discordrat | 40df802ea915c8e8512b89ab2a679abd989cafc5b790dcf2f477aef02e73b5a8

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
23-07-2024 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spoof.exe
Size

78KB
MD5

76a1b0dc7b01f3dfa44c1b413d1296f2
SHA1

e4275d58a76b2af020e481841c820f8ecdfca3d9
SHA256

40df802ea915c8e8512b89ab2a679abd989cafc5b790dcf2f477aef02e73b5a8
SHA512

1462f6b854315afd5b476f3dcdde99a35a3e628fe4d87a793888dcadc181abc269b926a77d98dbecfb3cc700e351a065cc9ac36522e39611bb7618ba395c18e5
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+7PIC:5Zv5PDwbjNrmAE+zIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2MTA3ODI5MTM4OTg3NDI5OA.G3D8Qc.joy_5q4IR_-dLRqBD8D-WZx-8MohCtmgu7lxyo
server_id
1261065603079471246

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662025589462674"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1356	Spoof.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1780	2300	chrome.exe	93
PID 2300 wrote to memory of 1780	2300	chrome.exe	93
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 4508	2300	chrome.exe	94
PID 2300 wrote to memory of 852	2300	chrome.exe	95
PID 2300 wrote to memory of 852	2300	chrome.exe	95
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96
PID 2300 wrote to memory of 1240	2300	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\Spoof.exe
"C:\Users\Admin\AppData\Local\Temp\Spoof.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa85e3cc40,0x7ffa85e3cc4c,0x7ffa85e3cc58
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,1328493343420288496,5754108753486373726,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3592

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa85e3cc40,0x7ffa85e3cc4c,0x7ffa85e3cc58
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=2376 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4548,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3452,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5032,i,2458456915189269187,4901457616560019153,262144 --variations-seed-version=20240722-050308.793000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:3992

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004CC
1⤵
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6b0a1e47bc0359b8fd144a112e72ac34

SHA1
db2675b3dfb624c6beffa72a86e6bfae3dcab5cb

SHA256
75d85bf95a68b3a7cfae18582ad352eb73d53b6764a75dcc6c31f80156b4e903

SHA512
3e03b47d3a654696c30987f035f4e4fbe9cdfd526afdd921fe3e9865dad3e62157025dfb08765352f52dd57a379844dfadd906a77f2c038eacf2bb1e04f03c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0dd1af92a9de8ecd29eadc1d662b101c

SHA1
8a5b0a78d66f845b10c0c537e10a0283c5450661

SHA256
f7c8d25a82240b7292c40617d04cd2a08d7adb0601021a4090fd6fb467b10372

SHA512
d135976f5382cfa1d1a9cc17113cc0cc4e9b35bf281ce1e07f35651675731afa16df63da0a211ea691695fa5bb7c9d88a60f14b5b6a649b1a78aad5954d708ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
2b9aa291d81c03043cbe1e256a2a0af5

SHA1
9bf59b6dbca61e6003a4e266b0e8ab2b80f9df66

SHA256
575df1bae1a65ecdb788a3ebb22da13e7b73905c52d80f086635b1d701594427

SHA512
6e98ad62c8eba8605a379cc121f07c4eefcedc55eee9d00daed0d04c645d368ddbd99752aebda6ba6fd8a53b5b7c8671cd78c30a0ed917ce5bd58d6059472e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
97700906894ac79621adacfde859b810

SHA1
c7b9726bbaeccef99ef0f84a9b64086e07286055

SHA256
d5c937d71a7cee3fbf44d448f1911b5116ef964a0cd66adb45bd0574daf16d26

SHA512
5ed661e2bcc4cc352a5c4a1f434bca8ed9aba544930af5634550d4fe8c924f7ef0c900420d6f60e15a72c7b192f3261b394890d1a5f9a3195e24e42cadb78315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
7af52e07996fb6ba3aea8d5be4d5facf

SHA1
06fad85e7c294f80e9f745cdf3f88b02bb21da99

SHA256
d5a6b330d318fc5f307415618fe8c878425ccab50336b50e17563926bf3e8172

SHA512
bcbf795ec3ee23fdcad78c8297a5febac003b273604b553d0df9ada8353e472848a3f8878e3ba061e893040aac6bb6677769a9453f24f791e0dfdafb7d1dd76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
64f7a49bad33982316f76bf0de10af18

