discordrat | hxxps://drive[.]google[.]com/file/d/1jRzD-yRtqzV2T-jkoZI_LUKkrIrpcX_u/view?usp=sharing

Analysis

max time kernel
1129s
max time network
1144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1jRzD-yRtqzV2T-jkoZI_LUKkrIrpcX_u/view?usp=sharing

Score

10^/10

discordrat discovery motw persistence phishing rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3NDMzOTE3MDAxNzQ4MDczNg.G_F5qU.t1aBrB5zgFWzGEPAy3a_MYt8637pe1aT-NyjKI
server_id
1274339438280839188

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 4 IoCs

pid	Process
5344	Client-built.exe
4680	Client-built.exe
4648	Client-built.exe
4276	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
11	drive.google.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
751	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683724655629235"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 03000000020000000000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 02000000000000000300000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000020000000300000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "5"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
4480	chrome.exe
5496	chrome.exe
5496	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1948	chrome.exe
3356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
5264	builder.exe
5420	NOTEPAD.EXE
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
3356	chrome.exe
3356	chrome.exe
3356	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 2748	3604	chrome.exe	84
PID 3604 wrote to memory of 2748	3604	chrome.exe	84
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 464	3604	chrome.exe	85
PID 3604 wrote to memory of 4896	3604	chrome.exe	86
PID 3604 wrote to memory of 4896	3604	chrome.exe	86
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87
PID 3604 wrote to memory of 2400	3604	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1jRzD-yRtqzV2T-jkoZI_LUKkrIrpcX_u/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff220ccc40,0x7fff220ccc4c,0x7fff220ccc58
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1564,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1560 /prefetch:2
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=1032,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3320,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5084,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=960 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5000,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4004,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5228,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5332,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3184,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5608,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5636,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5784,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5792,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6052,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6084,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4900,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6612,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6748,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5856,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6752,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6416,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7040,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7524,i,10825295381509865177,11367817205477426387,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:5804

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:8

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2264

C:\Users\Admin\Desktop\New folder\builder.exe
"C:\Users\Admin\Desktop\New folder\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:5264

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\New Text Document.txt
1⤵
- Suspicious use of FindShellTrayWindow
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff220ccc40,0x7fff220ccc4c,0x7fff220ccc58
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4824,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3292,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4712,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4600,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5344,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5324,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5488,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5468,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5464,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5500,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5268,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6296,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6292,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6284,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3516,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6280,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5452,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6216,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7316,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7124,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6684,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6660,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3304,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6620,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5428,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6656,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6692,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6628,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7620 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6636,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6380,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6396,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7608,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8200,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8224 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8328,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8456,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8344,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5088,i,423932905049715533,10470201216385446802,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2132

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:384

C:\Users\Admin\Desktop\New folder\Client-built.exe
"C:\Users\Admin\Desktop\New folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:5344

C:\Users\Admin\Desktop\New folder\Client-built.exe
"C:\Users\Admin\Desktop\New folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4680

C:\Users\Admin\Desktop\New folder\Client-built.exe
"C:\Users\Admin\Desktop\New folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4648

C:\Users\Admin\Desktop\New folder\Client-built.exe
"C:\Users\Admin\Desktop\New folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
efc82f8314de2fb0909127cebb38a019

SHA1
ffeb52cdf0bffa888270847d4981cc96ba448c14

SHA256
9836d53d4914279fb42e48acea940dc78d94b2ba4866e0731a528c65ff131d2a

SHA512
89d234d0dbecccda14e5fadb343a7b80a4ce464e270d1e17488b66bf707da13c0f0de30ce9f4a20746c5951c31fe776e9d618712fa6a842749555dd1cc2b0866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9e7b9f277615df7a5e0be788e6a73145

SHA1
47875f6401159c7df687cf32845bf72390a64acc

SHA256
4adae07df64c85a88491f24b1e76f98950af2d05369a1dd7e4b4b8813da823a6

SHA512
b059c85b3e74848c20ffb862e0e6ca9fa47838c0fc91442b3058b7efa1fd485dfb6656eeb3cbb503efb0d7de6e44db4bec6be9610de724f4f921c4ca157d7f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0e9901e4ad987437f49fe70e778d051e

SHA1
bc89ceb2af864192ed728fe370a60fac161e1a14

SHA256
6727b767f3ee25d0a886fa5dc478fcbb4cbeb6a27a082fc5e20bd649c485e870

SHA512
39ef52eb13a2b53e6a80081f14db41b3e5bb4896c646c31c9f474c9e206ededaf948f02cb4038054eb07417076c5096af84493e9ea203d32f5ebf37c9b102e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
b815cfc211a5a4fae252ed906af39466

SHA1
f4b901630700c6db70ded861f252cb5d3537433e

SHA256
912e9de8da7832fb435a8ce7317a528b9d6f256905dddf357c1f898210a65bb4

SHA512
d5e8fa95434ad95aff72b2bc2f41f02be719dd05120702b11f4328caaea67b75254eb7343d628490c835e1acc56490427e5f04dc19fccf64633f5edac49c2ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
27e696259d196c5a563c9262f994da10

