f35c123aba302f7989445c59780d4da53901508d

SHA256
45e3ba580bcc8879933b68e46588596e4ad657ff8439d3f2bac067804190e534

SHA512
e1eef7302da4a3ab1791016ab7e200eb92f03ab02534e1a4a2ff73b3f99cdabcedf2331ac551321e5f9663e5df712287ddd91bfe274d1fe00d1d43e86bcf5f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\885fa3a624241b77_0

Filesize
280B

MD5
ab22531f9e75bee47725cc3458c53814

SHA1
5949620b6c5d0b9abca1bfbeda94a1117b7cdf86

SHA256
d17ced8f68cc044ea7dd8565172747d1e5db30135f03e79594340179bc5c794f

SHA512
e9497695fecb00d269f0312b11110d648c86d25a6f84a5a2514041280c91fb2e0f6a387c546ad6fb2a13c678645f9987e3f40a2cd3b3cd29182b335a56cf4db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb42171c508f2d27d1c997a191a4ad42

SHA1
29286e08a05df744a0ef9da31b1cf400aba6e820

SHA256
80aa1ddebbc17c270cb14d738edfd4a8fab9cd84fce5e3f68587a9b983257db8

SHA512
6508ab8e79fa73c89726d580b47be8346bec4cd0e24d961f21ad9596d6b5e513a1dd698fa4215736862df02794118e65a4914e41b91950ee4a3a0c66e94bf913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
268fb90dd8e1ac442cb1152e1e09004c

SHA1
ff8547030b5bc8058c6d1d033205ea4a2a945e6a

SHA256
3de77d65b15b9743237266af385dbcd0093866b45f0392b95107852640e6e7df

SHA512
d41c2ec1a4f6eef598acde4c23cd302a7d2a40df69ed5d83925da274725ea9d63197570376d751bc2a855df6f5d38aee0f39d8f283a25fbf5f56b07b7538fb98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
99a34c565020f0dd21e81bdc4b3666a7

SHA1
edfa677b63e81defb890b530be5b8d54168ea272

SHA256
6aa3e02632743e58d2436b67eb360a53fa51cb6ffa9fe841f639c36d87196d4d

SHA512
6c869bb739af2fae55557608bd28af481ade28670de7fc3b8c6c2f066f7ac625c3f957da64b04618ffe74879aa7d74cf9c278bc614ae1f7ae4750dd4b42188f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b45a1518b2b6b62dbcf8319b52c4e938

SHA1
4734c4b867c8e22f4b67c6f03042f6fd8937b420

SHA256
2902a186ca60a7d8ea36600c1ac9b736e4afd06c7d5afe3420752bdbb8c8c6f8

SHA512
4b2bbd6c7db940592533af0853f3c6df928cba275fbf985e64585ddd41965e3873dbd2623c34bcd6739b16bb16608844fcc5f547b7f382bd5ae85a45ed15da46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3be262bce781cab1f0197baa171a18e5

SHA1
7ebae58b5e54be2395551176220d26a2d81b0576

SHA256
e8e6223e0961217153afd95fc118b4162857bce4af73059d27f3a4af0ea56d69

SHA512
b55097cff3540d476836e0f5ac24704cca41bb809adacc067b430fca99a2c74076c8995fa0c93d35131e381aa1b8e96ebd276e4d6416f9b2edec65b4c104410c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bccf88753cd8cf131d003b6709604732

SHA1
3d9c9ac1f9173c330ab7e19c839410faa62612fa

SHA256
6dac4bd67981d329262258118f121095ec03f08cbd8ebf15d027e7fba7885926

SHA512
8ad0e0880978a9fe5a1550c4b5c8ec72800c324aaa6d5c18b0339c0a0a5165db04958c07de9708b5a4925f78c12bda82fe3bc4bb18b67fb752293dd07c65484e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6f267230e7ac841413755d9a5928487a

SHA1
37c5fbf2673ee49172023d6ac9a258faf83f2aaf

SHA256
53cd4ef06395b814c5a660aba0523f32c156fc6b6c01623f3b6e4f5515368c63

SHA512
68805f223645d3c0715a77d924cd73881f7b0bcb1049f0683b46e4a388fd2a13dff3d428d89a2f2ca86ec3d3f9a988a81e2bb12e3d0cc3eb5ad37949e66436bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ddc0792d0df75702b179879d855b51c0

