discordrat | 661f81f4f632008e591df958e896e99045f0ce568d2456daff1e9aed6bbdddbf

Resubmissions

05-08-2024 21:10

240805-zz1afaycnl 10

05-08-2024 14:31

240805-rvyxtayelq 10

Analysis

max time kernel
200s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

c0520358f424709cf04bf5c8e06881ab
SHA1

a7b80931dff5448a12215ccf4e803f85588cf137
SHA256

661f81f4f632008e591df958e896e99045f0ce568d2456daff1e9aed6bbdddbf
SHA512

e154d851452649b2b13cfd44a847321445bdd0f2098aa9953b169d3cec4197e2ac475a603ccbdd947a2438ae1043e1bd8f457f8a53806cb609ea444cf8fbbb25
SSDEEP

1536:J2WjO8XeEXFR5P7v88wbjNrfxCXhRoKV6+V+xPIC:JZf5PDwbjNrmAE+hIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
13e57cf0b9aac524bef743d6cac9edfba9572d7f67d353dff101c63aa7dbf1e1
server_id
1270024798465949756

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673420810371113"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{7B0BD322-9E47-4F01-AFC9-93B9D7D43A24}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
380	chrome.exe
380	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
380	chrome.exe
380	chrome.exe
380	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	64	Client-built.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: 33	4840	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4840	AUDIODG.EXE
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 1752	380	chrome.exe	102
PID 380 wrote to memory of 1752	380	chrome.exe	102
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 2172	380	chrome.exe	103
PID 380 wrote to memory of 1920	380	chrome.exe	104
PID 380 wrote to memory of 1920	380	chrome.exe	104
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105
PID 380 wrote to memory of 4768	380	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:64

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa26acc40,0x7ffaa26acc4c,0x7ffaa26acc58
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,15068933926784177784,1263306842800455337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1800,i,15068933926784177784,1263306842800455337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,15068933926784177784,1263306842800455337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,15068933926784177784,1263306842800455337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,15068933926784177784,1263306842800455337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,15068933926784177784,1263306842800455337,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:404

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa26acc40,0x7ffaa26acc4c,0x7ffaa26acc58
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3272,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3468,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4020,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,6404274746577396714,10605857303359433655,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:1604

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x478
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
af2ac817e91cbbc9f636481382b93e59

SHA1
894ef7346e32f322bb069e7b352e501bdfe9d60b

SHA256
a792c41e8f33b310d4702758b37ab67a8ee262d24a8d1c85121f4a00ccbc0b6a

SHA512
d8a5a59f87ac493f187a0609972e1e5b05ce579c1879df5172f24c66429d58d7f587b5dc440c3fea3a7b568ff1455f8aa73e8524ebf4d03b537c63b8850dd932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3fb9f19aba2f7fd783063860c1159d7f

SHA1
c75bba8c968ca27c9e3b4f54f12662f80f6a5d48

SHA256
1a2e1253d25e895560c70ffdef5cf783d6a0a207bcdb6645757cb7cb55e76337

SHA512
b07518359b5ffbe713ca9de1078c4470aff43adea979c2bcf9b61e4dd68815e1bff335fa2676af59b2fcba90d7b4a55fbd5f6f3289045112caf2cfba54ba8aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
fe2e40dd12c58e6045ab583272b605dd

SHA1
9f9964780fcfbe7c54cdb226a7c861ca55864895

SHA256
033a9b5e6e8834f32749c4b37df86bbdb1e1045c009f4dcfc6e0fb16f22f060c

SHA512
7a6650f3ba8b41da19119c77c31f67345b6c1bce102393d077bd76275c524c3183f0f98f55e041f8a26699cef15a10e616bfbccce26a121a63184e731f3f296f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
39eb603e2e9f4fb19bdea820a4f25810

SHA1
4f0be496cd58f14fab5b54314fc00733e0e2ca0e

SHA256
55d176c429b33ee5ee1d219a3a2ba35cd83cf5888aa504e34190ae4739132096

SHA512
4e55c177935ce07f71a82d52dfc2d6b006e25b0fc451e37eba4dd645de4e088eb2066f79e58b22d9638c65a9886211b14e2f68d961a2f80b6dec22a3d052a45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
9323f14cbb7c56a613b2d979bbbf8e20