SHA1
954927ebeec56088fdb249eda75f9525c341708e

SHA256
f7a1706163cd395cca411f4df9e74776c464ad96171691edfd1f2e261eace826

SHA512
8ca769ae66a381014a78f69b1ec45f86c2771cc7a18230f492f0bd2bf5afa0710bc7cefab5f4b6f2d9fac71ff186c917a3a59f648108da60b2d7429156ca80ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
49a7e7fc716a9febd1290708862fa259

SHA1
7451b42a740416e054618f35930483218f5ccde1

SHA256
3534d06c743ef8bb80c89d0fb649f24e78828a3ef33e865c58486b8a890998e2

SHA512
d4018cf4f27997fc9955f8eb83eb3155d5697771a4408de5af531af0164a08eecb394984c4062242fca4b5c2a3c16c9c7f25904dec2e2f607e86313a798a6335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
bd2a1a0f42015c3fac1bd1619f3e3360

SHA1
82813244b5becaf6f71e3af2ee1f68797a3917f0

SHA256
6ba7f189f33f7c150e7e44370ce031319c5d45fc0bec99bddb68d60f629eb486

SHA512
f60fac62fc3367df133629b7871b5aa34b6ac4bbb89ef3d4948963b444a58618fd5280f18f281eff67fb2b8ee1721e7955b3f950f60e43d5bd4b671d2c1d2bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
31e1d364db40274cd094483f5e4bc4ea

SHA1
b5dd79734aaadf8d32b14134dd5f1979565f0981

SHA256
8ad162d4347f96eed3b9e6d1bb04901989772b8f25f648d3915030095bcff400

SHA512
6164650da52f281a42f40b55e4628a70f483e47d554df8d7264d906bafb238812cf0afa4d6ad351559a5bb095da7b7626680065d87309ef7e84c65f5d13852ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1ab28da70d85da2f5351b8921e23f548

SHA1
fc5ddb2dc4b4aa3a2d9b5a813add8c0723e66dc7

SHA256
fb2253b2b98ac68eda7c7be280b51c46f0825ffea4c7cfbac178145a0cfc318d

SHA512
a6f0de3b7b5cbd6dcb51cc60cf7b14e10ad6c51d82cdad3176b3fbd0f7fd6ff842f58f77e14ae6df8cc963b3979a8a546810c4b48b50df067d2b1039896f00ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
7151ae3e0fb0776bd98ae1c1af39cb1e

SHA1
b020dd1d1e3330a4b11b285496027e5c926c4dfb

SHA256
2e2049fba9f080fc71e5f2ae099db876315d88e7baf69a6c7e1f13e8f1b40c2f

SHA512
88e0d66d37bd05f3e5e0661c064705a14c9a2b703e47f7de22be7556765d0314d05e67c072bc08c4b81e71054c227e66f2f393a7183fb4c26bc46933eb38b0e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
5f905d7fa5eb74c917006065369b46cb

SHA1
3f2d3371bc4654a669907640be1611fa691d1381

SHA256
84400cd382cf07f6caca5381dc36c5d2837a41abc58fd44b30503eddf33b1d83

SHA512
f87942e2e9076365be966cd291b120b73de76f4537320d60b21df0fbb9680a49e3a1c6791c43fc60cd4e669d2b5455695f978c7695e4e199eb75834d633481f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
fadc8ffbc09f1647f086828df180dece

SHA1
2fb6c082c4317a92ff272b340b33af142b6335db

SHA256
00e5a896c91c720ee07d545194d0780196efae08e3ace4e74d6e622e58b6489d

SHA512
6412077a40fcc0aab7efe2ad8939dd59d97f4a8d344fb738eec81dccbde102aa987729146e13bd7a9261b9b85781662f3e438114a89b3d5cc69436c973e40eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
75725b2120297e005d38c1db88483ba9

SHA1
31199a90cf993cea6f8c7f432fcd9458cf49a91f

SHA256
5961a38b5164b50765f5ff71516b0b5f18fe5d094b22b76c9bd7c979c106af0f

SHA512
38698c7043d7e4607f5a9b5cc2f31bf1d0a7189311deb1bedcc64ad5c456d993ca42d87c3fc5e413439cf9e01ffe1457fcfbbe8482a734bf14bc005b58a74b8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
72f5de5e4144b00b5e9767da1d7a4cd6

