discordrat | 2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

Resubmissions

30-08-2024 04:23

240830-ez17hswekg 10

30-08-2024 04:17

240830-ewl87axeqk 10

29-08-2024 23:52

240829-3wvgkayhmr 10

Analysis

max time kernel
122s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 23:52

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Discord rat.exe
Size

79KB
MD5

d13905e018eb965ded2e28ba0ab257b5
SHA1

6d7fe69566fddc69b33d698591c9a2c70d834858
SHA256

2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512

b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
SSDEEP

1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 44 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694491785303856"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{A1269B24-DD30-4796-AB61-2D64A82D9E99}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe
5156	msedge.exe
5156	msedge.exe
5996	msedge.exe
5996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
5996	msedge.exe
5996	msedge.exe
4124	chrome.exe
4124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3892	Discord rat.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe
Token: SeCreatePagefilePrivilege	4124	chrome.exe
Token: SeShutdownPrivilege	4124	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
4124	chrome.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe
5996	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3428	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 3064	4124	chrome.exe	105
PID 4124 wrote to memory of 3064	4124	chrome.exe	105
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4244	4124	chrome.exe	106
PID 4124 wrote to memory of 4708	4124	chrome.exe	107
PID 4124 wrote to memory of 4708	4124	chrome.exe	107
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108
PID 4124 wrote to memory of 3524	4124	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd9984cc40,0x7ffd9984cc4c,0x7ffd9984cc58
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3384,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3296,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5288,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  PID:3792

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e8e46f8,0x7ffd9e8e4708,0x7ffd9e8e4718
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x50c
1⤵
PID:4556

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3938855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-945322488-2060912225-3527527000-1000\ReadOnly\LockScreen_W\LockScreen___1280_0720_notdimmed.jpg

Filesize
1.6MB

MD5
5641512b0154d1f085a8d9c3cef434fb

SHA1
921a13d3882774d5b038a66ade62700689cbdd3c

SHA256
0b8ca78426022d8a7189dcd3e72f72988aa1a79d91d2814415d4b212af7de777

SHA512
18d703a09932dda66d20273005051a64e2c8e9b77ae9252cd0564b172a9ae539a076330aa7c17488173aad8bcf206106d339f6b224d30f7def276e181bf0f72e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\730f6656-d1d8-4854-8a01-96f11d77a4db.tmp

Filesize
15KB

MD5
759c08be7bf5520d145a4b2db01d5b00

SHA1
85b29c1c99e7f57b801ba76987ff41704966e419

SHA256
45f9df19169e878e37067e3f35bc095d227cde5c4646710e0e504cff0695f483

SHA512
e70da1652947ebee59f72dc0a5137b00a87f030387041bd5765f97b9a748254c6f3a010b478def9c37a3778e7fc23fe984f7cf458a9bc870a8cedd08eef0e9de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d6f0b7b6e9203749c6d7dba3f1a2cc68

SHA1
71bef87864df25cd0bfc2bb93fb4631374958c4f

SHA256
142744ba222b15663b225cfb47e376580d02e01606dbb813c253d4b8e1371c06

SHA512
2113a3f55fcb273469b283ea4e3f97e4e3adc3fc3eb9302cfebba36c514df9fd3a397a4ac030af98d6d45b6d73247c546bfae1c3bff706795133b3ae67d65162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
47KB

MD5
2b5dfb1918c67607a49e6f784b48797a

SHA1
a8830395cceb8de7687b3b751c6626546f307d47

SHA256
5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a

SHA512
eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
753KB

MD5
2a283c0fc03a66ed6276ac8cd23b6c99

SHA1
79cbe1c0c2f1e3acb5e3d85970207024ba1c757f

SHA256
0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8

SHA512
7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
32KB

MD5
c3a6cdab067beb2f78014e56210ae536

SHA1
bd117962b45336e96e576c6243009e602d09ee47

SHA256
e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0

SHA512
7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
eeed3865918f5f4f828ba620f28ad872

SHA1
1a9c62fcb83b3b07e93bb4598e26fec821ca8729

SHA256
bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c

SHA512
ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
28ac567a828d4a751515639ca7ae627d