SHA1
21b213268a99a806a3a094a5117a7153a66dee50

SHA256
5de0f3bb246eb88dcb461ed48183b9694e3880d16cf3fd7ae6b8ad2a455e716d

SHA512
4287d76bb7053e58d76834e52a25d810bf6acd63d699658e29fd72524baa906aba1eb45ed59b06e549ee65828b8b3d67bd82b541820d0205c0727dbfc89ed1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ea8017e083bc4609a9b2eee994f275c1

SHA1
928a870cf842ef7d6c08deffe2ba7255f9c9c624

SHA256
31194184c89ba4751638aabdd012bf9ac6cbd9d088f1b8b0973f68bb308801b5

SHA512
c06a28fb967a913da2928adad9923379598ceda8ee96ec3f98545d20ba4a26a8a5f7a6453ad1a97d979c2748ad7efce041d596a36442345b21739bd631ba355b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3101c02fcc9ab8185b6fe64caf97e288

SHA1
92a8b0603764bb77dd7ca503f37905a8be254b12

SHA256
e5dd8aa5a7727c22c81267124ad9bfcf213e902be72d94273e5c72625360d6e1

SHA512
a575e52f30db7a47dd129a8c4d0e8189597db4e13d02d55ae2ab768926d168b507539b7609104aa7aa9701ee0e15e338dc1787ad57ee8351c31b3f159ba8a5c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
829a205dfe25cf2f91ebf5ac898d9e47

SHA1
79a5bfdf286bcaed9da6b22dd585f7dac86432a1

SHA256
987ae9cec123cd1d7eef050f6eabfa810abf4c60aa059190010d94374d58b1bc

SHA512
6f4fd91c54c21220a7ef9d98d144e020d66bf688d1a6b3318599954c6e764aad9c5bd131323d7f918f41f8369d836826e688f60bb3a8c9dc66a84dca0d186cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_tinyurl.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_tinyurl.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
b7e2a6ca9255e185a0567029071b4eef

SHA1
de0a999080da8f53df984911e17ada84fe1d3076

SHA256
26454655037f562ccb671b5adf7360005b740974746b4733925c74e2c9b46ff6

SHA512
0260f46e9246375e00e1517b1086a1b1be47dd3d237cda1d22155f7457e0069675ee332658b58099b398ed32faf5dcb5f847a5b3340fecb299f60d0da276f241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
b05b2baf43750073f517c2a4745e1a9f

SHA1
a48a3e7a90cf4d8c54634013f366d3bd5fe36deb

SHA256
b581330d28f3aca31a91e95ca586685adb70477c285ab29b16ab1ca13e5c1e77

SHA512
992a833dcca97ede268ae044ed805c66d25726570f71c0237d71111f9445fa4b180bad2fa5881072df3ff0f944f0bb8442d9a077a1f993eac0827dfb4cd06cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
5059a901dfa387ddcf05240d0db2818e

SHA1
abf27bba030f738ec49b962f7bafc7dbb1e1155b

SHA256
106c8d96bbf5d6cc35867e108be07ab83ed5bfd9b9cf9bf5cef35ac89f8ebd66

SHA512
0c7f8d55959661fd66c38e89eb7c032e016a9b7610b19a8e4ea5b7fc9e8782e3f4f1f38cbdb9c22762d08a25debc50640084032379cf5892480eeb956f2111a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
3750068d4fb4cf5c7b331f76e2c4767d

SHA1
dc3e05823545dddb6ad8d73bd2bf0ee4846f5c81

SHA256
ecd8ef0955b8ea2973a56d99f023baa9146377d24b7dd5340262118052d29832

SHA512
020aabedb63560b1220e952155fd90a44ecf55ab817273171b565d39d76cf72238acb2e525ecb261db4b216c49e6783687d92cdce2441c42751d3cdc5f1d4095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
31db033fe282779cc49f55534a4d458b

SHA1
ad7aa750e452b04884e38c0b9508856fc6b1aefe

SHA256
4cf1ffc21e8404e3d12c408d4ee9efe0ee57e7aee205822234440b7810267d4e

SHA512
069475aadac35204ab107e1ee8f38c819bb908e09058b556033bb1a79959ae436bd5fc6099a6a9ccb221fbcc5b145dee2aa1f9239a8a7442af2006ddb8a8108e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
147ed72edcb43b44555b6d14ae8a47dc