SHA1
4d75f9264366842bb088b984b4bd4077f2169220

SHA256
475f53f92728c3bb3d731ea749ce240a796ec7dc9f9af1dc13795c1888f60883

SHA512
a6439376ad7959ee441c33d95b0f81722437a63f67ea69ab99b6cca4b6905e040d21e6255fe2751287cb3853e4a3ce04457ae61bc1047ff6f936aa55aa614851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
2b6a64b56525423cf68b9e1c4441c6aa

SHA1
191a931f62614d2ba52b930f46a28b7d45f2563d

SHA256
e394f4c033192c6b8be1834053ca94f28174a57e6a16bbd076e56f1e34c088fe

SHA512
06605347e69b9333bf7d94a1ca6a2d2b3bf4a9f777d2354339a3417f79cdf178610d121887606fe81ebb5f9fd9bbff54378c996ac5a5d8f9b81bfba7e8c85d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
56107ee7d8cad34ac8353e21dbd13c73

SHA1
b0aba675729515b4ac6bcc2666ad76649bcd0f7c

SHA256
a8be88965e9da37956b987aed91cabff3ff486e5009f6daa2c185d1c16b6057f

SHA512
c49cb4bda9095123b0326db0c384996f1e07956476d7d839ab303c93e0f9e4f33e0b324a7461cebae30c0422590dce7b19579fbfa7f71bd1387e1379fbb55e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
075bb6e4ab78e838a26f66d3d06a1f52

SHA1
8b0a2b83887b7e5a67400ce6402e8dca8a4cc6a7

SHA256
25d49bb5b437497bbcd2b67429e8bce764a161cffa06bc08a60f56ed50320657

SHA512
e8151847e644ed36e5f8fd296c1e7edb9d39fb69625048590ec4632f99aee705655f9b2c2e10f21674790144dcc92514f82bdbf25a9cc8a95d11d31dd3585b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
3ce2b65f27a860732a64a331092fe8f1

SHA1
9e18f91a3c4d75cfa917962d5810933d4c6ad3ff

SHA256
dee7dd9d0a215121693b6ac2f79415119ae6a1f012ab32c78c54e4dc86b965c8

SHA512
d9e9a630fcb2d540c939f82cc213535c72f0f99864d6d46293b27be9696910d1f5852dc461560b3d9ad554baa2e7b8126eadfe4271afad0050da27ad05c583c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
3700547010f52d65bf35fff46b3e6f7d

SHA1
cd11237fa6b4cc8025cd79cfe0aee6bb2eeff0f2

SHA256
0522d4d22e772fc7491fe89883a56acf0eacd4d395494abad3258f56c25be6a2

SHA512
db6b5dc3c8022c8d098d8373d7966fc288f71fe98f859be6d4ad68e3947581fff1feb852170c5d759e9e67e0b628ac40b5236adb23fc3a31dd851b909ffd60f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8ba57913a07eba5e21220cacc0c513f6

SHA1
eb48e287afb9d278a8cfc0e8613fcc28ae6ed4b5

SHA256
fda67f98b76e21f7f1cadfa5af137717dcf45ff9644516e6ddcfa188e4917648

SHA512
4ad3268346f616a808199d7c7634eae18aaa88c79abdd3def260d125d7cc9b37d8b84a95cab5a50d20ea6f0bc1a47e20184d0a4a3d42cc9dbeae6cbdc9475895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9fb1fee448a1f7dc87439daf45e8679

SHA1
99487fa69a6e961d009d7d6a377df419931a6fec

SHA256
f3d5d28564917cceed908b18ae5de95db7a58b8209e334411cab615010278e38

SHA512
d9371453683512af43d394eb30f04600a0eabd2cfc56fd798e8482ca46f9651b9eb1ccd98d314abcafc565842c107d931e87b9c0ea1b4ee683ea1773c768c1ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9501ab83dcfca1230c9304c1f54d457c

SHA1
d68053d5a3ff41a3c48471dd18f46fa70480a354

SHA256
ae5c00668b5aa0a8b9360e7bb672bb351548b3a3f844f5b1af6573d2f70e05c0

SHA512
7508db15269a435a57f3546ab58d2a6b156746fd8fd80f60b9a6ca59301be3feb0cb4f3f180886ba10448e4df92bc5b563f0a4977e6606677acc4ecf13939fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e58005260d4bd919ae44751b1148007