SHA1
97ebc4200261786c973c98f75d40f57c2814acd3

SHA256
aa3aaa64ef269318b1e706abdab4d6133be9d52a03987c5d71693b8ce635e8e4

SHA512
532f9077dd7d620944ed4b71f4c4943b646e9dd848fd2c3d7467eaf94e1c67374b6a7a0ef605531a6abb3d3753d701940e3277ea318549cc0396cab3316720ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d54a04d333b6c3e317c439c2a0548017

SHA1
fd21af5528e330c3a2ca794cb11944d316b2d951

SHA256
1f997695416a7fd77c3511fbb5099ec9bcd70fac0377237a03ce1fb86c85aeca

SHA512
73faf3cb8c3ea61874663345dca0cbe90dbc47f85468db4b8f55a516924376088feb306e74bd867310ca1525d7a7c1b90853424dfd5ab76ca7c100ceaacd3216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
5c0df3cf07a7052d10e36cdb42a1b03a

SHA1
8cb6f50a1370dc1db8152a533517b5f6338ed71b

SHA256
fcfe288e81484405b54b2bfc560a3ad469a01cf3d17f5938a060de0d85c69a99

SHA512
0fcd2d57eabacd2ca98a9a0b08af96589708316de102705e83687c124727ea37b823c90879386cb68f50aac3db13d709ea205c70183bb0dd438a028d3a386686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cc942fa0ea644e2b4dc6de8a55f37e0e

SHA1
e50c2d76445e430852918ea0bee7ae0277e42761

SHA256
4823388e46029adaf7a2dbf6ac6d94c4057b6fe0700294840f6bee9a1a32f3d9

SHA512
5ab7e29f60c9dc78896867915052bb71d9b8966a3b85174ad1cd0e9d07db918d950f3d89d05d1113f66e400ca56ceebba411705f94aad36a0fb6f10f1a064ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
dd2c93b69a04cd1dc75c693fdd83352f

SHA1
8e595b5934f4f5989079b5d8f3b1d5cc86c80080

SHA256
8d002075567b105982565f352b3480b119b64c0a347c96608c0a499010972bf8

SHA512
60be2bb38eebb05e971d92507253fb862de1d5cafc86c9f95d672c8586a9d76e7f45a3705a9f1d121898f76a400dfbf5ceb9bbff3b86582e9c182586c870e6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8971666c0860c3a804f27c3526b3c1fa

SHA1
c4580949498d5f64cc526afb5eee1cb3ebd639e4

SHA256
e945eabcca4ffd160d2618dcb9cccc42e50b556af4262af805453a999527a358

SHA512
edf9f9b3afe3733241fca6fbd6b073acdc1ba4db9434f38ade7c5cb338d8cf2c2fe5e467f963b63f8dfa65e8ba0150e16dac6a65835209389a2f78d8d063e251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0db5fcbfe4548dfff9e91bf002ff5f48

SHA1
d8c0180f667bc9e5c1aea3c612637af51c8f468d

SHA256
d485033f30d67959c448eb423b719340adde2026024c245c5d27f673afaf1c4c

SHA512
dcd573f3af588cbc989ab41e3b391de69f158f8d94b13bb9cc3f97d1a3f05b18faf6d91dfa850dbe6579377ba08aa8b1ecf6577b79b7ba43f257942efd0d9f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c14f0d3377ef8d1b3276c6a6db16cbbf

SHA1
0e8672cc317d22e48eaf1ee6b203efaa307849ae

SHA256
0cad42738bfe1a1afa7fd19737b756229f4128489e9ef2d8b8d6c845240c52a9

SHA512
2d8a60e78558cbbd2876bd895337feb069f5c79a8e44b01d2271a20d46a1ce9fd6e2349a4dda3f86700a66baf428e2706b1873e03d7782549726ae976099bf95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9474f8506fe14cd9e87b2d8b9f490d2