SHA1
866d6c83784439064acc73bc90da207b4b2cd707

SHA256
3b136e0b1fd200bf5a982248cc496932b1e6a6052ad51ee726b40e43de6536ae

SHA512
65a07caf7911331746c7ac67d6b477141a4c2498b112fe29b3498ee208f70fdce8ee8e2d0236a07b64b0cb05fe1fe2a8a0e1ba0dc5787080106dbef9e86c4eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
5b9534e23d083ebcfa32c402e6d41879

SHA1
998db422071f4334914cc324f7c64228a0761df3

SHA256
8c2ab1c69f472962a4fa8f38efa9adc88f269f535055d83e2dc20ab99a16b0da

SHA512
461a332c7557499b0a728cdc3a0beed5ee6a8261ddc14675f41c5048c58a3b619c96f5bba4055ef3ddb81ac52df446914ae18b3bc2a5eb4b7d262e08e1ed14f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
1c4447e9dda87b5bcabb88d0183199d1

SHA1
ebde8c80d68b34bbaa0a813299c795d92c6736f5

SHA256
ddee4b2d5494ca880aa0ed27c99b3e2271e69c3e5418e4f5b334029bea835c9c

SHA512
f12c5a24d1292c0bd82ffcad1ea318f1e86ce869ab3069c3edbb3948fb38b46ebcff19b223edc25b782ef9055642aec33b0739e2fe36d5ca1f8d01d9ee5bbca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7bf903341343d1ec229ffc43a6ebd97c

SHA1
58e6ca2ef2cedfec8780d68ecfe868f5ee4d5899

SHA256
0f0818b1904492aa0e9012bf79fcfc1f797bb8139be06a9121af3a8fb6be7059

SHA512
98ae5dbfca1060cf65137ed4faa826d1d80e852f26e4501379b5d64d3bb699b53936272c819b177010a502d0d3ff2d529f2e6089a2eeb59763034fd237761541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
fe993339a25710ebec86c051941d462c

SHA1
1a7a578b7a32bbe2102a789c2321090d406838d1

SHA256
59ce81d41051a1d16c02906cd586fcdeabbe7ee30ea7b7b1bb0970b981ffa443

SHA512
b81201876efadc61a8fb48718abb16f7f458856f2ee676db8b0da36790492ad930585c14ce200e7a9e079b8115b15e20ed95176cbfdc337b3ab732e5fe72bbd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
d6b0609c4b6edb45553ff9afbfc95e33

SHA1
2697657b75906d3653f48080ec1f3993c07bd8bf

SHA256
eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e

SHA512
db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
fd012bc53c01b6eb00b296afb27570f7

SHA1
80983bd726654d95fe90fbb60167ed9f51555efa

SHA256
2500b9aa60abc76f554ae5d498227cf89e346dc95b66bfbae5486c9bc9adf681

SHA512
16ecd4d90a86838c806dea52c2c65af51431a1852d51c492c94ea106447668ad3674878c5a55baaef67846bd2eb065e3f82db377c0a5d9182ef02a9e21f47029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6bda088e47a15a5d372d1da7500ee029

SHA1
606a7905c0cd53d8e7ac989f6b025527dcb3b8ca

SHA256
729e13fe8fc6c53d889b1c2c4d2052cc0824f95b17744294281c437e4dc880bc

SHA512
5f5c7988a0b020350d0e7ce1379a6e00fcc53748a2d2808c05dfa5376abe84cafa20a51eaa5692ca3f44d247cc5d59896173e1932a4b7d2f5be0aded878e1470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
038a5d9ecfc072a1ce878f7872ea401e

SHA1
fe3b59e353b15ec325150dbcaf00a22bfbae543f

SHA256
99a4879e9da6eaeb537991a6711f65207abf430ddba167cfada72857ae29ae1a

SHA512
96864ceab067214002f2876a0a1eaadcfe7d2a244a46b9847f870484499379995475f3aeb0c21d249a06d49542643b1b5d96cab6aff05a2107b3ee744de4984a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
c83e32aedc5b6d402bd793d6c0e41617

SHA1
38bb199a6cadd068f70f1af89ba6410a7ba6594e

SHA256
74c7b40084ccab7de2c7bb7baf7f3db2ea0ac2f34e495d31aad8dcc8c57279c1

SHA512
40b33955da76cb6bc70a0fa0b85876e2ddcf8b0c5b58836f64dfb6ea388aab46a21bef2df58567914288f5ea5ea2cd29061ed554197b042b0496f6cb70515eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d2d0a9b1c9d121c6662ed4e58e520d6