SHA1
5e1351518cf62ab8567896a86afbc6849b3796e1

SHA256
53e0c5b637e53d9b394cbe59a00b8ae559278d440fc73e92bc1f537c3f5a03da

SHA512
67d5309b042831cff84047162438e8489cbf4d2b7c173128c3b130ad25a9a770eadead641006b725e3ecfebbca3be0ac37f80364e060113f793ec807261ae889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d96fdadd7faaa5057259d043c8a7107c

SHA1
db5040720b63d7810ed7b25c0306cea44e86de41

SHA256
0aec6d9e31b07e6afd2ffa0211a1b702b177cdaed1c256eadec00b05f92d677d

SHA512
7effea854fed2be5355128c3d204358c221326a1260247e967f5550f402907b2414397bb6efaabd212346b0ff4d20cad347a0c924e3bb0853193cdeb606f0e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
377f5ff0c7bfe3c98c5507dfd1b271bb

SHA1
c604352de7720ae7b56beaeba798ab21dc43e312

SHA256
3f27836b108d8164126c5edede604e7f2df78573e1ea47e60f743541fe9dc6a3

SHA512
6ad48e4bfa97fa2a862786f18f0e3f4143af8658637c962021e170072bf872881ac9fec2ac02b936d2a096d283a2d14a36bf9595c0afea2667ca8269c97f4cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f9db31695c9dbdc29c80f44d71940df

SHA1
cfda712e60dd17be95e2f7bd8083a0096f44f5fb

SHA256
827339b0100ab53a83986ad66368b83205bd6f7026677873f8f07039b7e45528

SHA512
04d0db1429d34d92fea227bdc8e565f4b1ebe8fa9128792827bc2be095cd24fa127dcdd88e462a5929e98ac861451c00674f8f64163eedbe271640d2b46ad38c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86c590533f9884b95801c376e56a0600

SHA1
e519d8d4ac8a0d3d291558453b461b7de7dc5a41

SHA256
b99085082ab7389425a5678ee3596f0a821a257cb2df5e8ab11d21d8f4d020c9

SHA512
8469af994912789f3985038b03cdf6328391e0abc37333b1738aef8cf2b680c4ae845d0ffd32c3408d4b29a58067f6dfb94f1a05433c142b2b5e216e4d9539f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
703946469b1f2a988f1254f832d15e54

SHA1
5215d18aa9abd41d83c8477e4e3c856fd9dd96b0

SHA256
e0ef463ce4af53d2fdb8087c392281e4d8d9c98cefb21e32cfcc5b08c2174187

SHA512
1a729b83b3e54270bc8ab8638b87a0a57143add940f048a9d19fb794ddc0648bac6f19b4aa5dc3bc1dc14c65ca345c216e9658f06268386130a9ef65288c4e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
8b4a5ab60e57156cdea1e15e137303a6

SHA1
8057ce854d9b85686ad32c8a984f4d6cf5644299

SHA256
89bb8b0c4df2f24497279876b437af72d48c2263270c9e7e019d240f478407c0

SHA512
1ed9087f2778b7089dfa4070dc4c60858cb2d53a1810c6cf14830046c0d7dcf551f7dc856ee9bf152143b16d82b8ebd84877bdabe4f9ef3ca1c654b0e2438313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
339272e8c13569ece90391616268f38d

SHA1
1407410321dc7740125a8f68c9acefbd2dff2a36

SHA256
9c5c9d7a1586a893e31f5799a1a9cac77b18790f6dbf106bf4897b0eff2447ae

SHA512
fec1c134e2a6565fa2bdc6c1cec397ac914f4f7d2dc79e0f848da2990ee46c11f68b430536bb7a882dfd9e567ea151dda62d26db323a1a6c1a066f3a8929cc4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
35b975c0d5e08ba44cb2f56e11251acf

SHA1
06b7fe7f46dfbea3a5cfe41bba71e36b8d70408a

SHA256
e011f5bbf52d7fd52bebd3893fb1284599ccce99072177521322a40efd0b7799

SHA512
fb442f66802ece5e585825bd686715537be5b091df9dfe8a1b9b2461be71d707f0987930a74263882537b5220e5ef7a37b091a31f1afee6b71f8925ae65c5bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13366202557962781

Filesize
2KB

MD5
5800619dcee1bc0f6e14494c10fccb9e

SHA1
b914d9b9ee027729e63f3704ee4cf9d5da1fa773

SHA256
3aa0ffb6bddeaaa430df9af2aa4dd54fec9b44dedb62ae0d84540a4df38df283

SHA512
df78dd99b78e46bbf48b2c3dcfc78092bcb6780c1c0c4af9ddaff20f137c95ea6a2405e13883d22edb5e559fedfec52925e7dddbae29bbd4e85ef8e0946bd4db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
4e59a6e6eee350a61968d447c605e552