SHA1
5d9df40a3f19a7cb994ea6731a647df837793be0

SHA256
e102aa1ac7b7966c295cda1f67b26ec192d3b76ea33654446dccc416585a6310

SHA512
aedf8ba66f40a1fc39a7bb0b92b66397c0ed05d708fec046130f2a8c7d472113f2e6df51e4f03520c07dcc607a215be7aaf34724b7fb8a962fcbe6b8347cac09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d478c339b6b039c316538d1b72f30ac5

SHA1
b3b9f324ee321054c7610e0184b73d5565348278

SHA256
4182965aed7baaa20d50d54a20d4b5b5c771ebbde2b76bfeaa6a979915dde35c

SHA512
b971ddd8e99b2161daace3e78ffed8b773cbf4f1f5d976d17793189f5a1e049edcd02cc48ee6ce42ff093b006ceb41a935f8778b6d4e433a91152029efd7063d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ff23229d816cddd41d08d82564db5b68

SHA1
4486d3781f027388d7a745de9e0f434aec0a9e75

SHA256
00dc3f6ec16e8820fcad7f846e6f916186992916be46747951309b3ae96c01fa

SHA512
d055709b1f82df11efc34de2642259fa26ba6496487f16e177004e5839100223fe2657634fea368955edef0630f0e66655c54439f805d704a44846d8eab37c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
34dd2cf8895d50bf004dd854b4a2ba91

SHA1
2cae35767c34fe5034e494b959603881ac74dc9e

SHA256
2f7d023e385c1e9a51ae348147b4a3900daa461dcd06912929e6d8b873aa38df

SHA512
6242d2e2a2915bc83faafe10334f73fbc2d3db8ce518c1c1a2d9a0e8dd25227f3122f083ca0cdfdc04977fd5f1445cc13c404e0686a5224d490f93386de3f1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index

Filesize
2KB

MD5
fad146e38910f50b9a4fde68a96dc3ba

SHA1
dfbb39da625a83375a6860bfe26dc1639fa46d7d

SHA256
eced2c254194135db8499a5ac3066f5286cd2be3ec0d38480328ded075682794

SHA512
dd2bbc5333db913c542c93a19c874573fbef293a18ca32bf57b64ee98e62905157cddc7cfc1788c7a44a58f9f71ea039a0b55c653fb6ff6403df3bf09dc3f987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index

Filesize
2KB

MD5
ef5e2cd9e8e547140874bcb7ea2b9d82

SHA1
3ad3ab1909da84cfb0777a782a84408b1bc874b1

SHA256
384c12b5c3afe0e4e17b2731e53cbf8a8a1cb1e3482abdad0995756e50ce52ee

SHA512
ebd47878b9dfa573485df182efa41162b4b65b4bd9db9d2240d944e6ed56e826f29abf64bc03e5e36a7b86be0aaf6a8676575296412231c4fb813f937b9f7da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index~RFe592997.TMP

Filesize
48B

MD5
e7239ce1927c0e3be730c561d6caabc8

SHA1
79834b07a46484c7e33454b6b09d921124afac1a

SHA256
c6ebbf8792ceb03df3163af6240a390137d4c9e12a0e996e6b4a2279ebe96726

SHA512
1adabff53bae116d5cb4969aaea89a28c714f61427760600a271e6d809f36372a9b4e5f9ce443853cfa4c3bf738bbdc3606863eb42a972314adb64ec1d52dfc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index-dir\the-real-index

Filesize
624B

MD5
8eda0d78def95a87ea3f2b7b44540e43

SHA1
5ddcaef3a232e91f9b7bbdba2eec63817de2bc68

SHA256
65a1e6fdf8e1e22a87b221a53fa1485cb8ef7e74fa89ca6513e7c05b83f8c2ee

SHA512
a9d1675f9539708d9b3607f0dc9ac43d6b2787f16477ae6e83ae0d5c102ae1c99af59c051018a0f832e2a53cea24df468daa4dbcfaba3fab06e0656201f78819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index-dir\the-real-index~RFe5983ad.TMP