SHA1
cfb9e88f735bcebd2be6e9379ad1060ebc8febcc

SHA256
ad6aa1efd9e49df72994ebe1c8f3b2417a8a2ef5edea815228b1a677a556b72b

SHA512
9c724705bcc3b70b74dbc29365fbfacc9dd8faa0a9ff20554e75fa3a329f946a2ccede935590a48c85165b20d8b0178bd8a78e6262dd5c6c1fd947ed20ee2351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b95a69837d85b585a5925f455ebef3d6

SHA1
da447c712b7bb0b2d16d387e1a6d6fe2187319a9

SHA256
86649e88a778e25730c8a881450282ce73bc2a65d230b6208a36109c6876c625

SHA512
7cf508f9c4ba00455bf0a2b6a969c809da47d92c1f407611eee82e3e0b34add1d9a6a63a83ed1e9fc87e140ce61e3987d30b97ec7cb9e026bb1767196951c57e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
d34062aaf54f1ec240b43aa5e1b632d1

SHA1
24f84be73fe1bfa7098812af3f954bf97799e44a

SHA256
216b1a69000126cc8541e531b9a221a2506e92dd7fb86561dafbc91c4df1dbe5

SHA512
05044d9c3bacd1812aa7d66e819ebd01ac8fcf53aa0278d841387fee4cd4b8aaddf484329833a52d8eaf006da614400e0da73ab5bd97a723ae5b356e35b5272a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fea03bbb4e0dd48626005f53a5a465d4

SHA1
c5cf255b1fc0a7106c76c395c34ac503fe57be41

SHA256
9bff4624eaf98d2050e47d63c5b2387b287162e7a10cac3b087813470363730a

SHA512
b5e33bd13762a0703039e90c55356b6f3dccc3681dc5394346da8265e5c54a26ddf3030c13ea2dc62000ffd42632a7fd60967199d6716e697f01a41910d62aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5d32d0cc2f0ec9a4d2b68cc14ebab97b

SHA1
f0f4efbcea784a7fba4a2e5d0ed66e29cf5df94d

SHA256
ecc3bde2518c0b8bd7270e694052d92bc58ba31f6e440d7933908818efeeb2dd

SHA512
d955fba0de9e048a10370d29b4f896b9f0b0da4d0f9e634be01d427403450578b2df02fe76510e0639f177f110545813d23138dfb5e58f98e085d62d9bb8750c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
75b9d34c667b9fca81a57d9fc98da893

SHA1
4e02bc922dfc126c767ca1f1c81498ff1982d955

SHA256
da5dc9ecc9182d92437c0db9c50aef345a7d4e9365d9ccbaabad2b4bd77324b5

SHA512
968761d2af0c755241077832c14c6cac90eaed84a65908a262261fd83ebf0caf07c983186c4c481ab1e2e6b53e77d61f131993e0f192a150c2f771143621d535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
87189e03768ef721e1c1b73121699744

SHA1
27531e1c67857a2bff905d14bb6dc323f88b0198

SHA256
0ed0814b5fb21e60e36ad44d8ce8ac5f2cb31e27e5b6899f3aab1befee1133b9

SHA512
bef2e31911378e5842d912a9542ae1485aa263e77af1e50d1997bb100298374448d9346fb0d2148e19655d10f6aeb1ff5feb9b292319b5afd1e6e0a5328c4ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a6c22de-a138-48b9-9987-537e74e2e437\index-dir\the-real-index

Filesize
2KB

MD5
8493efdb44756ad2b7402382b701ea3a

SHA1
ddf4786d5f97748a61286e9b47f1725899661446

SHA256
1cadac8fd817c691d1347383f05005c406c1c291927462db01f9c3e998c2d2e0

SHA512
c2ed5fb0498882e87b1bb75c5d800579ae0cf2988db994d5e286ae856ed795301ea782f12be1bc5b8ee60bad3bff1e2049905adea191df4970880d5ef558befe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9a6c22de-a138-48b9-9987-537e74e2e437\index-dir\the-real-index~RFe5abbb0.TMP

Filesize
48B

MD5
f8d680a0a8ba764e01b386110244a0f1

SHA1
3d8cd07ddd5d3ca5fde54d8fe7da99062d73f7bd

SHA256
6b971d6e52aab847ecf2f5ca87efa105956c37bb174489c4ec644f7aa967fc77

SHA512
cfc2f7e61ea9f2963690db99be963e97738b9d60b42445bae111629ebe6124a16e0fc2d900e7e1024fb78835a7d5920a25f97de23da06c8ba96ba8e1a13eb22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8aed60f-2010-4ea0-8e48-b43d39a2d08f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
eaad26eff226bde2ff3be28b183270b6