SHA1
e41850c1bae44d21a0652bb7be36a4262f95e0b1

SHA256
e928c3a2035fce9434ba632b969e0967e6edf755ca68aed3abd28fc482deba56

SHA512
16476fa3fd158ae169d335e0130046503a0cca0b058b779614bfa8c6314b0219e6997156c4bfd227d0d2a76b39f6da696ed9f0d1f48e7c9f20c858fece9dd557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
0c1d0c27f3e4baaea0d85bd74868e5c4

SHA1
7f41f111dc5f2999888f9509db041c3bc76468ff

SHA256
8c5ad60598e3b4920dfe6391198df301ddaba2934be22cbf0245a6970d31781b

SHA512
a698cd05aafbfb4f58d2595d94c8b8b4ae2882a9d442e3e1b05c7c626d6e4944ffa64753c822b203b5a3430aa27f46e75bdca60f836806cf97dc2fa3f4f1a85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
d092a31840a3f9ead822395b1b742a8f

SHA1
78ab915bef9a6007257506384483d1211bd51215

SHA256
de2d62f4916a5916dd5642bbe36df668268e888f09a62c5644e4809d220a3752

SHA512
8a9cef5297d5ab927cb59f1eb633d09131cc0d8ec03a8e73005d13ada7204a105a22268ccfaf02ed17e8e9b6bad32521648461d4f5b72129233944c6f12d6e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
2aa3a2e4ed0cc97da421549d95eb2bd2

SHA1
9f76cc60d7c53ff3d465f9c238d2c2d2d32a7a7c

SHA256
4ffadced73f1dae9a54f2742e288707eaf71603cf00039ce402d24fd4ba16b71

SHA512
9b19ef3c0e73fd984cd3a9913a19fb3c981fe31da0a5d508699515b53b16c28a0e4388c9619a2289bd01e0528d17e0d844ac78123d0f9f2122e8eda1a6c077c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
7017052b0b2d9804f78e27f3ec5f2e7c

SHA1
c24b580ebde303d53376916948e4640022e01924

SHA256
ccecce4bff2788e70d9548f31c17285d3883f767ab664afc7cdefc81e1bb0e89

SHA512
b6d2fca01786c9f99273281ece3996b905578b3f50f53d539349232c01eb3d29035a2c6c6f421c03e6a17251d00d25753efd596d10bb7b65fa7144ffaba3997d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
51a10621439defeca8cff58786c4214e

SHA1
bc02e852e82c99c98fd5135feceb3b495c0670c2

SHA256
2d7430a1023278f6b638af15de14c0fff5cb72d67c8b8b40d23fe3ee63acb44c

SHA512
0a313ac7e67f618ba9ca687efc144cd54bfe694b0fa3505499d1bfa531c673b77ecc2975a556845252d98c1da0b4570d464310a3e19074439922a5a83b06a863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
27778c86b320d96b2e1d6ab4953d7e12

SHA1
041c306385ac70718e6932f535cff266adb548ca

SHA256
4d6ac047192eb68fea6db664fadbac89a0bdd304f2e7988c04fb0c29b4bcb8e2

SHA512
c2109da1300c434caac7af40890d3587fca916a569ebaec8116d714f511b9479b41bf7ef6fb8d498734907ad9a7138e3a727b6d9a184be900efdfb537c621297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
5a59e3681bcd767b2ce270d7e437c70f

SHA1
9aafe5a6deebe052385e13734757fcb3161eedd8

SHA256
ea4e26d1cd6c29c0b2c9fa00ee323eaa5138c83a08befa42763aa352f33ef060

SHA512
5f7a6a2e1500d0a40636233223f6dcdbd75242cd47313d8c938c30823799273f410c0e05935ddf03891a5d9861aceaaeb4df76f5b7ed1df157312c0c78187062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
b60b796b9c20c7c7c89c3f8354d167d2

SHA1
3063297193f231a24952f1186fb05e6b93868b22

SHA256
0b9bcf84469d431bbefc85c4ffe02c9a8f55e28a6cbbd989223a70ae96624a50

SHA512
401fae6adbf43d1e3ecdd95abeacb5b6fbf63b23d94ae80d6d6762b5ec5475c3817336b10216ced92d3a5415affcc8014c197b962f546c9927c7903c14bd1528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d2561899e024f68cd8e4e87281ca83e6