SHA1
207b70aef3a283d9ab33c21f08dbe8405536a01a

SHA256
191a28fb872e0ba36dd9fb0d7cdf1a35036fd14caaf23c47a6f57218eece989c

SHA512
888a170fdc83f21bd2b65d733d5d219ebeb58ed77da86dea893b464bbd148809cb52ec4ffd67ebfc1a67e8c43e16c1874d26f01b5dccd4bf12262a4c5c37c55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
b79ad138956b882e9886952ba0eb4725

SHA1
a5adf0a84574208bff8647db6a666e32afd7d8a6

SHA256
f64a9bd935a929005d44b9c2cc20d47dec6ddb0be08eecc48b24e894e7170aca

SHA512
22b1f8931e52bafda1ff13072da6cb1f1756a650698dd778a6a6ee904bd3959f2133e00f1f58ec6b997a0587399f7c0e7c655fad4dca91f3116e8ecf5a72d068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
34KB

MD5
0360dbc6e8c09dce9183a1fd78f3be2e

SHA1
6cd4b65a94707ae941d78b12f082c968cb05ec92

SHA256
2db6bc36808d43fa89029c652636e206fa3e889b35ecf71814ab85f8ba944af3

SHA512
93c9f1856142da0709f807ca3e5836065e61bc8160f9281fec9244f31ed8ae8df500cd5c64048ac59b4dbc36ebd18ba8e7fbceef58134dd76441079fae147ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
30KB

MD5
31d53c8cdce8012a24abc8e84aa972e5

SHA1
7287b1ec5d88304ba44fc1958b8de9596274c4e3

SHA256
1b72bc7f54bc9170e605f6c4bb5529668c4ee3efeee602fdb63036b45b49f41c

SHA512
67b5f616ac927b0e001de3b4922e30959ae02afb425db3c06900ba97993ec26b1a1f77eb661f1b41ae1138525f507434484cbd75063204cdfc27c8a1ca9c9705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
21KB

MD5
f512c9aebf49e0c1f701df5d4e157816

SHA1
6f192ee1e7f3b46ad55e681ffdf4196f3099bdcf

SHA256
9564eb053b9986cfaa09be55dde325d12389e732dabad5fe928271d4d1f327c5

SHA512
34e9b080029ff0f1c51eec53753c72d5861b45a8e64ae63ecb65d8c21074f1d98955a1f8ecfd23328684da0d7126edfdd7c7c38574c4c6593e59e4377741ae5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
a7f4b774bd44acbe493a863dc6e7ddce

SHA1
7ff0c917a7712a39558bcb53e49e80cf1e606eb3

SHA256
e909fadaf684c0cc725241ab10eac19938a810607c81dc7b343de3e947b4745e

SHA512
3aa248d63056c712b6e49cc6a9c463bd5eb7e87010797397edfda9fc065bcc19eb0067e4107f66a2ee29afeb75f3e826e982146780eff67434d8f51a2ddcf5c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
17KB

MD5
be8074ca27c80d2fd526e37f5fe8c82a

SHA1
a826bedf82bd1d671d83ab16643d40f6a26a8d78

SHA256
d6224b3ac7bf7fbe10bf51dd5b692dbf5a7a69a9f222c54e80d83ff9ff1f8598

SHA512
829c38d23333a827817908e15d86d82240626e045130f660c015387f26b787da10bdff0813df8d23866c2e80731435771568d8f1f3dccf15a4515a815cb5d8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
16911581ab7ea10687a5aee74cbc5612

SHA1
b0b24248345739209d753a4ac77ccfc1f627b219

SHA256
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf

SHA512
655f1fd60533120099fcf930e6854bab67153985fcb272cb17e8ace674e171f20218794fef914960f41df2cfa90b39a77058ca9c2b02997ea8c73d21871f2444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
52KB

MD5
3db983dc06d72590b4f70c6bb88344dc

SHA1
b0c684d96e905d06cbd7a8a680eda4f0089641d9

SHA256
a3ebfa571fd4ae75a36bf3730017f85a3ea1d1c9899bec768a78c70c5d3385b9

SHA512
ea771b57177921de3614e8c5b6eed6894e5a0fe0416424e542545882148b48f299c9df71764866f7b79eb2b415c31a3cdcf050c449d6e3f719bd32da7435d130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
190KB

MD5
e9b982855d8de62c24693bab0048d84c

SHA1
7cf0c4410c6fda1c5f8f3ded30af5bfbb5deea75

SHA256
85892013de793cd7f75c5cb7c7c3b1cafd538a14913cbc59f789bf60c2f469d8

SHA512
528f5aa50c9f29dcdfe6ac9c1020800b21b96666343211258607d71d340f63e838163e9cf4cc54baf99fbc7c71597b8df75e46310ba8d0269582daf66e393d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
26KB