SHA1
00e2838a07ddc8d913e3d6b8ed98e794c945ca32

SHA256
e96b16c422acc64f16ad3a7f9acdbad74ad08ae4628baa5c77ad4a3da008c0f4

SHA512
a3f52579638fe5e70a72994d510b0fa87d7f939cd929f8d3e6e8876611da0fdb43e6f5a8b0c291d6abbf7d66e0363d5e72ab84787a887dce763aa9512562c3b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
2e46edbc2c3674d54eb5002b174db920

SHA1
09060a17e8150ae81d6f693e074523ca09ef32a2

SHA256
3ccfa2f912e7306da9eaa90abd6de2c65747f05db99c3540435c759de2b274ef

SHA512
4a7bebf102959596ca550a41032cb32149344436bb4bdc9472a7af9fddfc639750462ef4e0e47a0b7ae206221732e5462b2b6b8a774f4c3918257e79bb4831ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
80fe9f53ffc6da0df5091b74a51e88eb

SHA1
8ecd2854a07e4309427bb76222a9899957ccaf9d

SHA256
25a15b794ea4cb80d4d6fcc3dc48e08f0d32817686623e8640c048d4271bea9c

SHA512
74f5f1670f5435192934bef58ec0028090e8773967becf063af5010464ae64ddec9fd41420fee6741b4fca4391193d5049ac49f129107c56ec3d0498e2ce32e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
124ddcd3a4170ba4f0b9c2477b56dbda

SHA1
7265388513fad0a703ce7b4bc5fa1fc3a9f315cb

SHA256
93ae592d6e9f1ee92cedf65a419c3e17f44ea0dd376670d904ac1194d62e0d78

SHA512
ea6b7825430b4fb2cb896ac0b5d9cd754a1585f81e28bf17eb3e34d7db87fa115cbf0b2791a169610a8948051946b21a8c7bce3abe6668547dfdd4d6c0870354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
4f64bb49e1e56e11e77210ec8db4c9be

SHA1
0a722cdc492841859cc0b355520790ab15a5e7fd

SHA256
e4d20ad95bb27fb5c7cf57c003acf5f298732816f54c32f6af1477c14d79d6cc

SHA512
7236a241c8f87297eb25ab4fc7a1aaf2282b6326886704d4958fd137aba50927258746351b95d3d02360521d033b3faf40bbb8c8d01c4f5c662b49cf842fcd97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5aac20.TMP

Filesize
119B

MD5
6e063e26f37134595d7f6bfe6d73ec59

SHA1
2c1c90d0b4c79088ed5befa679392fa041f46434

SHA256
19ef269fc14024c3eaae898d736e2faa4acd2f9e1979196ec56e46857f4e2ea7

SHA512
b7cfdc9a2d03ef609b526faf2b59eb3b2cab103325888ab97d0ad54cb17d99b5c4b58e7a9d605e2f9ccd51ad5c6723f33a2487670a4e265d56a90ab58ec837ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
e0f4d4dc7f46c446d6aa3afece42b8d2

SHA1
e381385fe6e3d283ad297e990c1c8557ce148e0c

SHA256
012607a7d184ae4094399ae32a9fa90798bd9b731917a34dde55f181f0c4f33c

SHA512
4adeb152747807268da20bba1f71400cf9856789aedc217d8830576d9278b186e6c2253acbcd969c43756af436c8637c84bd42455dc3b7827c24e8dc95be63ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
81be11547236de2fcabf6dfea1da7d14

SHA1
9565f0c92754f233fa45f500498dc9495c606c4c

SHA256
2266e981245b8c642c50c9bddcedcab11bc3f7d71616c4023adddc24bea04e55

SHA512
e8837a6ad8a468ef96ce2fde0058f8409464c18f0eb143aacce6d19b91074a82c1219369341414f55bcb5f9e26e3a1478802e4f2f964f806a93f6352d8df03b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
308B

