Analysis Overview
SHA256
2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
Threat Level: Known bad
The file Discord rat.exe was found to be: Known bad.
Malicious Activity Summary
Discordrat family
Discord RAT
Browser Information Discovery
Unsigned PE
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-29 23:52
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-29 23:52
Reported
2024-08-29 23:55
Platform
win7-20240708-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Discord RAT
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2948 wrote to memory of 1616 | N/A | C:\Users\Admin\AppData\Local\Temp\Discord rat.exe | C:\Windows\system32\WerFault.exe |
| PID 2948 wrote to memory of 1616 | N/A | C:\Users\Admin\AppData\Local\Temp\Discord rat.exe | C:\Windows\system32\WerFault.exe |
| PID 2948 wrote to memory of 1616 | N/A | C:\Users\Admin\AppData\Local\Temp\Discord rat.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2948 -s 596
Network
Files
memory/2948-0-0x000007FEF54E3000-0x000007FEF54E4000-memory.dmp
memory/2948-1-0x000000013F790000-0x000000013F7A8000-memory.dmp
memory/2948-2-0x000007FEF54E0000-0x000007FEF5ECC000-memory.dmp
memory/2948-3-0x000007FEF54E3000-0x000007FEF54E4000-memory.dmp
memory/2948-4-0x000007FEF54E0000-0x000007FEF5ECC000-memory.dmp
memory/2948-5-0x000007FEF54E0000-0x000007FEF5ECC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-29 23:52
Reported
2024-08-29 23:54
Platform
win10v2004-20240802-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Discord RAT
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694491785303856" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{A1269B24-DD30-4796-AB61-2D64A82D9E99} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd9984cc40,0x7ffd9984cc4c,0x7ffd9984cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e8e46f8,0x7ffd9e8e4708,0x7ffd9e8e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3384,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3296,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x50c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5288,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:8
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3938855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| GB | 172.217.169.14:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 108.177.127.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.127.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| NL | 108.177.127.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
memory/3892-0-0x00007FFDA2373000-0x00007FFDA2375000-memory.dmp
memory/3892-1-0x0000018F330B0000-0x0000018F330C8000-memory.dmp
memory/3892-2-0x0000018F4D910000-0x0000018F4DAD2000-memory.dmp
memory/3892-3-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp
memory/3892-4-0x0000018F4E010000-0x0000018F4E538000-memory.dmp
memory/3892-5-0x00007FFDA2373000-0x00007FFDA2375000-memory.dmp
memory/3892-6-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp
\??\pipe\crashpad_4124_YMWGYFVOKHAHLXWI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | d6f0b7b6e9203749c6d7dba3f1a2cc68 |
| SHA1 | 71bef87864df25cd0bfc2bb93fb4631374958c4f |
| SHA256 | 142744ba222b15663b225cfb47e376580d02e01606dbb813c253d4b8e1371c06 |