SHA1
0c2ecf9639c572f3e523500911926e3317a09185

SHA256
c6ce052237c6f459dfcb4647ccda3e60b2d14562109629e0e48b1274353c76b7

SHA512
21ed8fa74782be758d4990a2e9eecba2439725b24099dcce069e6c92fa3188fae7568c3bd659c0f681f78e144df110729f389e3be127dc7e9f5495763613975c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
3a625cb2f4dd74105bb80443d91fe148

SHA1
40d6d4b3aa78a74c53921dd5b5c1b98cc5374ada

SHA256
2f5c49cf66b95582d6cccc64c69c933d44f110ca3e5d7208612738fcc3e1dde4

SHA512
d141e16a2f15fb848ae9edaa558c7b57cdf27dcdcc13d5c0a2829385abdc499385976d39a767a187b5eda5e4f4bd7816daa3719234102c86e696e855f358c0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
b157f118d6e2346e249a1da8f8e46ea3

SHA1
287231bb101233621ea1a964d1c4294d9b1fa68f

SHA256
d9b3c9c3ec6d9cfe4c227c49b4503aeb4c9af21cda4a7c2c5d4500ff58175f67

SHA512
1003987d196500fce719ebbf9be6654a78ff646daa8e7f4b1c8318e9a1b3909f25e4af0d2396baab53166fbd2fdedb4e92ded0388f04012c9a640d2d1f41ac6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
eb3e91a20b254f81011c78e16e2a14a0

SHA1
a3e0402f1fd0044cb3069e6e113c5b1e80c0a98f

SHA256
42ad096a6f4c9d27fec377000f45d9a5af292cbf2fddb33564d354f903271e14

SHA512
b27886daaf5c396c3cad704b537a7f5f3d22577e318ec770bca6ee4f1c3b0151c238066e253a3edb53fd6aaf5fdd258cfad52f347180cc93c3dfc0d87c0186cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
12b5789e80e252b937bc1949d0998cce

SHA1
20d337f1cfc13d1f9d67d8ff50e080fc11c297b8

SHA256
cb27fd557fe33c2a07d06faa6281dc8b6921ec7ccc68dcb8c77046ec6486fa8d

SHA512
0fe70d8aeb1df9b5e9eae08b71808e35b5aa4b165d337ba4d291cc7cf3d965302642b26f0a2c42cf6821732a6d318ef6405bfeda26712898f53f6820b1d3c379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
260743bb53f508d8f6afe0b81c5de7ba

SHA1
885bc63b8081733cc8ecbe98783b0b6751378a6c

SHA256
2fd59d503bbc3e242525289c2ee866f99ad6fe794ccff64f82186d7502afdf88

SHA512
0a3181f6c4da3972e639d0a7ed1d6d99f3554002614e10f540994cc0b62c41c5a7eb7391d4b94e1e6c6969ef87e0c3bdd2d362d621eb9687efec2b2064076624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal

Filesize
4KB

MD5
a017c48abc5a3d94a1ecd9c841799674

SHA1
c8a8d8b80e3a8a084847324a30299ac792c54573

SHA256
6a7a446d12e2ab200e1f2577461a22ff7374a46b1c3c89e79a2b8b7d4e773fba

SHA512
78a5cd2729c2945d5d7040943dee6464ef651af6b401badc62f0ef0658c34cb1e7ec3206b2f7b6a1172ddf699d1b1e5e8fc42b96588ac9e01a13b553496d2b2c

Download Submit
memory/1356-0-0x000001BBFDD20000-0x000001BBFDD38000-memory.dmp

Filesize
96KB

Download
memory/1356-5-0x00007FFA8ADE0000-0x00007FFA8B8A2000-memory.dmp

Filesize
10.8MB

Download
memory/1356-4-0x000001BB995F0000-0x000001BB99B18000-memory.dmp

Filesize
5.2MB

Download
memory/1356-3-0x00007FFA8ADE0000-0x00007FFA8B8A2000-memory.dmp

Filesize
10.8MB

Download
memory/1356-2-0x000001BC001D0000-0x000001BC00392000-memory.dmp

Filesize
1.8MB

Download
memory/1356-1-0x00007FFA8ADE3000-0x00007FFA8ADE5000-memory.dmp

Filesize
8KB

Download