SHA1
f4e056df6cbcc0bafc130184176d225ccdbecc7f

SHA256
1dde9ff67bed5aacbf7378a6dc58c5e32d64be25eb1db337521012d02dca7c0a

SHA512
5cb60660732e2ba59e82aec688db4516bd57e716ad18203f012f1236caef5e26cd73b8d7d8a743d728bc261e0508304146f5c22777db72861dd86b1def7996f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8b7a9b5f80403a51d1072d98600e51a8

SHA1
652a5869242cf7102555327bcdf4b8087b4414ae

SHA256
db6717a4cbd00ecdbcfb121a600c2a3d9d0d1f13c82be07ba2b1713590051ca8

SHA512
9b0253e8dcafdfff8e4f711becba819dd6394c7e1bc1f4d25893b8627baca23f43440b6ca1a7c863df618e6dfefc39fd996ce818a3ce783a043cb35e69336e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1322194361392eee38fadfe41c27c368

SHA1
a2f894311f393de616789ad11256292cb9da93b8

SHA256
97b1fe7124ea4b5ec1a9080507b0f9c001a03c8efd119f0c8043584bbd00aa76

SHA512
00291d46ba132703dd76926d3ce85c66436c2d016d7ebfe660dee9bfbef137202ad48c29940071690fdbf13da1da289e2a472b9526f7deb95cb58de5f1167654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1f88816c5bede119a3d94f32c0f995be

SHA1
56eb82fdb3f14f9055c2a2dc48bce6fab3a63c8f

SHA256
7ad8c74200af995b130a02c34b52c99356e0bc5e37a2a83a86699a1fbd8d607c

SHA512
d48c263c5ec72314dc40b870fd290b507827ee12c122bfc6a42b7050f0c4dc788bf68e07f80e66c9d46397215067d6cd613165aa4a57e160a7aeb2926a0c309a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
159aab81d654d0b7c32cc3fc68d83ac3

SHA1
7093d24aa4ab242b77d2e183840400ef66f49f2b

SHA256
b5327cb5a1250b9d95dd33cba041922781d822f9e914ab192d32ee1cab951e03

SHA512
5af85b1c0517ba6e0322d7cdee7db7ce311f6503b1146003617fe74c959a75ff6783903b74eb736b3f0f805008034e3fb7d35dbeb3b1aab263ac095494151448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7d2bcc92fd85d9c5325965cf7e7bbcc6

SHA1
74e1c72c585b5656faa1afe6dc443c538e164518

SHA256
49568c036501a836ddfc3480e989251cd153bcc04a1e7f3bb7b23770f5908180

SHA512
86e254e6ec5b90278359024f363f16f447dd58fab5b7347b209596ff43846aa30535ba0a0ed0051bb58d80f1b9c84dd3801799e4b5aedb25d1bf24be16df1376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2878acdc3bc34f6b07469e5437d88885

SHA1
ba98d5c3592c475b8d8398f8e98a91d5a4a946b5

SHA256
736956b2e136fe803a6f643dd33cd7739ffd80ab2f0fb7ae8b273008e14789bb

SHA512
cb5122f5645aa8a4af7c15670edf1f40ef6296629d381366aec92f35c3861d731e828eb60edca828f4d1a6aff859fc5f7b5bdd6415ee00cb2900d881be12af04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
9KB

MD5
db02fd9e26f4badab91bff5e829b7e0b

SHA1
a520fc43b67ca1f8b7538c3707fbf6630445ca77

SHA256
5d113196db4fbc7910f52bd9dd9db1dcc28bd5e6f15bb268079757071bd763ea

SHA512
a0bd3e389d98426649c91cf3013dfdf6791892c2fbff4cc3a0e54f1cedf5bebee509db70e4a217bce5210ad626ae5ec8894b237d7548f3e695e8a3bb7a25c221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
f85c23a4b8974f8259309de88c20b2fc