MD5
4e7982b86b3d7d916b7722aa3b3f0669

SHA1
ce4e874903cb71d9012cc7654ca7a6ba5e4f7efd

SHA256
cbee1100a2c9add47776b7e416b58a809f6feb9fe458bef8185b0c176b5db340

SHA512
c4dda8b36e90a327061dab901730f47fc23cca129b02a157f1ed0c566a1d6dddf272a4e74d3acbf14eb3a7fac0820387a584db9e19ca299724ed7f3030f891bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
9ad30531b141475fb5f2ff1a9a03e366

SHA1
d136b66c74c04ea554928e4916cee26026323e05

SHA256
c758ca0556c71cc2bb922417289ecc2f0f08d5635ba3268214727dbf061fdae1

SHA512
50543cb9d811b5f319250683b74bccb1b4500c188bb9fa78cd1de4d3142a51ea24476d17bb4b5eaf77c1db744ec4c52ac319dc73885d9584c5e6f045001234f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13367342038954194

Filesize
2KB

MD5
43c076f069c15bdc734a79b88b9906f6

SHA1
78e0eb56811d556b813c00a6cfec4585ea18d53e

SHA256
15d737bccc38f5a8e9826eec2c7995e85d46a6a10224f4212c091f1a3e1dbbdb

SHA512
ad7121accb3a33a8497d17803f643221f11f21c983920a635be3f984d593341cdf3a69123c775b7d7165bc5fbb13bd5f6649b720f7d59ba11d01f2da3b01cf18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
cb1a2895de747ee943dc4ec3a5333af6

SHA1
50432e30a0e6e540ebc759607cab5fc64a1ecac7

SHA256
fd18029bc6c16b4acc236140087957dbfe935a132ceb87cfdb7a2b3305590601

SHA512
6a0853ed2b6bbcc9c4ee2626ea40a041956c1c51e390d2ffdd1f65f9bba55aafd294a8906f900f25a688793fb6012b88203a904dc868faf618d5d609941d6e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2e4eb0282a496798cc7c256609e92a10

SHA1
7b67b9ea43cb92955474829c29414a69230f1f38

SHA256
0e0415b10a66789a4ca942abf51d9aae3483deb663e66fe35d22c13175ad53a4

SHA512
4456572b7fe28db9ceb830ef89ac1b50fd99849b53dbcf5caf7045d539c33bf0ab887f5e1aeb9ba776335942a5c2c953c60a7f9542e9c7703bf55929cb87b341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2608_414048636\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2608_414048636\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2608_796133701\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
31cca04d9a9dd8b38b7d21e57cbdcb05

SHA1
b6641414cfad794c8b0b1ecfe19e1a295e882d6b

SHA256
9ae131c48385f08b6918b11814ef2c07336cce9da0ebfdec77b7607843d5584a

SHA512
4b96d47af512a9452150b55a7cee0246a63dccced4198a16e71f41fce23548a1f13b02aec23faef5644cbdd9b15627e828dd5de9bf1529cfe94a693633dadd32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
a525d69124186524f204d8272fa69549

SHA1
35197f2c0bbd3fa8bf20dd48658e854813390e71

SHA256
4ca27ad339af4feda15be0d503f7bf0b628cdd429055b81ca1675bf813699f12

SHA512
351174413374dda816132e0c0e1c6babe9e6371f78c217ddb72f6c4cb190062cc0ee9291cb81a9f4e52bc95d9a11786d6abe58240df334d8e7170137e4f5a610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
14KB

MD5
f3502f3fef27715201799455f22734e1

SHA1
669fa985550ce5b3289f8bbbcae69a09bbff9dab

SHA256
bb39e7481b6b19bdf74a369823e5229b557c836fb051def148ecca687cf7e7ba

SHA512
aaefa4a4530c4e823d2c17103f0d32e8a9306727063a28084e652819636f833777e93ccdb9a7623a210f362fa683348b7867abbc62a9e837b4a0d0e61d15403e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
81e9ef61bb13946ba2814e0ddcb31398

SHA1
7cdc4b4387cdc00fe094d3b57c96d6e371bfe7bf

SHA256
dffe19b7eae198bb03f71d1ce38f32dd8c09afd32a38bab698ae4dd691b12919

SHA512
0beef681a3935ec9c070898b9f1939240a1afb9e5bbc3598003b5193bd04cb066e983d66ba8f7fc3eae24532b2ada59bed06e971e37ed583d0616c37afb3f853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
5c508612f2f75952c3384c134966e1b9

