Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/1BBCyKKR#0BcXNMbdW1r2fsggeRP4xvvq6yXd_ftr7wOQEcDIp_Y was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Browser Information Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies data under HKEY_USERS
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 15:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 15:09
Reported
2024-08-25 15:12
Platform
win11-20240802-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Discord RAT
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Client-built.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690722158903140" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/1BBCyKKR#0BcXNMbdW1r2fsggeRP4xvvq6yXd_ftr7wOQEcDIp_Y
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7c96cc40,0x7ffa7c96cc4c,0x7ffa7c96cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2360 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4284,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5196,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4776,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5576,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5356 /prefetch:8
C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffa640d3cb8,0x7ffa640d3cc8,0x7ffa640d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,6069910623510443381,10683977954837502093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5716,i,16056687594811162712,11366081412810924562,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5720 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.11:443 | g.api.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| LU | 89.44.168.221:443 | gfs270n080.userstorage.mega.co.nz | tcp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
Files
\??\pipe\crashpad_2780_NIRNNRAKHBXCXDDQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | a1fa046a45a187dd0e4cb0aa7c01873a |
| SHA1 | c9db5510bf9e04fb0b4247238bcff8715787d409 |
| SHA256 | db2c1c395330c574be16b7881c9f7508307b073c401711e9570cdacb071f5ab7 |
| SHA512 | 56b9b60f81c69d9611fd459d1e2af45f859efa3106d0241bb2ef495a3f150cf7ec0d71c6ad015aa4dfbd7f9bda82981679c4e78007735529e47421f469b40518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 263f397f64e870124f29a75de00cb3f7 |
| SHA1 | 16a924b8e8fc0f2cc918b300b74834846668bad9 |
| SHA256 | cf88ab8a35c21fdadbbec54855e8480e337dee8d65b7c151223ac610211d0362 |
| SHA512 | 388d2ad6c655b4220193ce8321efadad8a18e4a306433b55c84ef6b050fadab38a4dc57b710b7e4917120841c10c10aa54fa6ba9c96aff52c7aabb2969846e86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e0d8539dd5c2a46b303e2af150e49a8 |
| SHA1 | 407d8c3f8d4d256ed5cddd24de5fb3f6ad4d9412 |
| SHA256 | 4917e9095fbc47342eb676f4bfa4504efd844ca4f990e83ffe3e71661d1619a9 |
| SHA512 | 18f5ba2972d2f77fa22e47a85ee3d305b4f806a3ab8fb94f74bbf8bcd1d924df411445606ff3f2368ef4d93bbe78c5332fe48597a62bcbe47a733969e026bfcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8aa2d7c41eb4fcd986335f5cbc3fdb6b |
| SHA1 | 6991e3e4e5d3aebc6ba8019b4d5317406169539c |
| SHA256 | ea4d11f57607fedf5cff60c814027b9c9470fec99ab6c5a4218e23a3d85386e2 |
| SHA512 | cdcd86c0398ce4e37267c14ac9e1bdeb781b2a594e887356135cdc477da20cb8c0357abae3f22cc4d94bdbca071853ceadef7848c06c539c52ac2819f73551f4 |
C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier
| MD5 | dfcb8dc1e74a5f6f8845bcdf1e3dee6c |
| SHA1 | ba515dc430c8634db4900a72e99d76135145d154 |
| SHA256 | 161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67 |
| SHA512 | c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d |