SHA1
8c0fd0806ee89a5ec520b1962f01547f616e7eb4

SHA256
a47e758f56a672b0618fd2bef10dd083d3266e3dbf9aefece42c3fb5d897eb14

SHA512
53148632e08df8ce265a2a5eb0b9c064f88354a3225150909594816455a74e449548e3fcb90848dedfc03facba1a9f948d484961bc0e62543f28412d92e1d834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
d94495428320fb7b0b60868e28a27d1e

SHA1
cd0e668f0b9416189cf3bace6b3647f09e704a6d

SHA256
ca00969fa8003d4116ee05042955fe2fd141bbddd4ac09efeae3972a16d832c9

SHA512
5d8a883d62d511d8623bfbb809f175a03a1e888f6468f3c7d16543e0f28aefaf006c671e2b1a13e89543dc206d86f8418b80d50cc1450764101ce5c08e2f596a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2ddec1faef405681754f0657c52ee427

SHA1
68bd8c8b420cbf1c90a0a5867b5ace491cc6db7e

SHA256
28f52dc02604a1c96ebc76abc9d86f4e1583d291309192e460a7e69a0e615725

SHA512
08785589190c39ec47f3cd3202a5853a3d64f3dd9a8dc5f8abe5554739514a7583e8b4f79ed0c2c6d8d3b4e007cb2bd8ecaca7650d21dcda67e054d16f0df532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
da233591ace90f39a587cde6d60a5a76

SHA1
81648b35f91e38e0623ae969c7f0480953c02691

SHA256
f48bb2ad4823c519488061391269e396635043bf50b3811bad360657589bf8fb

SHA512
d907e0db6eb32aa70a3ce68cc0f0052c882c31b3e18c3123803b212489554a9fcdca2f3e18817881aab6f36771af2f4473300a7bd457b5e83c16b690c76017a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
17a3bde6767a42d9bcab2a68e680951c

SHA1
3b9a2ca54383b8b321359a1c31f9205af5830e11

SHA256
172457c1cf5dfd72dd5f46ec629c6567f1f58b8eff8d2045cf802eef07072a79

SHA512
f92df1fb113a6a67f0ebaed1692adb9bbf1a072a11174aea4c6af0381e5068a208a943522f4a26cb30966c568ca5809856c77c02e087bf0c1d1b353efafd3cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7dbd7ee30b6ed3ab14b77d3f29a4a17b

SHA1
57daef2f17eea1c34324f5ab21f5694980296c88

SHA256
7a01c91754e7f726c529fce8ff97e78e4a6fb745ccc76d8791ad264addcb01db

SHA512
6d00390d7d18fe85af14de0820be987e515a17f89fd7cfe02e114acaea5672fcdd8624f699dbda6dcc2c58e29ee7c182297363429540d4a5e24eac76357ae6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1a59b28653d22bbd70ef0c7b2131ae5

SHA1
6b5d5ffe6d2c2c6bff7f2094b094977e4c4dee1f

SHA256
a723511b605001689ea713d3805439f184a242d3ee27ed743b3ed0986b69cb99

SHA512
c96edd31ee646312a0667cc126ed9759294fb4f05ce6328cb853a843c4df4b9f838ac29efa95204515b8b36b2bc5123a626674aa0e2b46e1acb223e4b47d5453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf8b9a964b8214719278da5e19fd784d

SHA1
90f7488fa8180bf93cf2b1514f44f606f4837e32

SHA256
d70c8871ae45b93437b574da5db010cf43af5f7d2c64e8285d2bd79d39b0021f

SHA512
7992428170a43103f7154358c3d714d4851d8268190f48a2b8ab2672526e05e82172600f43da82664f61cb8f3c5120c03e53c653964087a5151c6f906f6e16e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ab544bf91288fa777c08e9c5bb520e3

SHA1
e5cea6e6cb46e834b0c6b556c83c7b07a901e07a

SHA256
a6e4893f5a90e2d18a415a532b5c1ba9d270c8702b6061e9faab96a5573d8326

SHA512
81f2279128709f9653f8942841517a070853fdd3e26f354e851c7dc25083c3fce33b22c4ccd9959a4768bbd7269a98771dfda8b83e12143f29c528c8c0de9162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
959c262cd6656195cde08cabdcff3a6b