| SHA512 | 2113a3f55fcb273469b283ea4e3f97e4e3adc3fc3eb9302cfebba36c514df9fd3a397a4ac030af98d6d45b6d73247c546bfae1c3bff706795133b3ae67d65162 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b3bf9ad4f3255146442b567b594fb0b1 |
| SHA1 | fe09eb5e8fd80a875e9b8f51969305976def7016 |
| SHA256 | b48e6b1bfda668cb49a9ade4b5374c7cad0c5193497c3db5fb4b26066c3e4d58 |
| SHA512 | eb39b92e005ea5b3a828c66df26ef61eb766b3ad13450b428b318c8bd8f3ab2ec1d19647be598c880340b6efb9049f93060a22b0fa2a5bfd577a3964ea912026 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8971666c0860c3a804f27c3526b3c1fa |
| SHA1 | c4580949498d5f64cc526afb5eee1cb3ebd639e4 |
| SHA256 | e945eabcca4ffd160d2618dcb9cccc42e50b556af4262af805453a999527a358 |
| SHA512 | edf9f9b3afe3733241fca6fbd6b073acdc1ba4db9434f38ade7c5cb338d8cf2c2fe5e467f963b63f8dfa65e8ba0150e16dac6a65835209389a2f78d8d063e251 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cc942fa0ea644e2b4dc6de8a55f37e0e |
| SHA1 | e50c2d76445e430852918ea0bee7ae0277e42761 |
| SHA256 | 4823388e46029adaf7a2dbf6ac6d94c4057b6fe0700294840f6bee9a1a32f3d9 |
| SHA512 | 5ab7e29f60c9dc78896867915052bb71d9b8966a3b85174ad1cd0e9d07db918d950f3d89d05d1113f66e400ca56ceebba411705f94aad36a0fb6f10f1a064ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\730f6656-d1d8-4854-8a01-96f11d77a4db.tmp
| MD5 | 759c08be7bf5520d145a4b2db01d5b00 |
| SHA1 | 85b29c1c99e7f57b801ba76987ff41704966e419 |
| SHA256 | 45f9df19169e878e37067e3f35bc095d227cde5c4646710e0e504cff0695f483 |
| SHA512 | e70da1652947ebee59f72dc0a5137b00a87f030387041bd5765f97b9a748254c6f3a010b478def9c37a3778e7fc23fe984f7cf458a9bc870a8cedd08eef0e9de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 34dd2cf8895d50bf004dd854b4a2ba91 |
| SHA1 | 2cae35767c34fe5034e494b959603881ac74dc9e |
| SHA256 | 2f7d023e385c1e9a51ae348147b4a3900daa461dcd06912929e6d8b873aa38df |
| SHA512 | 6242d2e2a2915bc83faafe10334f73fbc2d3db8ce518c1c1a2d9a0e8dd25227f3122f083ca0cdfdc04977fd5f1445cc13c404e0686a5224d490f93386de3f1e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c14f0d3377ef8d1b3276c6a6db16cbbf |
| SHA1 | 0e8672cc317d22e48eaf1ee6b203efaa307849ae |
| SHA256 | 0cad42738bfe1a1afa7fd19737b756229f4128489e9ef2d8b8d6c845240c52a9 |
| SHA512 | 2d8a60e78558cbbd2876bd895337feb069f5c79a8e44b01d2271a20d46a1ce9fd6e2349a4dda3f86700a66baf428e2706b1873e03d7782549726ae976099bf95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ab30e25ae09ee945413c357ecde49c58 |
| SHA1 | 63a8ae93fa87ea89d7ef686eb87a9f7aa076659c |
| SHA256 | 43b09f7e55b478ae1d3e62e67c84bb26c82d72a2e9d07a20092d18f36f425d4f |
| SHA512 | 30161e3a1ea2717c43f2fbe24ca137dbaea55b2f998b0288f7a03b979e76a5efb627ad18eb4d48505a596b86525dc605fe7cfa32ac46b8d38aef120630a38277 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9474f8506fe14cd9e87b2d8b9f490d2 |
| SHA1 | 5d9df40a3f19a7cb994ea6731a647df837793be0 |
| SHA256 | e102aa1ac7b7966c295cda1f67b26ec192d3b76ea33654446dccc416585a6310 |
| SHA512 | aedf8ba66f40a1fc39a7bb0b92b66397c0ed05d708fec046130f2a8c7d472113f2e6df51e4f03520c07dcc607a215be7aaf34724b7fb8a962fcbe6b8347cac09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc2400c49bb159e3b39bbfeb2e072a4c |
| SHA1 | d00677ff2d881ba11268700c3b0676d76d97ce4b |
| SHA256 | b151dad1247b5c367302ba321dd7f5c72c550b0eacc0331417fd7581cfc0b2a8 |