MD5
ed76b3230fad7ddbc073911373d8b828

SHA1
e03350537c19495628ea3c3827254483b14bcf10

SHA256
c277c9967f04a3483e9142dfcdea2656d7300d00e66f116de284e894d262460b

SHA512
70867212462d893f9212317c551e5265760f5af5fa7f856b38b8d9fdc896fd3c8a89dcb3ce2119a762db0cc38fc2b0fe3d3c1e2ebdf087bf5e7c5833816bff08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
18KB

MD5
c85140502c89b2f4a8f58ce6a0b5ffe4

SHA1
80c2451c8e09fe539c7ad97cbf1f41e85bdaab4e

SHA256
3c04e4fd7ce015f89e448fff19f01d65fdc0a073afc5de46d44008e249f7314d

SHA512
b8fbea4d3046d2ade5e267fda9326535309fe5065e8645f244be3044bee0769fa24a40a2724e33f04aa0e3f5864f94486dda154fd53e704ba0fef1caf6ba4e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
94KB

MD5
c4aa6c4042e42e10d2bee578a0c80ca0

SHA1
eb2401a13a18599ed21de712b737f23060e7e555

SHA256
e26efbb6ad21fea59aeab027ea7c8d60c331f9920015b6bf56a280bc65471f02

SHA512
ce0d2d59829e9d1933275a2107effcb1460564d0bac83bbaf61675f06496d4077b923fb3dae51301ab75cb98710497638344e82b3c4a93bf4c34ec311a58a1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
ae6ac02109e73ee782ce15ae6c78824b

SHA1
ceaf15791748d1602c6cd07375109606458da1f6

SHA256
84f6004112a219cecbf7dc75127ccd823d218270df137fc81471ee8f143061f5

SHA512
00c91757bd913c957726ccf28de29d04f9ee8ebb89042abca69e7309f1b7275bcff06fe4724eca834fc8f18937f49eb670ca22ee0cb04cb801a3bb7a9d9ecdb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
102KB

MD5
e1c894bf3fbd58b78d850ce33d6f3983

SHA1
08d182fede0e0f35c2d3937dad01b695f7f805d9

SHA256
4e3e0243085becdecfd2e3cbbaa3ac44c3f66b994315796dcf7a6b9e09d703ad

SHA512
177508aaf0b27631c3d038cd4652e93a879095f7e0bd6d295be33790dd16a91015eb0b84627a349c76c8b30029e03c4c41b199f5f680a39ca4439800db750792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
148KB

MD5
6c0daa90ea5e7dd0581744958216d8e7

SHA1
0a562b2fbbd27fb07cd1daae855a1a63624dcda7

SHA256
9d750fc101e5a7d2b63e370136413c28170e21c024497afed62dcf09e4b08ff2

SHA512
c93eb5c4f82f610f941bd480743c4eb7e7a508b88ca3fc50fed69ed95abad19c217e22973038d899e657f9bc021e8669616444c07748cba9d9aae07b482d559e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
208KB

MD5
cf1caf4178c7786ee87efb0dd408108a

SHA1
332427e2a9eaef7771f849ac1ebcbe49204c2a94

SHA256
45fd633c2c43380594cc42d08c130596308eb687d3cb068d84e9dcf41934b788

SHA512
d6fe2c035f10532280770ca88c7603fd3a37fa29e6cc04669a2359844c30dd36c78028c9bac19b89e7a2ee05432b44f123277b1baf025cc08fc9389b4d0972b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
95KB

MD5
c876cf3e75501448685361e4e21d90bb

SHA1
5f71215dcf962edec8fe08989695ec4a2455ebe6

SHA256
3073b8355f2ecd349d8715585aa4f18cf31c90a625a19d7806a026fe05f5f44a

SHA512
ea8214eec9d210ad100dfc22518c380dee8b9faad387cbdf720a8629ec3ad0f278948bffa0755fccda05763713626e74cf0617325e77b3531e9e7994d7b4ea3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
78KB

MD5
c9720635bc34667579a8c3cbbd16972c

SHA1
b3fe23d277d17a9cd9c96cb2768071595b4eb88d

SHA256
bd7e024f076629fd19a3074fc1037922d52184ae30aaaaa84a50ee671b6521b1

SHA512
49076416a91dfd0c5689bbd236b0a0a1d997a36451ebb2c834b35878f3eec9c15a516077b735ec7c06df9653cb0f127abe68abcba8022566fcff2c20a0e7218d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
27KB