Filesize
48B

MD5
3c50da2077150048f14fd1ddf4e3cc55

SHA1
0a6ffc3ebf920d3db28afb70870dde73f39f9dd9

SHA256
f85fee9102f77c69f7d246357812893d3d8a973428c70733921c5e1677a35a4b

SHA512
19aa1e2d56544078942b5bfd318ec42889489543cc45dc3223efccc948f097bda9aaaa1df89660434e1722f2bceebb4f80058fecd0d8c180953cc0d0b0617d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
c9f0f3e35f8e89dfe17becc34265a7c6

SHA1
fa1285b24b9dac4bff6914af831bce1d462253a0

SHA256
e05d49a70fbb7395309085f4fde675d2a1bf465b2a71c706f23b1836ee6cac43

SHA512
42200e8ab5327648f4a058d31135a8c8151e43fab0f3989db749df3ca2e3018f64888796c6b113b1104f9a2bc2161618794f0521ab08c9989af30f789d3acaed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
9c93e14079fa6e993fad823bd043f7fe

SHA1
450b99f41c20ffa07675fc076455474f8245a626

SHA256
08cf210014147c8ffb11ecd9023213f5785c53fee9ce8aa614c92455531ebf43

SHA512
1c26493f26dcaf8fb115e3d9d32971afdc05e58ad4cc68421f541896c9b085dad64985510e2ca521f9a22dac05a335a31566436c470fb77ca240e00dd842d27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
91cff8480c31698a4f568bad348b6875

SHA1
7f07e6b8730c2e280a6223d84055e8bcdb3cbe22

SHA256
00b3c5ad0f081e6065273afcbd978b0fad0235602b057010a924aa904025ef17

SHA512
d8d34e435b58c4c81e4ff324474734806a123caa0b6c087ecb54ffd59b7019c99c52404127b35ff7ccb30e239ef7566b014eaef53988c012fbfd6c99c486e8ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
672e2cdfe4a3a68f0ff0d791b8183e19

SHA1
a4e22cbabc1f27a7f2c7b8d984575f83b554836b

SHA256
3d9158802741187e683c3d12c1804e721bfdecd1698c32453ea8a40b13dcc68e

SHA512
b08003c5dc4130abc3ec633f7f129e23da89e3e4d3b2deaf73e65bca9c08b47b5f29023f96adf9ae0240889de8eb3214b356ec9fbbd5d02823c54a9fc0fcd77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
a0a0d4a29ffa67f095d831f5ab49bef5

SHA1
415de2dcaba6ec3702c12e2b0618eeca1bd2ab52

SHA256
27136d722349a07cab9ff3a53bda31a324d564a8c1ead54cb01c85c7f33ec895

SHA512
1c5af049a9c6653802519be956b3c2d96b972a753deaeef780d44834e9c7a76e56e30322e50f71f07138f6bb98a2cd9e1236615e6c7a1c07763aa79396ae4e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
673375ba797788099c59ee4b8dc65eb7

SHA1
85d152bbd54714b1d5d30506e2e91f769ccbeb40

SHA256
d0fb72dcc121eba9e933022f179948092cbd914d387733d0f71f62237338a8f2

SHA512
9e443f60296ba2e1c3e8d2c0ada3ff73fbcf8f67df3c58e9d1eb1fd8faa9bb725c5d8481f666d645b8497c9202a107e501d2b098c645b9c9ebfbafb68a09a27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe591553.TMP

Filesize
119B

MD5
6afff861c04f975ea69a679fc1ec62e2

SHA1
7e4d4206b6b4e2f9d3232098150f6029821e5f39

SHA256
9f56f28adf9daa0993abafe00b73e67830e43e9b0ed7dd07c64e70424a666f77

SHA512
ffd129aaecb8eb4c2235e3363d6fdcbe4a3b8d7d63c64eba43e395d8e5178c3fd401776af5206708a19b236e5f450fbd20c9986b7d3371fda2b2ca363bd6047c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
697e5217a93a4496dd0d24f56681fdc3