SHA1
7c811ac621362c2867b61ee4da579d62099a468d

SHA256
591a62f6d2e3c2f0a725041b6e29461f6e0c7966a39e348f7571d7b06202f13f

SHA512
f3adc7474bedc201a66813ff5d23d47c11bf09b049a89c28cef8c8115b2a0d24ee0e11b328071c9679668180bd1aae43622deb5802f9aaa125002ef24c66132a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6a0fe6d22b0b0389283bd80d3c8a4c93

SHA1
091992accaf045ebb3b96cc796881d16dbfffa25

SHA256
50faf035e73dcedfe5501b24b0ccb871c9e43c39564454bd08aeb8e3162a5095

SHA512
b3a39f7a5c78d977942082ae7c5b3a6bcbd3ad9bfb313a07e52ccb44c57fae188857c9256af49581075b4e2a7191d90153f66d9f38c2628250c3b1206bc67cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5fa9f1bbc06760f4446829662a35631

SHA1
be6aff1c796bea9263e57bb0145ef26dff372635

SHA256
26d245b197d02bf19c87a0bd8d981762ba1d88ac8c92756b815e72a252eb8b40

SHA512
8d3088e89e477f104af7739a586d57b2030f3d41cee4c21a01c9ca3369adb3018296e9772c0d3718252b41cb5fd1d4fdafa180cf21ec38dea8dbf38ae3c0dfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
387a8e1f5caa67ca50e918685b55196b

SHA1
d99a568ef4b3d18fbc4ceebbbbc559dc3a8b6c01

SHA256
ac7e60d1ffc81125b89470ddb00a95dbc1144df26775631cecfe0055939f0b04

SHA512
e8325800d082e6416b19ee776b5b7dee59b73ffbf7efcbff0c8a982beb969903901cf1689df69f3daa2213b83ede40096d91458d544fa587df36df8503f178f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ed5c8b8b12ef5c6e376060a6ff64b30e

SHA1
30e448b5c3f2bd46bd1d1835b4d493f7801d811e

SHA256
0452fbc511943f32f70b1f2a7335186134af70cc181f0d63e00aa9897f0b7068

SHA512
26e966f5f9077fd1e988b9f300cff1454b93c74e166049d1f6d8eeecc74fa61a4b67f1d74e1986d9fa2e90d5f8d9a50e632bbc7e655d0796a321fec8d8f9f452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
488a93ebe6e63f372cb2086fd5f7c491

SHA1
070ce5143b0289d011f7cc61af18d9e0aba4e9d8

SHA256
bdae2756b9c6ad6edb90a27182f1c54c6168febbf99b5ef0a6c331dd5b6aec2b

SHA512
9f9727c8d234dfa6fa829a7ff316c6e44bc59acbe8f0f4667bf2861998b594864d19e8ff2c963deb5e95c517b22df7a75471eb3f5cf921d0d9b6918a363cd47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe624ddc.TMP

Filesize
120B

MD5
4a3d0eda42f8580e1db245696b5f7920

SHA1
b4f8fea5fee308c4b7798eb136cfdc0b528601f9

SHA256
b82e6354c2324a191988c57d683c880fa2baa809e58a853fd76d611022619956

SHA512
6f6de4f4723c05ed67d32c5bbdd22407562b73a109353df3dd18a7a01e4e03b6b9ec0be90f06efcfb0d43714ac8066d2afd5def81d4fd19933a14d39cf507959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
feb5b0bca1a6352e10d0307775fe4965

SHA1
a796abb14a5ae6890b87abb1ee0c7764d7e072c3

SHA256
2e69aa1d1a3d89de15e2b15b7bdd018f5adc9ce704246a7c3afa9d60012059a5

SHA512
3fc973b41d21528ecb60a5e94cad3c6a565c093bab3722e46812d26736472971852cd44d519d2b01674a89316c27409dd78d0f13b777d45e011ca3dfee5ad162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
e0860b1fd6f07678096270dc2326d4ff

SHA1
a86c60b75e087bc8144804a0e4bacc56fbbeed87

SHA256
4009c96dad6944ec3c717ce8d9a2a2d7c83282d54f4fd5131c33d513ee3534c2

SHA512
003e5042b608a8c0cfa1f70ce9a696dd1adfecd7dcedb419f1e18a39b189a1faa1cff6e76fa17993425d497bdcd74e000503fbb3f4f56031cc07ef03eab1c0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
c709d48a3fea7604ef212f44e695f74a