MD5
7820201f0db0c706a0ea5bb7ce018ef2

SHA1
6d116650afbb3b25bfd6226c7d5ee00dd1fe4515

SHA256
04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a

SHA512
bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
17KB

MD5
d31cbb8014c727c9bc8ca1f67bc21190

SHA1
4d82bead78f7e798e65e2ce07015ba6c5fbcb37f

SHA256
d800789d2a4f2f66461ccfc8a01a351293d85a90119b2cbcf1eb2d67b28b6199

SHA512
3b05c87d6c98cd0d9ab9133ed549ef8ded203100cbea4785df2748213871c5635c89ae9d9ca879f4d2821208093658da56ef62b6e7f324e776aa49cfe7abbbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1a40b1d902c10bc2df591a8af167692d

SHA1
c8137673a1837a7e8fdf75c43075635d87e36a4f

SHA256
84185d9e279cf724722816a3bd3218bbfddff7a6b25c31298fef721564611d9d

SHA512
da032b2d588a567099f958a484b2db712ee2ece9209bb2ace85bf0d295ad66a230807de8f32b602ebfb477fbd2e0d2e0de2ba84d8cc2e53f481d870f0600e26d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
a313c649b6d532e7213b63c1631026b9

SHA1
009870f06138fbb91f8fd70382bb28b51430b43c

SHA256
bd82b44eec02943044a12f2ac6f6babd977d9204c0e0dbd25c9895113dd06644

SHA512
98843f9db9cdc919e9008317eb17ec75bdc984f5f69b886b985f3f08844625a13143a1e9ecba2f68856e85f0bacefb438abbae0ecdaba536dfd6ab8dff8421cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8e377097108dc0e48bf80222ec2d60ad

SHA1
13fede55063ac44b35680c2a473b0743fa5afae6

SHA256
760084c03787e223f68e6219ff8fba0ba223ab444377b50012a6111842fcf1d6

SHA512
89c93f3dc0e909b76ae78a66c1860fcc96de006d015f5b7e592b0a64eef469043a4862cf9b1a621525e1e2de7bf2b7046e8ea5d6339b2fdf979e14e0864f55ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
59b8d4e45a4e509db0fd9ff185e2c6bc

SHA1
9556d4c04f71a16314dd48051ec9d8523889a2f1

SHA256
89aaa65b1e4e28e255b2aeca73441bde28cc29d553411dc0593ef4fce0fa8af2

SHA512
49eae6427cd4e479dc912040094b848c74775222b562e4cbde9485b98d9cdafcdce588af5857fd13886b0b8ada9e2a0f924e68224fa7b4873415e7372f93676e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
32KB

MD5
87c7eaacc3a7790c1322c5739d5eb314

SHA1
1b5b368ed12c8dbf0988eebf2de72da006383f19

SHA256
4a4add54c4fbf8a3367383da0f2b75dcc961a15e2e8c81b29445eb1006db03a8

SHA512
28fd49befa4a5227c7270d99f757aa0a02a14a60b3a77fd4d6122e6fcf1b3778478dff66c9f716dd43a42778d8e2e3727c7ce0b5021a24b6d55b10ab4686ddbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
430966c2f592e300cd1f23008ece8071

SHA1
0381800766be32bcf114b835aafa34cd814a13f8

SHA256
9383e7d2bddf1e11a7089d00713d9d010fa61e3efe445e9420c933f938de1910

SHA512
f921d7fedf68d81f25f4d77365583d90cf38e4e0d536dfeb26c27f8d418653ce6b97fa5afed75834bd95fe0258c1667dafea13fac96db08878c834e8919af21e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
87c29a6b87ecd3ff0b258f2ea1cbb138

SHA1
9415a4245a862cc7d73d6843528addbd2a67779b

SHA256
d21b5f995718dda0e5cad89100fd44e566f427c2ed17394b9205631239b6b693

SHA512
ff639085137599ca5187b62a4247375ff7c9b5e0221b45e109199397cd33b3cb16f8f82183219d3e3cb984d3b0be38294aa55e4b259de661bf01f8a047ef4021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9e9c50151d37d07096b5892b8142d613

SHA1
75fb129ff1a90c55424431d8dd8eb4249b5aec7b

SHA256
c25db6913db612c1fcb35a4d72badf8e798c1938201b7a8c018db5ae188e0e26

SHA512
3ae393e3ceba629443eef8adadc12bec99444eda6dd990b80dad48f3628801ab59c039864a75cd1ffe85d4cd7538420d1e18452f773909ae9b872dfa90137f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
fcbe116d69b31861c13586ba04d40320

SHA1
46b6a547d05ade3b8d585e7228d59f745126ae2d

SHA256
ea18cb90e6b4453723acd78971518f367d25cc64f382470fa2330316d8bcab2f

SHA512
39b0c40037c7df0c2de0aeec681207cfb37996165f73c9c9f6aabbc19b22ec4fdceaad76bbe8d4e341b90a7ac8f0137276d59835836f1d3dc365045a08040331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
784567b4f20ae008559d8ede5e644d47