SHA1
bcf89fceb00ef1d4a802156a02a27c4197399489

SHA256
cf225c038530c342e3f390b60437076cf380c6aa654d36f89d47ba41beb79e13

SHA512
d83a1f6030f483b35f5c6a9dee0882e9d08ecb5e7c498e43ed2bee698498856f3a341152b12f018872d839d1a48739a823013145bb8ca34b5e2b921c4ea7c99d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
b3bf9ad4f3255146442b567b594fb0b1

SHA1
fe09eb5e8fd80a875e9b8f51969305976def7016

SHA256
b48e6b1bfda668cb49a9ade4b5374c7cad0c5193497c3db5fb4b26066c3e4d58

SHA512
eb39b92e005ea5b3a828c66df26ef61eb766b3ad13450b428b318c8bd8f3ab2ec1d19647be598c880340b6efb9049f93060a22b0fa2a5bfd577a3964ea912026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
ab30e25ae09ee945413c357ecde49c58

SHA1
63a8ae93fa87ea89d7ef686eb87a9f7aa076659c

SHA256
43b09f7e55b478ae1d3e62e67c84bb26c82d72a2e9d07a20092d18f36f425d4f

SHA512
30161e3a1ea2717c43f2fbe24ca137dbaea55b2f998b0288f7a03b979e76a5efb627ad18eb4d48505a596b86525dc605fe7cfa32ac46b8d38aef120630a38277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
f9f31deb05084b3724b85d5e8f7c6c0d

SHA1
08e1ca4118e7a2a1bf0fe5bf1bf42969692c4dc8

SHA256
e26e798dd17ce099dfbb6716f62d01a86968e24f5bcf2558f7eca4e026955f21

SHA512
2f19e83a55b95e0d8431f89a935d31e4841ccdd68fc933dfd619913397da6cecb2d5b5801bc4c386f2e8e7e4ce3d7a75dbd48be2e71ceda99cca3994f0b25963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec3a181d7443c2caf37df5bd81fd5af1

SHA1
341c5620a72d91036f7c606af8123164b66870e9

SHA256
04d3d0c8919711e4f8cf7a5e208326cb0fdc40170d781358186f26d64b229d93

SHA512
4b7769a48bb1382173d1aba747fbfe2bde379a728c403294ee102c1a0c84f8b1b21a4193f3c06b7389bb6578e493a765fa9c04cebe7dfec271935e585b7e8de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc2400c49bb159e3b39bbfeb2e072a4c

SHA1
d00677ff2d881ba11268700c3b0676d76d97ce4b

SHA256
b151dad1247b5c367302ba321dd7f5c72c550b0eacc0331417fd7581cfc0b2a8

SHA512
0c2a1b2b0cc6ea8ce6b8db5f798464d28af198b8d7c02360c734989d44edc7d69fd7ffbdb1988b1b3577e218a6f184abfbd9c2ca523e379bb8e09359cbccf1a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
916bf965387157ce08633e3d74028d8f

SHA1
4eca02245f2581ff4ecb81c5b458047d3e71980b

SHA256
ee80c73a2150e2a9e6f8555ff064e4a2a1e1770424a671aa36dbda92ff23ea29

SHA512
c5a0dc544b2b05fc6efc712f2c7adbf42542ff8dd597f8f572df995591342cad4aea470242dfa702e4fd765184032b1d59e2b2b5b831f7ee93102a475116b3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/3892-1-0x0000018F330B0000-0x0000018F330C8000-memory.dmp

Filesize
96KB

Download
memory/3892-2-0x0000018F4D910000-0x0000018F4DAD2000-memory.dmp

Filesize
1.8MB

Download
memory/3892-3-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp

Filesize
10.8MB

Download
memory/3892-4-0x0000018F4E010000-0x0000018F4E538000-memory.dmp

Filesize
5.2MB

Download
memory/3892-5-0x00007FFDA2373000-0x00007FFDA2375000-memory.dmp

Filesize
8KB

Download
memory/3892-6-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp

Filesize
10.8MB

Download
memory/3892-0-0x00007FFDA2373000-0x00007FFDA2375000-memory.dmp

Filesize
8KB

Download
memory/3892-844-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp

Filesize
10.8MB

Download