SHA1
65236b7f499c0059af98b1179a8e1cabce9f1185

SHA256
7d9f56bdae951bd32d4177d4df433cf99e9283fb65fff9aa65ac9528641f1357

SHA512
615bed645c384efd176c218d3991988326a32f7fed3b7ad3e8a0a99be57985118e1e087d62f5e6ac1d8e1e9c6b69c925b9dfb434200c0efc97cc6ca828363d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
62f9f94f74faceff297dcc1e64208a50

SHA1
478720eadee56344e6bf2ae2afba5ad760d0b9a5

SHA256
3a71dcfc86916c41da5e6edf03c1e723af0f863a549a3cd67e97f54f3c1d22a2

SHA512
8aa19293baa65c896250ee805abdbd057c0fd5c7e795ccb8b65ca5cfad6e5054106fac22a587a9cde6c706da369417b56acbe158cc03fbf2df4d18caf8e7df7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
59443ad744df4a29f3539866232d5163

SHA1
d317401c03c6cda95e349d7b85976670102cebc0

SHA256
36cd1fef2857d79f27d01a42136cf8e5ff59cfb8b31b9047d1c1bd6993317e5f

SHA512
b7c62ae612743e74c8b12c128a4ab0d110944ac39cab15b4b7c157dc00956aeda28b671a25da5c378dee3a1441101a7fe8b9713a386be056a8624fbb3701faba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
5bd22785ec6724a69bfbd350b14fca2a

SHA1
7d44ff4850a7cd62fcd748de5b85b8d9b27a4407

SHA256
16af3e70339d9423df31dbf28d751911e9abf9a756ec8cba02ce4406f361c8d2

SHA512
24c5a97df027e311b9b93fb65a6423b83d693d13075de3a997d44a830e7daaa7bf57fcb787abb7a6d7d0898d1575a2d6370000975c6f0d719b707be0ff6f6ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
d0a6fa109bd76234f0d50e1aa8061d4f

SHA1
d8edbb2d2c35dcbd9f30ace54fa69f2c908d202a

SHA256
bc027f4d88fba4ee1dbb7d67d6e939e34f3edf174d64f2462b0f505fcca2fb95

SHA512
9b4f0bc258814fc9ecb15d19e63b52cf47942927df541c6d865abdd9be9317f713b6194095374852a7ebca4e85d46ad03a6e3e6a1576f3c607e1aaac58526b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
7b82f0f90c42c2d429318c1a81af53d1

SHA1
8a9d1ac157672ee9acbb27830c79b6a02031fbc0

SHA256
7779cda30f233b3eb1a3b0c1e3d8406c6daa053f8049f8b91b36471fb8444a64

SHA512
77a296a7f9e0a37ec7eb0a746cdca23c00daab6d98b26b1a9092fc8b262a77ba9de017281a8bb278d106e3a01729a7706a6edae0f2beb84b10610f2328a60709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
cfb0bbda50e8cea7f59cf22f7926160a

SHA1
060b6b24407ac31adcae5b2cc92685dd7942e74b

SHA256
e27e006f8fbf69758c5b6ef9ff5328820b32c18f5a37b1969dd2672974ecc942

SHA512
04faa6a59cd2714a0c3052b52f1a8cdd756065e056e9d6e2831e66e98542a6c6b6ae7407c2bc18401ce8f751b70416087277807e7e946a2d6199786c1dddd68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
ae54cfcfe05cd6a44cea96f9bde9fefe

SHA1
2e52e4a25eeff2012a183147dc9d9511c451a91b

SHA256
e13c3805327b795c68ac8db5847c3ba958d8b5b91d8592639c9a59ba0bc2532d

SHA512
33795735ea0e0de65acbac314d2ed55dee08ff2c58c91693c575f2cc051e645ff20c5466a1e81ee0a1d8d5263a6c88a9f55f67e52220836a008dd254620213a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
95c5ba75e418302ed19dba247b84de5a