SHA1
34641054f6ae2ea78565fa869d4c3e86fdd6cf50

SHA256
14a1d5f777ec6d2893491e7573657bed7febabab56ea23f7f1e62ef3dac7a1ed

SHA512
b4dc2a6b9e6fa2d61f7dc835cccc78201406d121a0c475b6c13b1a99cc85e34c8f85a89c5a10ae856ce5bd8e0c6077b614174df234aeccf414b5c360fba4877f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0747a60998802c522abc41b93dc46125

SHA1
bd66e00c88cb7e2c89a1252b3722ebcc37db0976

SHA256
b27a10081458b819eb4c4ea0f73bf2b00dfd192ec3652af3c4f183144c90e597

SHA512
e799887ca29beb8de1343847f61b28fdcabcacd3fe9c1061315c75991a6e249adc36d6d446216ea7cb2dab2c30bc2acce5188a61c27a9c3324648ea11146e263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
859912edc137005b4ff7098bd89d8943

SHA1
eb129f416e908fb465eb8ff62875fcf35aa74ff0

SHA256
923707406ea547429baef4e478016b02f4fa3239cebe8271347929a0edd0b7fb

SHA512
b9b7495725f978248f2263e70be70919eaccb978ef4568fe10441d1edec62688360de8c7ba7cd7033e67672666db97a0761a040fee56250ffbc4342589746ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c1b7276f02c92839e744280938c5f7ca

SHA1
0cced45a9c1557b4d8d1b592725022c4b5412e5e

SHA256
c2ddeef75046bf6e26be9e087090647ad6979bac92fd091c178f0cf224bab15f

SHA512
1b5014ae645866a40ad20b3256b870a8890f7145b34dd6dc17d926b506657d6a9cdf79b960d0d26a789b6749368119b96ed6482397e7b5cc1a3f2ce828df6591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b40a0fa7e66f6589475aa83b80461c3b

SHA1
5afe5129236dcad8117d0b5e7ff3a4eae66ba0a3

SHA256
47dc8e7f34f8b840f24db5f84abd92304a107a9a09285df830340c03c1106c1e

SHA512
ed79a9773c1d59809d4a40a6127ddf198f9befffb0758b09358bf71be6c9dcb197c7d8dbb95ea300fc0fa301ed3cc6456646255ac6bda6b81adf195a5bd9dc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
950fa4f13b8169743dd2a609c1e87e7e

SHA1
59697b650c685e4980aea0202d7d79d8de731194

SHA256
90176ce80d46c01ead8a2b1707ba8478b128eb4c4d2665ab1d733b308116aea9

SHA512
fb6a97d7b16c4be825cc6a5a264c4c769cc7d5c8248ef9218745acef81a60eb3e0262266cf267458db47e2b4b090655dcf1566db36b1ece990733d9eea2dd49c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f6a30f48eb3a1bb75e4bbed9de8e352d

SHA1
4c0c4b11ca09d0d80e0bde8858b2d0a2fc969334

SHA256
17b233b917cd90ebf31996c11a66154ab79db889b8c07a876df439d5ce12aa4d

SHA512
3402a007462b8bf0f27eed692fc77f3eb4615be3e20e182423429fdaa340ee78a38c3dbb9a5b64d73fcf82c696124b763e763ed6a51fd09e2af66accf69e05ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8c20e51dd00a1bb77ffa7ad9dd3de862

SHA1
a0516877cf1852d2bc35b9ba315c731efaa24b29

SHA256
759586258fb20166c5fcc471f2eb336c5f182084bd9871b14b3ab9bf4102a503

SHA512
528430e59c72863144832e679fd75df7f824fe14a897595230709d16fa12fd4efb446578592053d6be654013f24eba0946d9cdbf3a279b875f61f042e45978f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ffc4c95d0d4af0b19a0fb5000e6e871

SHA1
a2ebb1c358cefd595074ff6a5e65f1621bca5b1f

SHA256
2a97e189710d3e22692288b69cec4ae3086c701b31be5a4b5d543c7bd902a3b9

SHA512
9d93df1980c6407671633f9223e1fb0b740feee21dd71a058fae78aaf2ea5bec94d137c4e98e57300500f31302d1e6b65aeb3a0dd3faf209976763adedeb0bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
069f25665435daf34bb15c61482b74cf

SHA1
4e4d19b27533a1231109f13dc06fc15543434b43

SHA256
c6c6ad7819d75a0f9060a6d26f9922674e9a9e64892ed8620f7caf17372fb732

SHA512
55b9bfe5d63f13d4ead9b64ef81dd14a0e9ebe501fdd42831552b6be590a5e2d36fe0755a9ab6770c1eba9bc50034ac75c4131f5ce76a55b9ecc474bd78cca5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5c7609ef03f10422e9dc42364199008

SHA1
67fac11184442dc3664d5919ad8abca5df1c78cb

SHA256
bb4e836f0dd8f330830c734eeacf9879b5449d1fac0e7edf7c51b4d459e4ea45

SHA512
cedcb00beced73e0a78cacec67ba248485dc12785acf417f26894a6beea382afc95f9780f4f21bc860a915062ba589f4c8118bbd2d0316daf02981a14e67a44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
438cf0d143f9e6213311b2bdb23161a3