| SHA512 | 0c2a1b2b0cc6ea8ce6b8db5f798464d28af198b8d7c02360c734989d44edc7d69fd7ffbdb1988b1b3577e218a6f184abfbd9c2ca523e379bb8e09359cbccf1a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 916bf965387157ce08633e3d74028d8f |
| SHA1 | 4eca02245f2581ff4ecb81c5b458047d3e71980b |
| SHA256 | ee80c73a2150e2a9e6f8555ff064e4a2a1e1770424a671aa36dbda92ff23ea29 |
| SHA512 | c5a0dc544b2b05fc6efc712f2c7adbf42542ff8dd597f8f572df995591342cad4aea470242dfa702e4fd765184032b1d59e2b2b5b831f7ee93102a475116b3bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec3a181d7443c2caf37df5bd81fd5af1 |
| SHA1 | 341c5620a72d91036f7c606af8123164b66870e9 |
| SHA256 | 04d3d0c8919711e4f8cf7a5e208326cb0fdc40170d781358186f26d64b229d93 |
| SHA512 | 4b7769a48bb1382173d1aba747fbfe2bde379a728c403294ee102c1a0c84f8b1b21a4193f3c06b7389bb6578e493a765fa9c04cebe7dfec271935e585b7e8de9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0db5fcbfe4548dfff9e91bf002ff5f48 |
| SHA1 | d8c0180f667bc9e5c1aea3c612637af51c8f468d |
| SHA256 | d485033f30d67959c448eb423b719340adde2026024c245c5d27f673afaf1c4c |
| SHA512 | dcd573f3af588cbc989ab41e3b391de69f158f8d94b13bb9cc3f97d1a3f05b18faf6d91dfa850dbe6579377ba08aa8b1ecf6577b79b7ba43f257942efd0d9f68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d54a04d333b6c3e317c439c2a0548017 |
| SHA1 | fd21af5528e330c3a2ca794cb11944d316b2d951 |
| SHA256 | 1f997695416a7fd77c3511fbb5099ec9bcd70fac0377237a03ce1fb86c85aeca |
| SHA512 | 73faf3cb8c3ea61874663345dca0cbe90dbc47f85468db4b8f55a516924376088feb306e74bd867310ca1525d7a7c1b90853424dfd5ab76ca7c100ceaacd3216 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c9f0f3e35f8e89dfe17becc34265a7c6 |
| SHA1 | fa1285b24b9dac4bff6914af831bce1d462253a0 |
| SHA256 | e05d49a70fbb7395309085f4fde675d2a1bf465b2a71c706f23b1836ee6cac43 |
| SHA512 | 42200e8ab5327648f4a058d31135a8c8151e43fab0f3989db749df3ca2e3018f64888796c6b113b1104f9a2bc2161618794f0521ab08c9989af30f789d3acaed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe591553.TMP
| MD5 | 6afff861c04f975ea69a679fc1ec62e2 |
| SHA1 | 7e4d4206b6b4e2f9d3232098150f6029821e5f39 |
| SHA256 | 9f56f28adf9daa0993abafe00b73e67830e43e9b0ed7dd07c64e70424a666f77 |
| SHA512 | ffd129aaecb8eb4c2235e3363d6fdcbe4a3b8d7d63c64eba43e395d8e5178c3fd401776af5206708a19b236e5f450fbd20c9986b7d3371fda2b2ca363bd6047c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 672e2cdfe4a3a68f0ff0d791b8183e19 |
| SHA1 | a4e22cbabc1f27a7f2c7b8d984575f83b554836b |
| SHA256 | 3d9158802741187e683c3d12c1804e721bfdecd1698c32453ea8a40b13dcc68e |
| SHA512 | b08003c5dc4130abc3ec633f7f129e23da89e3e4d3b2deaf73e65bca9c08b47b5f29023f96adf9ae0240889de8eb3214b356ec9fbbd5d02823c54a9fc0fcd77e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5c0df3cf07a7052d10e36cdb42a1b03a |
| SHA1 | 8cb6f50a1370dc1db8152a533517b5f6338ed71b |
| SHA256 | fcfe288e81484405b54b2bfc560a3ad469a01cf3d17f5938a060de0d85c69a99 |
| SHA512 | 0fcd2d57eabacd2ca98a9a0b08af96589708316de102705e83687c124727ea37b823c90879386cb68f50aac3db13d709ea205c70183bb0dd438a028d3a386686 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index~RFe592997.TMP
| MD5 | e7239ce1927c0e3be730c561d6caabc8 |
| SHA1 | 79834b07a46484c7e33454b6b09d921124afac1a |
| SHA256 | c6ebbf8792ceb03df3163af6240a390137d4c9e12a0e996e6b4a2279ebe96726 |
| SHA512 | 1adabff53bae116d5cb4969aaea89a28c714f61427760600a271e6d809f36372a9b4e5f9ce443853cfa4c3bf738bbdc3606863eb42a972314adb64ec1d52dfc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index