C:\Users\Admin\Downloads\Client-built.exe
| MD5 | ff847e46cf128da78fd77a9e977e6419 |
| SHA1 | 37d08015addba8cc4b7764d15b0f20416aa8da98 |
| SHA256 | c9f8cec5acf6448bf61584f9f04a477ec2af9f0e4ee4e79170b0ba7ce50da7b3 |
| SHA512 | 6ccc3e14e7aeefb54d58b79428ee53601414b880ccff24673faa36311b4b9ee3aaf8c1b1b795e85e43d1a69f2876584889c122d4c9e1599244b2fbd04dd66fe0 |
memory/3208-180-0x00007FFA66A03000-0x00007FFA66A05000-memory.dmp
memory/3208-181-0x000001E27C5C0000-0x000001E27C5D8000-memory.dmp
memory/3208-182-0x000001E27EC90000-0x000001E27EE52000-memory.dmp
memory/3208-183-0x00007FFA66A00000-0x00007FFA674C2000-memory.dmp
memory/3208-184-0x000001E27F490000-0x000001E27F9B8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dfb3f188c9a5eef7ee6fe50a9642f0bf |
| SHA1 | c4f026275961b469bce5293764e2b71c4273282b |
| SHA256 | 67e7beca508e24366464c8dffced3edfa56dbf30c343ab8046375d59ff794a6e |
| SHA512 | dc9f7f6fd0eb53fb370466ff1a713bf563f70c443fa426956f3026e44b64e1b43e3914e5d4276300700a59d006f8c4717855d6d2fc176cee77bdacb4fa1069ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d7423f27ab98f531643ddcf3028283b |
| SHA1 | 17b857dc76e7ee7c9c2246d974371ef89bee88f9 |
| SHA256 | 82b48008a76789ed0d0e8d549f938bb324311cd5b56e085a04349be122ef197a |
| SHA512 | 37bcdfbe200f89b4e05958e6056ff75f2111a758a29dd07ecbf378c4a167896e99caa9cd68c7303c2ca803d028c6bfeb5314bacb153cec3b785dbb1e3a729cac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | cf9d8bf3d7a0be954f7634c2328e531a |
| SHA1 | 6f91e7bcbc7c03fa08400fc6cb9f50cfeb7916ed |
| SHA256 | 101201393ff26b309f11853ce5baf658d81efc67bac540bf7b2b3727da2f6aee |
| SHA512 | 2bc88c155d2ae6f61287d686418105af34ee1b927c851a2cd8b89cf01ce9c4d8545a36e28caf1129c2e8a822bc29be8e30f145cdc695d747de8131b186e000cc |
memory/3208-204-0x00007FFA66A03000-0x00007FFA66A05000-memory.dmp
memory/3208-205-0x00007FFA66A00000-0x00007FFA674C2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e8115549491cca16e7bfdfec9db7f89a |
| SHA1 | d1eb5c8263cbe146cd88953bb9886c3aeb262742 |
| SHA256 | dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e |
| SHA512 | 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b87d239164ae9004c21b69c572fa0154 |
| SHA1 | 951c30aff1e428e897afe47ac49969a1b8fff699 |
| SHA256 | 11d7d71b6e883e6abd0a6bab295c613fee5997bcefe4310b22a7b961cc47016e |
| SHA512 | 6c9d84ea8ec149a1bc975a6fac7decbaf5321724477cc20d5aa87c58e3d5ceb89d5e759a8a9c00b22ce2486274120bbfa069b80164edb3f45ee72b05e16d43e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e2612636cf368bc811fdc8db09e037d |
| SHA1 | d69e34379f97e35083f4c4ea1249e6f1a5f51d56 |
| SHA256 | 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9 |
| SHA512 | b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 302ec6f56b61d1894d77e5f37c3722df |
| SHA1 | cd9adf63e8661eeb16447a1ba543b682b12d211f |
| SHA256 | b124170350f8d93fe80d485ce130b975b244c4f9127b7f29568f8ac271285947 |
| SHA512 | 3afd1932d953240728766351bbe5f94fca292a138be1df3e29e0893137a1c8d75392ca65cc9bb225a8c30f979247d920c76b415982cb15b3d27c24fc5b600709 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8d3ae44c6085bfcf65df4988f0f74a20 |
| SHA1 | dc79dcbac073adb88a231f0b0581f0944ff0b14d |
| SHA256 | 433a6ed1c62fb46cb762e06236a20be58a4d929bcb5f749f9e93d6ecc2fd44a6 |
| SHA512 | 496fb23da38983d00df846f0b0c4ab1da833806cd64b526aa4c5e47b7b0a0ad594bd0ab8250bf07a707e5a28fdf2fce7624c20254ef957864ee2a2e61f4f8232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a009766dfe95e36f1261ef91006653c |
| SHA1 | e39a39e32cf46f9a482435423fab6a3a7d97b5f7 |