SHA1
bcd144cec6d104909e64531aeb30b2f24b1f71e0

SHA256
a20d0ab877127ac3aeb884037f566dcc1b2c15694f90c4041850b8daae4ca309

SHA512
406a94949501a4fab135cf450926f5f04584ab694da8f0cd347263aa29c1f74f7717891ab5b4c261d7501ea4363440f14bf98b6b47888a30790719400709f144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24b1ce46454ba311cac84539d89d8ecb

SHA1
936d0a61e00a62f5503213174c73d083cfa58e68

SHA256
f28b02f67f858816d6386c8bfa01e3333edf6ec2b886b9301dfc9e1eeb9390bb

SHA512
b4acfd70143cb6d56b8f424571aa63cf5633c4594768a6d3c1a6e4ab579885c7889c4c009a6a397165635c34626a23c552b1f6fc43b455a787c45afa68de80ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8782778be3d651e335e1fc717b97a70b

SHA1
2cb70ffb4b466bb88835a3ce29e6a275858b5303

SHA256
d63f6d5c7b6a8d82094e7ba4272fa46c1cb4b1ca3fe7def9738067c40feee715

SHA512
34149b0986d13c9c3126ec00d495209409cff66a661156157d210afc5b8b5c4b032c1429ea568f5322dc02d38a5aa1fca360ee8589dc61e410ac3e266b23b0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
934e6ab28f4c8cfcb320d9ff89bac1a6

SHA1
d3efd5adaaa767331195049c3ccf6f3b713f17ad

SHA256
5de1cc41f9d130be0271dea26171472618573324194f327d68d82bac740123e0

SHA512
c672cc2c2e13e4756f3e77ff1d31eeb6430bc3f0936330bb70c4ddbdc222f412ee1d706f6e8ab2daa89db9e3c402ae8ab1f14f77d9590838406419259b4e3ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e1260ee27ad7f706063b059caada5a21

SHA1
3aab7b49aaacd6a5774a3d3e13538f2f20be31a2

SHA256
8936239f5bcc851e272aa8b2b6c3a7fb43334947b0edafcff74fecee90273d9e

SHA512
391c65a0fe76a88e37e2784730f56c376c6321ef1690a5d2a0bbe6a2fe1ed98d0456e11ed96442b17828d35a1e9cddc2104678615db7a967ab919e61946b2e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bef01c7f23b1b443d8f02d5495eeea69

SHA1
084aef96a5e3911c50fe3653645e508b8f1cc56a

SHA256
b818601d1ee23ec33ddfc16034b733b9ce49f84ae65e88d7b752ff9d0102b519

SHA512
e2721f405f453666e39bc217738a4770f8b202c6e0d2210413b436af69b4f362b39a3464b630563c05f66dd0ad3a82c22ccbe87cf10f10c5aa14d898c5820cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ab227777671948880e48ccd451c7dad2

SHA1
6e7036987722ec6a53f26137566a7c8e75542d68

SHA256
ad2f476d5e3775ad3c939ab0503e837eb640e86a92b19cc7a9ff9fbf1134bffb

SHA512
80321521254c949739858042e7c2e2f1226891a49edbd3da9a49e86f6479fd3e598bace9d59ce1d14824582c12c5854924ef51137824eca52bc681d8fe813235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2ba475db24fc6dd8d4d129628565eb44

SHA1
f7c2e2603770bfc56fb0c1b245df225738ceec55

SHA256
4fb3ed3bfdf3f37b5130fb18e864d2d4f7c3054c10dc0195058f40f0181a6a51

SHA512
e4b6dab521bf268af64247ddf0fd387554945996d6fc31d7ecc35681ae27338940df5bcc006331afccd9ede2bf3fb92f3e648acdd7dbfd6ff976c71b7f3ac62a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e8e49a25caacc72d927a43dde020f394

SHA1
b1959c3dea8445485103823990aa818b0c9071f5

SHA256
635f143b36c73ecf36cab5370620a6943d3f5bc52e27fde3af760cf4223bff30

SHA512
eb318c93ca8d74acafecf371a52e4274360f1de8e9e49a81863226ed40d8a3a1b929e53506c93763aaab155d82ea4feb3042e363dd4a3cf4cec6da3e2c9d79dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ed3c85e7f5b6630360e7c4701b430219

SHA1
383fb18dde4960dbf3de9d11b82dbe6a9873ddf2

SHA256
3d5576a1d57723b5589de3c977b21f51d7498b852ec33def378d357b25e31758

SHA512
7fdb017640a86efb513b20e0681dd3835483dc46c9dad22a5109675a1101805298e303f3e90a5f9ce401b65c74ab87a612de8ac6f606a8a1a324e82b323f4621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1231ea69cc90a2477b8843219d8cf6d5