| MD5 | ef5e2cd9e8e547140874bcb7ea2b9d82 |
| SHA1 | 3ad3ab1909da84cfb0777a782a84408b1bc874b1 |
| SHA256 | 384c12b5c3afe0e4e17b2731e53cbf8a8a1cb1e3482abdad0995756e50ce52ee |
| SHA512 | ebd47878b9dfa573485df182efa41162b4b65b4bd9db9d2240d944e6ed56e826f29abf64bc03e5e36a7b86be0aaf6a8676575296412231c4fb813f937b9f7da2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 9c93e14079fa6e993fad823bd043f7fe |
| SHA1 | 450b99f41c20ffa07675fc076455474f8245a626 |
| SHA256 | 08cf210014147c8ffb11ecd9023213f5785c53fee9ce8aa614c92455531ebf43 |
| SHA512 | 1c26493f26dcaf8fb115e3d9d32971afdc05e58ad4cc68421f541896c9b085dad64985510e2ca521f9a22dac05a335a31566436c470fb77ca240e00dd842d27d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a0a0d4a29ffa67f095d831f5ab49bef5 |
| SHA1 | 415de2dcaba6ec3702c12e2b0618eeca1bd2ab52 |
| SHA256 | 27136d722349a07cab9ff3a53bda31a324d564a8c1ead54cb01c85c7f33ec895 |
| SHA512 | 1c5af049a9c6653802519be956b3c2d96b972a753deaeef780d44834e9c7a76e56e30322e50f71f07138f6bb98a2cd9e1236615e6c7a1c07763aa79396ae4e3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 91cff8480c31698a4f568bad348b6875 |
| SHA1 | 7f07e6b8730c2e280a6223d84055e8bcdb3cbe22 |
| SHA256 | 00b3c5ad0f081e6065273afcbd978b0fad0235602b057010a924aa904025ef17 |
| SHA512 | d8d34e435b58c4c81e4ff324474734806a123caa0b6c087ecb54ffd59b7019c99c52404127b35ff7ccb30e239ef7566b014eaef53988c012fbfd6c99c486e8ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 2a283c0fc03a66ed6276ac8cd23b6c99 |
| SHA1 | 79cbe1c0c2f1e3acb5e3d85970207024ba1c757f |
| SHA256 | 0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8 |
| SHA512 | 7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | eeed3865918f5f4f828ba620f28ad872 |
| SHA1 | 1a9c62fcb83b3b07e93bb4598e26fec821ca8729 |
| SHA256 | bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c |
| SHA512 | ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | c3a6cdab067beb2f78014e56210ae536 |
| SHA1 | bd117962b45336e96e576c6243009e602d09ee47 |
| SHA256 | e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0 |
| SHA512 | 7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 2b5dfb1918c67607a49e6f784b48797a |
| SHA1 | a8830395cceb8de7687b3b751c6626546f307d47 |
| SHA256 | 5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a |
| SHA512 | eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d478c339b6b039c316538d1b72f30ac5 |
| SHA1 | b3b9f324ee321054c7610e0184b73d5565348278 |
| SHA256 | 4182965aed7baaa20d50d54a20d4b5b5c771ebbde2b76bfeaa6a979915dde35c |
| SHA512 | b971ddd8e99b2161daace3e78ffed8b773cbf4f1f5d976d17793189f5a1e049edcd02cc48ee6ce42ff093b006ceb41a935f8778b6d4e433a91152029efd7063d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dd2c93b69a04cd1dc75c693fdd83352f |
| SHA1 | 8e595b5934f4f5989079b5d8f3b1d5cc86c80080 |
| SHA256 | 8d002075567b105982565f352b3480b119b64c0a347c96608c0a499010972bf8 |
| SHA512 | 60be2bb38eebb05e971d92507253fb862de1d5cafc86c9f95d672c8586a9d76e7f45a3705a9f1d121898f76a400dfbf5ceb9bbff3b86582e9c182586c870e6bb |
C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-945322488-2060912225-3527527000-1000\ReadOnly\LockScreen_W\LockScreen___1280_0720_notdimmed.jpg
| MD5 | 5641512b0154d1f085a8d9c3cef434fb |