SHA1
71b9c19a0684937146478ac353cd6e65d2830a57

SHA256
9198144e5dbd201fcdc936156cb76edc0f62160e470d966a395317dda30155af

SHA512
754ce9aa1fdaadea20073220a9b48a96ccb80a7e45b4b15024adb42047eea2d910b6b174cf9a349758a4dba8ced940cf7a7e9ca2c2fc54e5f92f15d64d233674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
e65c98930bafc3d06317eb5d8a14b667

SHA1
0e9105c47583b81ef4808d14746aec94290f7ece

SHA256
098449ed19768f03df68105b12a1e2f003d0fc084713e0660311efc9b61a0bc7

SHA512
f23de9b87a3c98050a480440e9e63f1bfc49a4ad856e02d9f0845d000374fe96bb982e7c651ffb66d150cf4e5d027d44a1bca7168b4a33b7dc6576e6fd2c3409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
762d5542b55fc96d66fbd737f4bcfa52

SHA1
1e1539e5473f8e5b516572c48ae28dc888e7891a

SHA256
8301df6a82036da92f5760fd6f89e7c3b2bb6ad5c417f7a35151c37de46059d1

SHA512
385250249df0ce636c5a1376e71283839fe3a9febc80c813b367dd95eb5a347e02f6672297a3943fc6f27ef755f4b976abb99791c3baf16a36572b2781cfeb16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fa83b73e07c3b8fcb4ea19d5ab6fa365

SHA1
8a7deee1b567b7367ec207e601733b631b92d74f

SHA256
7f656e0c9b3309f114daa17363169af5f4641fa3f618c13222e24c4d9b9429a7

SHA512
85afca3d35cd6d14e86a7ab12d262ee4562d6a63402f45948d44a21b79f5484191d2467525b6e90beec1964a7e2f15c39633ba48d6ebfe25afb2f35ac38306a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
f98f41e0e81f61760fe79a697a53d2f0

SHA1
a77df8c6d80348a4cda08ec4fcedae3cc7dcd239

SHA256
0b786157e734230df829a7fe738c2303e44da7048ec8f6e5dc28d4976e3f1830

SHA512
f8e8cd1df8569cb437807f3471b6ee0f282c3ea301e4823cc90a348f2c6870eabd85d07f46236a80d06eb263713a90a41851878e0d58f34740a864cd3a82d4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
38fa364cc479560e248c07240e95b23f

SHA1
237850c3d2e33c7c4a4b19ace97bbae5e11d8eac

SHA256
c25dab3e1dc123b8f5be46ffaa496c4ae5a541fc17ce65eb05f6146e8f3786b3

SHA512
576e1bbefe94262014219453d5716ad224a9b8a3955972f59ec74a72d52fcacc1e2e3d8b67a92b3c1bd5f851239f88b9a5f64ea51c23780f13cb72bcfee439df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
255bd9ed26d91e74d373ca06ad966885

SHA1
c42fcb0563460eaeff802f017942e01bd762be9e

SHA256
64865ea5bc4c6e52528fb084cc3a30a819b8c1516354db15ddc89886c9f135af

SHA512
b6244379ec701a4a972913f77f069da347f103e4c957f6415bbf5be7e3d0c5a2daf9ea2450ab58740e729d6748d74742eb20d0d4cba474a775bcd3360979a3a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
bc66291c8467e3b7ed3995142a350b2e

SHA1
9f7f01ade2ad723b7944d9814a1b27df3efd0ac6

SHA256
fcf0d1fe1b000fe4d22f1e58f7f05db243b1f3a3d33c9ae04b7547e15db229d6

SHA512
17fafe33e98848862b3cba1d306356690ea2992aec34a5e22adf94d8aa96b1e1c5cc1fdecc63b4bd21b1ee9b9464ec2972128a743f112505a3afb276c425d38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
memory/64-5-0x00007FFAA7F40000-0x00007FFAA8A01000-memory.dmp

Filesize
10.8MB

Download
memory/64-4-0x000001E4499E0000-0x000001E449F08000-memory.dmp

Filesize
5.2MB

Download
memory/64-3-0x00007FFAA7F40000-0x00007FFAA8A01000-memory.dmp

Filesize
10.8MB

Download
memory/64-0-0x000001E42EC10000-0x000001E42EC28000-memory.dmp

Filesize
96KB

Download
memory/64-2-0x000001E4491E0000-0x000001E4493A2000-memory.dmp

Filesize
1.8MB

Download
memory/64-1-0x00007FFAA7F43000-0x00007FFAA7F45000-memory.dmp

Filesize
8KB

Download