SHA1
8228add786c4e7a9e1b24f5c9b3f0b7a780aebb3

SHA256
41539ba34744aeab2741d93e766ab4b977cf4394d0fede793521d934c098111c

SHA512
750316ccca2eb41edbfa48a4176246554146002204de37039a9ec8a0e5a5b4c9f259081ea70ff1d53b3667c8b7f1f54cf9bad29b9ce4a8de6418e648ac3a4427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
291bb79313c764890f937ee69780bba4

SHA1
655994009a6b0d1675a29ca268cba7bd2969591f

SHA256
4bea16f57cac3fdf6c19af531e39d02579e310427a90b2799b37973e132b081c

SHA512
32f945b627d4cacde8937568fa48fc524e0d9055283758a71293d56a995669e272941d9437f49a0e4f7d8305cabf333499f81b3d78aadc814d52f827a1e99b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5627151c79e0327c14aafa13e64c6b31

SHA1
76941e3707a418a84b704c7e284431273f9dddd3

SHA256
8bd520ff1f248a04b782776a65ea7810f9c097ea1a6a74bd6f0365568b77a0c3

SHA512
8c3b8793e843f767633c488e64cc8ae9e7605d385201c3b8cbff3520986f1bd003182c26488b0db8535644e8f4ef6ef8959cb2238798a8c89e037fc225c034af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7b2e3c32853a948681e3560799820852

SHA1
95cc8925685780ef918d24aa46857a60c615ee65

SHA256
9249433b815a5cee8b3655c0ee1a13b3be21631ba02c8935a1e9a7770160ff93

SHA512
543615ef17ef4ae47734276a26f36816c296978ceed166fddb94a9688fd796365c78f4545269e5bf345f6f677c200f06ded6c70edb6d4c010cd389b9486049e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
498a4d3f59d78100751c49a57d41b42e

SHA1
67ad790e501da32cf0c9184dae73008dda654a4e

SHA256
d7dacc01c850bbe973b732947114dfbdd242ab1b567d060c906a90fa34a13d32

SHA512
7a11eb5f7ddd7b3afdc7f49c1a0fedb5ad4538fb00d6a1cd60ff709bac9810b1d514812cd25b45c2771e3ffd229cb514fd746d32ab2aacd6f04269da38c290bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ad0424ee834a2fa8b607065a7a06792c

SHA1
bfce2281409802f87cfea2792c1d947680ca3820

SHA256
430ed23d790428b01b3ec1564ac5d92b0cc02d93d53f5bf375f40d74550e6017

SHA512
ae1963076968295f0e9571016b82ece644a4582db85a0c12282b16ed4deb68070785769cd97e2178d73ac90ca1880742e41c532873834e31290e0bd76668f258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
2312d65d285e405550c149e7b95539cf

SHA1
a5e809c3df063400b70c3515d32c4fd8ff064712

SHA256
f2a852ebd5dd21ec8403dbed871a233ccbf07250fcc74d7cdecfe2242d60ad79

SHA512
1a1320f8ed624206c25fe502b29314f834bf9a87738b7ea2888286229b264672890a5403748d874b86d1d7934b548ddb23f8d4fc4cc1271cef37ce9c13fb61d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
56015bde3144936713fcca19d0029eb3

SHA1
9e10789cb3caa95d67728f466cb4f3c4228efa50

SHA256
1bad76391e77698f74e2eaa405bba688ea083240906f2240b8be5990cbf423c9

SHA512
e87a683557d9de8bc4eed12ad22e04b8107fb0f09c7dd8a9e1c32f84114d7c5271b8af6380ccac66844bb0f20fa4be89ee095bdb67aa7cb78e4312ae00043d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
68ac3545cc8836280c2d3dcf8401f83c

SHA1
da04aee0cc1e9371f23237c3c7ec9393153e5fac

SHA256
28fdff67e44aa17362e87655b3d8f5ce92fdc5cca11ac29f68118da947b5fa6a

SHA512
5d814a00006202d8c9d9ad6680f88d486b7dcf649362fac9705fc8aff90e16139a7c239660b8f046cafee8bb89b49950665f37ae1061ccbc52e98bd8e31c24af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
86569d6237faebb0c5f89378c920eef0

SHA1
d5ba9ef13e070462286500df6175ed32f51aa010

SHA256
e11baefe08cde87b8d285398eaf662488cb412bf71e33ecba8f656235e994a1a

SHA512
6de00fd3c4a945975c39bac31efdbe1f4763be03b35da5024ba2ca243d0238219f6df6f612603762390389b054fce3705a24bf8216389768a9f152c0d243055f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e50945830ec38b2092bcd13431a54558

SHA1
d027c7a374ca1bf93762739f0e48979aa79247ff

SHA256
da22d58ebdcbdde1563c3ec2cf455b698da213d10bba695a87b4c126b8fdaeb4

SHA512
38be7e8639b725cfbb5a8eaad810cd99a9170ea290f975b3632d19ded8d3a4aad8f454587ea1812de660907b4d1d674149bc35193eb894a9677b63062ea383c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
feec745dc01aacf35dac229f4849e61c

SHA1
b98fe26d1c10f5dcc589ac0c23ff6b2e52198f51

SHA256
4cd9f914d178e731cc5ed7e15780b2f805c9b04f0c8b3daaa001333c687dd700

SHA512
34026ee1baaec3524722d9e7f3b37a9ca2b6e0f55a64b7cca905f7429cce4cfb8a623c940b497109350c8a59c4a8260c0ae8f1c7708127f65c9a07a29fa1136b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6f4a78e5a18e5ce2328a318edd97e2e4

SHA1
4898d615aea2db3bdd7152e042bd3cbd0d2d9c95

SHA256
c33dae4bae1b5b4026c033aa10a3f1cfba44528c9fa222dd7150a0a5e5a66c00

SHA512
66ff01b87ac1da5164c7270ed1fca6e2c8d02356ff556b8dae03d47b2eecd2e812e54f04dad0f1153933e74045d4561d1d8f7ca6ef7b329ccfe547f9f51b4523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
8b138d42a4ccb3e15a6cd3ed4a57b8e0

SHA1
8ff31d7462dad5ab02879346ca5788e22120e9f6

SHA256
ff7e538c94332fd5886da9af12f86b9491ee8e98aa611a6f07e74bcbea91c1e5

SHA512
b76a727f12a50d55d9dd411620ee4288f5058459dbb0d7c562559465ca9ed378a03a62e904486e904fbbed7865662edd50d9c7173c9e062ed1c2c3dd3df805c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e6e0110ad80465dd5b1792e427292e78

SHA1
c39b4660c01448cfe5dbc2bb64ad45024e542ff1

SHA256
8e375e640885517e30e03820c9936ab0ae4e430288f72c2ec622591ec927f841

SHA512
ed6215bd82f0d0aa82717b5c407d770985c75f3f46444506bd4b7ab8b6dca171c494119400a335c7658ec63380d4beb50b7f9ce4ff60103edddaea817964535e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
bf08158155d41c1a422cacea8f4deffd

SHA1
d11db216fc06e87087e7288303e0d1c850a336ea

SHA256
3105b381f15b832607553f11e6da307e1f7c859f9fa4174a1b5cf308da9cf825

SHA512
20c3d9ccc54a7226c0c71f66af889dcc2ade290a039c6b8b278921eeba94d61acfae619f1fca23a291074472118c152ecfc1de0dd2a095dabc2ba671710560ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
8304f41f1fd433f06bd30b7dbe05dd83

SHA1
f4cfb919540c4f4778f9144087efdbd4824b41d4

SHA256
d4cbffe002efddf743914ef2b474389a6b5992c97d6d0facf9e33c1bf2c50182

SHA512
f60724855c1e89cd1d189f702a4c0e0e3a051b09b0c99d332cc8c605b506981f6e164da7c9cca5889a7d9211d40531dbee3357af38ccfd90c2db85133b296123

Download Submit
C:\Users\Admin\Downloads\release (1).zip.crdownload

Filesize
445KB

MD5
0e6e5181871377b46c5341495b138c21

SHA1
1872e76ddf134b904e3b97edd4aaef8835dab7bb

SHA256
7fb7c3607375c2a599f58eb818506a1088006cf0bd38018317563cafd9c3ccee

SHA512
311149b6b7335826accbdaf880178cc811a3caed19b483490a0e68ef93b5b17acd63fd1e7a842e143c47a5c85b8856d2580ad6d72c1efbc2bfac26448067bbc5

Download Submit
memory/5264-536-0x000000007458E000-0x000000007458F000-memory.dmp

Filesize
4KB

Download
memory/5264-543-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/5264-544-0x0000000006A00000-0x0000000006B22000-memory.dmp

Filesize
1.1MB

Download
memory/5264-542-0x000000007458E000-0x000000007458F000-memory.dmp

Filesize
4KB

Download
memory/5264-547-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/5264-541-0x0000000005840000-0x000000000584A000-memory.dmp

Filesize
40KB

Download
memory/5264-540-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/5264-539-0x0000000005660000-0x00000000056F2000-memory.dmp

Filesize
584KB

Download
memory/5264-538-0x0000000005CF0000-0x0000000006294000-memory.dmp

Filesize
5.6MB

Download
memory/5264-537-0x0000000000C90000-0x0000000000C98000-memory.dmp

Filesize
32KB

Download
memory/5344-1059-0x0000029255C10000-0x0000029255C28000-memory.dmp

Filesize
96KB

Download
memory/5344-1060-0x0000029270310000-0x00000292704D2000-memory.dmp

Filesize
1.8MB

Download
memory/5344-1061-0x0000029270C50000-0x0000029271178000-memory.dmp

Filesize
5.2MB

Download