SHA1
f7abb48e743ae6c2e4644d4794431a929d95351f

SHA256
3d8f0645e3bfb0365bb6c4a7a1d6d3d7083881d2cdc38dde7623816f2011fbbc

SHA512
f179c0017b7120a0d75e1a3a6533768ae28a8bfd1ba924ebaa012115fa8850541af4810e4fabcc57bc9081a10dc3a4279c99e3d85df7f37e0244b862dd085893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\builder.exe.log

Filesize
1KB

MD5
7ebe314bf617dc3e48b995a6c352740c

SHA1
538f643b7b30f9231a3035c448607f767527a870

SHA256
48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8

SHA512
0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Release.zip

Filesize
448KB

MD5
65e0fdad0ebd1b17e3c8da73d874ef59

SHA1
e12df958e659734a96ce392ffe3c86dbc448b3a9

SHA256
95e1298cf7ca024edd4d7be7a85fb7880a4696912b5abc239096315c990051f8

SHA512
6be62e061fea32abb3e0e05acd1ff6d2e3bdcd6254e3d585a6f11554a1685004e521d660e5aa3cbe7d9453446c68468805f5fdab5def68ca6d6adc06e703f439

Download Submit
C:\Users\Admin\Downloads\Release\Client-built.exe

Filesize
78KB

MD5
b40395374cabfc0fe70c74afc06aa95b

SHA1
9a63c440bf58702dc021278e0a8b390eee568b94

SHA256
f4a3ef4815bb1129371658db5256344c8139ca4a2c4e60146ef20a80547301c6

SHA512
cb56dc149bc50b91673c94369466f8e1ef1f62c742374e494e5de05331e75803905869c24836d8004be0f7dfbedbc94899462b9660ed3f991ef51d9e07b308e4

Download Submit
C:\Users\Admin\Downloads\Release\Release\Discord rat.exe

Filesize
79KB

MD5
d13905e018eb965ded2e28ba0ab257b5

SHA1
6d7fe69566fddc69b33d698591c9a2c70d834858

SHA256
2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

SHA512
b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb

Download Submit
C:\Users\Admin\Downloads\Release\builder.exe

Filesize
10KB

MD5
4f04f0e1ff050abf6f1696be1e8bb039

SHA1
bebf3088fff4595bfb53aea6af11741946bbd9ce

SHA256
ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa

SHA512
94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12

Download Submit
C:\Users\Admin\Downloads\Release\dnlib.dll

Filesize
1.1MB

MD5
508ccde8bc7003696f32af7054ca3d97

SHA1
1f6a0303c5ae5dc95853ec92fd8b979683c3f356

SHA256
4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a

SHA512
92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d

Download Submit
C:\Users\Admin\Downloads\Release\tocke.txt

Filesize
95B

MD5
35a5b1840e6e1cc5970bb8bf18931a5a

SHA1
bf62135cc26da83af0740a2a73804238bd83fa90

SHA256
8e167287da657242ff52cf14bfd466ea57471758a45fcd57e37a5502b9be6c18

SHA512
18969539c93769a454e4ca140a425af82a4ebbf63c6c80a2a8bae8e67eaeeef63588211d974c1d4801fbc20660b8c544bc341a1c35f65042d014244851c9ec9d

Download Submit
memory/5396-477-0x00000000056B0000-0x0000000005C54000-memory.dmp

Filesize
5.6MB

Download
memory/5396-478-0x00000000051A0000-0x0000000005232000-memory.dmp

Filesize
584KB

Download
memory/5396-476-0x0000000000750000-0x0000000000758000-memory.dmp

Filesize
32KB

Download
memory/5396-483-0x00000000065B0000-0x00000000066D2000-memory.dmp

Filesize
1.1MB

Download
memory/5396-479-0x0000000005160000-0x000000000516A000-memory.dmp

Filesize
40KB

Download
memory/5536-495-0x0000023F24A60000-0x0000023F24A78000-memory.dmp

Filesize
96KB

Download
memory/6352-498-0x0000024DDB980000-0x0000024DDBC4A000-memory.dmp

Filesize
2.8MB

Download
memory/7132-493-0x0000023E752D0000-0x0000023E757F8000-memory.dmp

Filesize
5.2MB

Download
memory/7132-492-0x0000023E74050000-0x0000023E74212000-memory.dmp

Filesize
1.8MB

Download
memory/7132-491-0x0000023E59A00000-0x0000023E59A18000-memory.dmp

Filesize
96KB

Download