| SHA256 | 347b3ce1e10e5eff2fac06a656afec90141990f27e0d52a588d58988252f579d |
| SHA512 | 23f0d7b7922deeac0c4ab19500a444ff4c573e885412c799f549978b1663bba3d3a0880118f4c229bf97864c43bd7139a313e092523b4c15120b2f2092f1a757 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c708d3abdf7c1f28e0d6307eff86c13e |
| SHA1 | a741b5688418c1953ff2a28586298591fa15262d |
| SHA256 | 927713a8787275e58e2f9f322fcfe0d75e74041435003114a4aa7af45b76bd9c |
| SHA512 | 945ab0c1f020f49bd972c66777159969bd9b6463efe5ee9d42cd224d69f3ec82287725808aac6daad8e2a5e223e5b2db63c264754c650832b6e8112917b678cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 220489484b18f3eae9e16d26af053ea1 |
| SHA1 | 0a1159a4d52728ce2e0a10f6f25997c13a8875c1 |
| SHA256 | b2e6a5b5748902ed10fe349ab4ade42f403b22715bac6a5bad9123d1c9893e19 |
| SHA512 | 9b61389e219f84983ce813c9d1c02a4e9ab0282b2124f327b827c66b00266c680fcb9a2f7bcb7d107056691d2af166a4795657584bce8b48dda97859166d52eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eaef81e875efe9d1a97d6d75ce746235 |
| SHA1 | d0c4226cd659511b96e3538d635c42d655220cf6 |
| SHA256 | e421ade8f586ba72ebb5319e85641ef9638c135cc6139a7c33b89d267a102046 |
| SHA512 | 993ab46e544bae960583d047579c166f9ae91db34f80c8b9c480449dbd7c6d885cc122d1cda923f2224a68142301058ee7733e6467230cc8498dfe56e710699e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6aa8f72bd32a7abfa79b813315f5a4c1 |
| SHA1 | 16018a9272cbaea68af1763b416a68e585a71a32 |
| SHA256 | 6f9946e84b87f1ccfc1e745a486d638acc494974ac9ab076b69bc2476735c8f1 |
| SHA512 | 95d8bdeaa207a2a59a6ae72c95efc09634dbab4ee79558a1a97e53f20e5b3153da106eb0810e1d14a67346b1f2573c72a6676e8c605ef352d3586f3a00281e94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13bba5ba5ca446f9d93a7e8f95723f9c |
| SHA1 | 1626ca5f39cd05aed0846abe70924997ac9e5c59 |
| SHA256 | a81b28f5cf3b4a5c7c7466e5d128dcedebec17194a1991d7f13b10b744ddbf9b |
| SHA512 | 93fe7a60edcfefab837274e4f5e4b6ed6e86321dd27a30f32fa0d013d49993bd8c3b09c593f6ea49caca8f65041aeb36ef8c65a6ccae8759d7a95c7c2feeba8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e09e18be207f8da922e03192dc3b2225 |
| SHA1 | a3e9fc28bd402f373d077703eb59f8f4d05e34dd |
| SHA256 | 7a71758be689db2f3801acffb0ccffdc69108d99b67dcf3897ea8a0cece78bb5 |
| SHA512 | 0c8606e9d6e732b84e24f0d64fb919277f5401e1f43fafc2ba46d7378215eec49078e94017eeecfead1de406ff76a0e3a43fd0b0deae083dba2f24747c49981e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 447cd41e0fb0302be7734ad86027b640 |
| SHA1 | b1a4c614de87a4db9523759a975f1fb6e03a749f |
| SHA256 | a25f33b248f4b6e4b29be6ea217837c39ba701592eb22983046d2ed2874ba04e |
| SHA512 | 9e1f4962df36817f50eeffb422987c3b614ae61720384545bf732c989fc923658289e110ec3a46bb1ebc219d58323f9d760171a1bc28ed86a4138c85b91bc5fd |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\beb64af9-da9e-48d1-a0a2-df4e9b27e3c4.tmp
| MD5 | aa1fe92ec2cfde5850d6003640a0a460 |
| SHA1 | 7a1dee0991fb807d398f84f6e30bafdf00784db5 |
| SHA256 | f121f2cde70ca3b939dc820b4744ef06999c7ac368be489fcd3fbbcc4c58b811 |
| SHA512 | 3f011bbeb568136cf3d0b04f6e3704ec307b7f76319a5033f7d3e5a7fbcf5c19a8768b525f3e1f57e4b85a2602ed3da7e4566e6ed00c5929e1a4b5b9d58c4459 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75e4e4d8f1eaf3ff9ab485100c9bc0a2 |
| SHA1 | e9e342bbda263593f2e4378a6d1ec9776c45c017 |
| SHA256 | 72ae1d97bc8496a69786409df9cd1df8f39ea6c0cfd02cea8328ab4b3050cfc2 |
| SHA512 | 3ff43964fc5e40e9fd19833e3142a113facca8a3e60c46dcbf03bf42907cc17e9d6f84281dcf948a6d98c07161b7dd243b4b35e61bd2091aacbc75b1f38bec2f |