| SHA1 | 921a13d3882774d5b038a66ade62700689cbdd3c |
| SHA256 | 0b8ca78426022d8a7189dcd3e72f72988aa1a79d91d2814415d4b212af7de777 |
| SHA512 | 18d703a09932dda66d20273005051a64e2c8e9b77ae9252cd0564b172a9ae539a076330aa7c17488173aad8bcf206106d339f6b224d30f7def276e181bf0f72e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 697e5217a93a4496dd0d24f56681fdc3 |
| SHA1 | bcf89fceb00ef1d4a802156a02a27c4197399489 |
| SHA256 | cf225c038530c342e3f390b60437076cf380c6aa654d36f89d47ba41beb79e13 |
| SHA512 | d83a1f6030f483b35f5c6a9dee0882e9d08ecb5e7c498e43ed2bee698498856f3a341152b12f018872d839d1a48739a823013145bb8ca34b5e2b921c4ea7c99d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 28ac567a828d4a751515639ca7ae627d |
| SHA1 | 97ebc4200261786c973c98f75d40f57c2814acd3 |
| SHA256 | aa3aaa64ef269318b1e706abdab4d6133be9d52a03987c5d71693b8ce635e8e4 |
| SHA512 | 532f9077dd7d620944ed4b71f4c4943b646e9dd848fd2c3d7467eaf94e1c67374b6a7a0ef605531a6abb3d3753d701940e3277ea318549cc0396cab3316720ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index
| MD5 | fad146e38910f50b9a4fde68a96dc3ba |
| SHA1 | dfbb39da625a83375a6860bfe26dc1639fa46d7d |
| SHA256 | eced2c254194135db8499a5ac3066f5286cd2be3ec0d38480328ded075682794 |
| SHA512 | dd2bbc5333db913c542c93a19c874573fbef293a18ca32bf57b64ee98e62905157cddc7cfc1788c7a44a58f9f71ea039a0b55c653fb6ff6403df3bf09dc3f987 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index-dir\the-real-index~RFe5983ad.TMP
| MD5 | 3c50da2077150048f14fd1ddf4e3cc55 |
| SHA1 | 0a6ffc3ebf920d3db28afb70870dde73f39f9dd9 |
| SHA256 | f85fee9102f77c69f7d246357812893d3d8a973428c70733921c5e1677a35a4b |
| SHA512 | 19aa1e2d56544078942b5bfd318ec42889489543cc45dc3223efccc948f097bda9aaaa1df89660434e1722f2bceebb4f80058fecd0d8c180953cc0d0b0617d8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index-dir\the-real-index
| MD5 | 8eda0d78def95a87ea3f2b7b44540e43 |
| SHA1 | 5ddcaef3a232e91f9b7bbdba2eec63817de2bc68 |
| SHA256 | 65a1e6fdf8e1e22a87b221a53fa1485cb8ef7e74fa89ca6513e7c05b83f8c2ee |
| SHA512 | a9d1675f9539708d9b3607f0dc9ac43d6b2787f16477ae6e83ae0d5c102ae1c99af59c051018a0f832e2a53cea24df468daa4dbcfaba3fab06e0656201f78819 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 673375ba797788099c59ee4b8dc65eb7 |
| SHA1 | 85d152bbd54714b1d5d30506e2e91f769ccbeb40 |
| SHA256 | d0fb72dcc121eba9e933022f179948092cbd914d387733d0f71f62237338a8f2 |
| SHA512 | 9e443f60296ba2e1c3e8d2c0ada3ff73fbcf8f67df3c58e9d1eb1fd8faa9bb725c5d8481f666d645b8497c9202a107e501d2b098c645b9c9ebfbafb68a09a27a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff23229d816cddd41d08d82564db5b68 |
| SHA1 | 4486d3781f027388d7a745de9e0f434aec0a9e75 |
| SHA256 | 00dc3f6ec16e8820fcad7f846e6f916186992916be46747951309b3ae96c01fa |
| SHA512 | d055709b1f82df11efc34de2642259fa26ba6496487f16e177004e5839100223fe2657634fea368955edef0630f0e66655c54439f805d704a44846d8eab37c1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f9f31deb05084b3724b85d5e8f7c6c0d |
| SHA1 | 08e1ca4118e7a2a1bf0fe5bf1bf42969692c4dc8 |
| SHA256 | e26e798dd17ce099dfbb6716f62d01a86968e24f5bcf2558f7eca4e026955f21 |
| SHA512 | 2f19e83a55b95e0d8431f89a935d31e4841ccdd68fc933dfd619913397da6cecb2d5b5801bc4c386f2e8e7e4ce3d7a75dbd48be2e71ceda99cca3994f0b25963 |
memory/3892-844-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp