Malware Analysis Report

2024-11-16 13:03

Sample ID 240829-3wvgkayhmr
Target Discord rat.exe
SHA256 2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
Tags
discordrat persistence rat rootkit stealer discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

Threat Level: Known bad

The file Discord rat.exe was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer discovery

Discordrat family

Discord RAT

Browser Information Discovery

Unsigned PE

Suspicious use of FindShellTrayWindow

Modifies registry class

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-29 23:52

Signatures

Discordrat family

discordrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-29 23:52

Reported

2024-08-29 23:55

Platform

win7-20240708-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2948 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Discord rat.exe C:\Windows\system32\WerFault.exe
PID 2948 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Discord rat.exe C:\Windows\system32\WerFault.exe
PID 2948 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Discord rat.exe C:\Windows\system32\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe

"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2948 -s 596

Network

N/A

Files

memory/2948-0-0x000007FEF54E3000-0x000007FEF54E4000-memory.dmp

memory/2948-1-0x000000013F790000-0x000000013F7A8000-memory.dmp

memory/2948-2-0x000007FEF54E0000-0x000007FEF5ECC000-memory.dmp

memory/2948-3-0x000007FEF54E3000-0x000007FEF54E4000-memory.dmp

memory/2948-4-0x000007FEF54E0000-0x000007FEF5ECC000-memory.dmp

memory/2948-5-0x000007FEF54E0000-0x000007FEF5ECC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-29 23:52

Reported

2024-08-29 23:54

Platform

win10v2004-20240802-en

Max time kernel

122s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694491785303856" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409 C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000 C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000 C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31} C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409" C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{A1269B24-DD30-4796-AB61-2D64A82D9E99} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Discord rat.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4124 wrote to memory of 3064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3064 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 4708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4124 wrote to memory of 3524 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe

"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd9984cc40,0x7ffd9984cc4c,0x7ffd9984cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9e8e46f8,0x7ffd9e8e4708,0x7ffd9e8e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1723866295803818831,6136752925620569265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5116,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3384,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3296,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x408 0x50c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5292,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5288,i,16015601502981116240,9278977843796866200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:8

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3938855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.136.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
GB 95.101.143.202:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 chrome.google.com udp
GB 172.217.169.14:443 chrome.google.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.178.14:443 youtube.com tcp
GB 142.250.178.14:443 youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 108.177.127.84:443 accounts.google.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 54.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.127.177.108.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
NL 108.177.127.84:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.6:443 static.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.178.14:443 consent.youtube.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

memory/3892-0-0x00007FFDA2373000-0x00007FFDA2375000-memory.dmp

memory/3892-1-0x0000018F330B0000-0x0000018F330C8000-memory.dmp

memory/3892-2-0x0000018F4D910000-0x0000018F4DAD2000-memory.dmp

memory/3892-3-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp

memory/3892-4-0x0000018F4E010000-0x0000018F4E538000-memory.dmp

memory/3892-5-0x00007FFDA2373000-0x00007FFDA2375000-memory.dmp

memory/3892-6-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp

\??\pipe\crashpad_4124_YMWGYFVOKHAHLXWI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d6f0b7b6e9203749c6d7dba3f1a2cc68
SHA1 71bef87864df25cd0bfc2bb93fb4631374958c4f
SHA256 142744ba222b15663b225cfb47e376580d02e01606dbb813c253d4b8e1371c06
SHA512 2113a3f55fcb273469b283ea4e3f97e4e3adc3fc3eb9302cfebba36c514df9fd3a397a4ac030af98d6d45b6d73247c546bfae1c3bff706795133b3ae67d65162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b3bf9ad4f3255146442b567b594fb0b1
SHA1 fe09eb5e8fd80a875e9b8f51969305976def7016
SHA256 b48e6b1bfda668cb49a9ade4b5374c7cad0c5193497c3db5fb4b26066c3e4d58
SHA512 eb39b92e005ea5b3a828c66df26ef61eb766b3ad13450b428b318c8bd8f3ab2ec1d19647be598c880340b6efb9049f93060a22b0fa2a5bfd577a3964ea912026

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8971666c0860c3a804f27c3526b3c1fa
SHA1 c4580949498d5f64cc526afb5eee1cb3ebd639e4
SHA256 e945eabcca4ffd160d2618dcb9cccc42e50b556af4262af805453a999527a358
SHA512 edf9f9b3afe3733241fca6fbd6b073acdc1ba4db9434f38ade7c5cb338d8cf2c2fe5e467f963b63f8dfa65e8ba0150e16dac6a65835209389a2f78d8d063e251

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cc942fa0ea644e2b4dc6de8a55f37e0e
SHA1 e50c2d76445e430852918ea0bee7ae0277e42761
SHA256 4823388e46029adaf7a2dbf6ac6d94c4057b6fe0700294840f6bee9a1a32f3d9
SHA512 5ab7e29f60c9dc78896867915052bb71d9b8966a3b85174ad1cd0e9d07db918d950f3d89d05d1113f66e400ca56ceebba411705f94aad36a0fb6f10f1a064ee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\730f6656-d1d8-4854-8a01-96f11d77a4db.tmp

MD5 759c08be7bf5520d145a4b2db01d5b00
SHA1 85b29c1c99e7f57b801ba76987ff41704966e419
SHA256 45f9df19169e878e37067e3f35bc095d227cde5c4646710e0e504cff0695f483
SHA512 e70da1652947ebee59f72dc0a5137b00a87f030387041bd5765f97b9a748254c6f3a010b478def9c37a3778e7fc23fe984f7cf458a9bc870a8cedd08eef0e9de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34dd2cf8895d50bf004dd854b4a2ba91
SHA1 2cae35767c34fe5034e494b959603881ac74dc9e
SHA256 2f7d023e385c1e9a51ae348147b4a3900daa461dcd06912929e6d8b873aa38df
SHA512 6242d2e2a2915bc83faafe10334f73fbc2d3db8ce518c1c1a2d9a0e8dd25227f3122f083ca0cdfdc04977fd5f1445cc13c404e0686a5224d490f93386de3f1e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c14f0d3377ef8d1b3276c6a6db16cbbf
SHA1 0e8672cc317d22e48eaf1ee6b203efaa307849ae
SHA256 0cad42738bfe1a1afa7fd19737b756229f4128489e9ef2d8b8d6c845240c52a9
SHA512 2d8a60e78558cbbd2876bd895337feb069f5c79a8e44b01d2271a20d46a1ce9fd6e2349a4dda3f86700a66baf428e2706b1873e03d7782549726ae976099bf95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ab30e25ae09ee945413c357ecde49c58
SHA1 63a8ae93fa87ea89d7ef686eb87a9f7aa076659c
SHA256 43b09f7e55b478ae1d3e62e67c84bb26c82d72a2e9d07a20092d18f36f425d4f
SHA512 30161e3a1ea2717c43f2fbe24ca137dbaea55b2f998b0288f7a03b979e76a5efb627ad18eb4d48505a596b86525dc605fe7cfa32ac46b8d38aef120630a38277

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9474f8506fe14cd9e87b2d8b9f490d2
SHA1 5d9df40a3f19a7cb994ea6731a647df837793be0
SHA256 e102aa1ac7b7966c295cda1f67b26ec192d3b76ea33654446dccc416585a6310
SHA512 aedf8ba66f40a1fc39a7bb0b92b66397c0ed05d708fec046130f2a8c7d472113f2e6df51e4f03520c07dcc607a215be7aaf34724b7fb8a962fcbe6b8347cac09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc2400c49bb159e3b39bbfeb2e072a4c
SHA1 d00677ff2d881ba11268700c3b0676d76d97ce4b
SHA256 b151dad1247b5c367302ba321dd7f5c72c550b0eacc0331417fd7581cfc0b2a8
SHA512 0c2a1b2b0cc6ea8ce6b8db5f798464d28af198b8d7c02360c734989d44edc7d69fd7ffbdb1988b1b3577e218a6f184abfbd9c2ca523e379bb8e09359cbccf1a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 916bf965387157ce08633e3d74028d8f
SHA1 4eca02245f2581ff4ecb81c5b458047d3e71980b
SHA256 ee80c73a2150e2a9e6f8555ff064e4a2a1e1770424a671aa36dbda92ff23ea29
SHA512 c5a0dc544b2b05fc6efc712f2c7adbf42542ff8dd597f8f572df995591342cad4aea470242dfa702e4fd765184032b1d59e2b2b5b831f7ee93102a475116b3bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec3a181d7443c2caf37df5bd81fd5af1
SHA1 341c5620a72d91036f7c606af8123164b66870e9
SHA256 04d3d0c8919711e4f8cf7a5e208326cb0fdc40170d781358186f26d64b229d93
SHA512 4b7769a48bb1382173d1aba747fbfe2bde379a728c403294ee102c1a0c84f8b1b21a4193f3c06b7389bb6578e493a765fa9c04cebe7dfec271935e585b7e8de9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0db5fcbfe4548dfff9e91bf002ff5f48
SHA1 d8c0180f667bc9e5c1aea3c612637af51c8f468d
SHA256 d485033f30d67959c448eb423b719340adde2026024c245c5d27f673afaf1c4c
SHA512 dcd573f3af588cbc989ab41e3b391de69f158f8d94b13bb9cc3f97d1a3f05b18faf6d91dfa850dbe6579377ba08aa8b1ecf6577b79b7ba43f257942efd0d9f68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d54a04d333b6c3e317c439c2a0548017
SHA1 fd21af5528e330c3a2ca794cb11944d316b2d951
SHA256 1f997695416a7fd77c3511fbb5099ec9bcd70fac0377237a03ce1fb86c85aeca
SHA512 73faf3cb8c3ea61874663345dca0cbe90dbc47f85468db4b8f55a516924376088feb306e74bd867310ca1525d7a7c1b90853424dfd5ab76ca7c100ceaacd3216

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c9f0f3e35f8e89dfe17becc34265a7c6
SHA1 fa1285b24b9dac4bff6914af831bce1d462253a0
SHA256 e05d49a70fbb7395309085f4fde675d2a1bf465b2a71c706f23b1836ee6cac43
SHA512 42200e8ab5327648f4a058d31135a8c8151e43fab0f3989db749df3ca2e3018f64888796c6b113b1104f9a2bc2161618794f0521ab08c9989af30f789d3acaed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe591553.TMP

MD5 6afff861c04f975ea69a679fc1ec62e2
SHA1 7e4d4206b6b4e2f9d3232098150f6029821e5f39
SHA256 9f56f28adf9daa0993abafe00b73e67830e43e9b0ed7dd07c64e70424a666f77
SHA512 ffd129aaecb8eb4c2235e3363d6fdcbe4a3b8d7d63c64eba43e395d8e5178c3fd401776af5206708a19b236e5f450fbd20c9986b7d3371fda2b2ca363bd6047c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 672e2cdfe4a3a68f0ff0d791b8183e19
SHA1 a4e22cbabc1f27a7f2c7b8d984575f83b554836b
SHA256 3d9158802741187e683c3d12c1804e721bfdecd1698c32453ea8a40b13dcc68e
SHA512 b08003c5dc4130abc3ec633f7f129e23da89e3e4d3b2deaf73e65bca9c08b47b5f29023f96adf9ae0240889de8eb3214b356ec9fbbd5d02823c54a9fc0fcd77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c0df3cf07a7052d10e36cdb42a1b03a
SHA1 8cb6f50a1370dc1db8152a533517b5f6338ed71b
SHA256 fcfe288e81484405b54b2bfc560a3ad469a01cf3d17f5938a060de0d85c69a99
SHA512 0fcd2d57eabacd2ca98a9a0b08af96589708316de102705e83687c124727ea37b823c90879386cb68f50aac3db13d709ea205c70183bb0dd438a028d3a386686

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index~RFe592997.TMP

MD5 e7239ce1927c0e3be730c561d6caabc8
SHA1 79834b07a46484c7e33454b6b09d921124afac1a
SHA256 c6ebbf8792ceb03df3163af6240a390137d4c9e12a0e996e6b4a2279ebe96726
SHA512 1adabff53bae116d5cb4969aaea89a28c714f61427760600a271e6d809f36372a9b4e5f9ce443853cfa4c3bf738bbdc3606863eb42a972314adb64ec1d52dfc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index

MD5 ef5e2cd9e8e547140874bcb7ea2b9d82
SHA1 3ad3ab1909da84cfb0777a782a84408b1bc874b1
SHA256 384c12b5c3afe0e4e17b2731e53cbf8a8a1cb1e3482abdad0995756e50ce52ee
SHA512 ebd47878b9dfa573485df182efa41162b4b65b4bd9db9d2240d944e6ed56e826f29abf64bc03e5e36a7b86be0aaf6a8676575296412231c4fb813f937b9f7da2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9c93e14079fa6e993fad823bd043f7fe
SHA1 450b99f41c20ffa07675fc076455474f8245a626
SHA256 08cf210014147c8ffb11ecd9023213f5785c53fee9ce8aa614c92455531ebf43
SHA512 1c26493f26dcaf8fb115e3d9d32971afdc05e58ad4cc68421f541896c9b085dad64985510e2ca521f9a22dac05a335a31566436c470fb77ca240e00dd842d27d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a0a0d4a29ffa67f095d831f5ab49bef5
SHA1 415de2dcaba6ec3702c12e2b0618eeca1bd2ab52
SHA256 27136d722349a07cab9ff3a53bda31a324d564a8c1ead54cb01c85c7f33ec895
SHA512 1c5af049a9c6653802519be956b3c2d96b972a753deaeef780d44834e9c7a76e56e30322e50f71f07138f6bb98a2cd9e1236615e6c7a1c07763aa79396ae4e3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 91cff8480c31698a4f568bad348b6875
SHA1 7f07e6b8730c2e280a6223d84055e8bcdb3cbe22
SHA256 00b3c5ad0f081e6065273afcbd978b0fad0235602b057010a924aa904025ef17
SHA512 d8d34e435b58c4c81e4ff324474734806a123caa0b6c087ecb54ffd59b7019c99c52404127b35ff7ccb30e239ef7566b014eaef53988c012fbfd6c99c486e8ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 2a283c0fc03a66ed6276ac8cd23b6c99
SHA1 79cbe1c0c2f1e3acb5e3d85970207024ba1c757f
SHA256 0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8
SHA512 7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 eeed3865918f5f4f828ba620f28ad872
SHA1 1a9c62fcb83b3b07e93bb4598e26fec821ca8729
SHA256 bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c
SHA512 ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 c3a6cdab067beb2f78014e56210ae536
SHA1 bd117962b45336e96e576c6243009e602d09ee47
SHA256 e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0
SHA512 7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 2b5dfb1918c67607a49e6f784b48797a
SHA1 a8830395cceb8de7687b3b751c6626546f307d47
SHA256 5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a
SHA512 eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d478c339b6b039c316538d1b72f30ac5
SHA1 b3b9f324ee321054c7610e0184b73d5565348278
SHA256 4182965aed7baaa20d50d54a20d4b5b5c771ebbde2b76bfeaa6a979915dde35c
SHA512 b971ddd8e99b2161daace3e78ffed8b773cbf4f1f5d976d17793189f5a1e049edcd02cc48ee6ce42ff093b006ceb41a935f8778b6d4e433a91152029efd7063d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd2c93b69a04cd1dc75c693fdd83352f
SHA1 8e595b5934f4f5989079b5d8f3b1d5cc86c80080
SHA256 8d002075567b105982565f352b3480b119b64c0a347c96608c0a499010972bf8
SHA512 60be2bb38eebb05e971d92507253fb862de1d5cafc86c9f95d672c8586a9d76e7f45a3705a9f1d121898f76a400dfbf5ceb9bbff3b86582e9c182586c870e6bb

C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-945322488-2060912225-3527527000-1000\ReadOnly\LockScreen_W\LockScreen___1280_0720_notdimmed.jpg

MD5 5641512b0154d1f085a8d9c3cef434fb
SHA1 921a13d3882774d5b038a66ade62700689cbdd3c
SHA256 0b8ca78426022d8a7189dcd3e72f72988aa1a79d91d2814415d4b212af7de777
SHA512 18d703a09932dda66d20273005051a64e2c8e9b77ae9252cd0564b172a9ae539a076330aa7c17488173aad8bcf206106d339f6b224d30f7def276e181bf0f72e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 697e5217a93a4496dd0d24f56681fdc3
SHA1 bcf89fceb00ef1d4a802156a02a27c4197399489
SHA256 cf225c038530c342e3f390b60437076cf380c6aa654d36f89d47ba41beb79e13
SHA512 d83a1f6030f483b35f5c6a9dee0882e9d08ecb5e7c498e43ed2bee698498856f3a341152b12f018872d839d1a48739a823013145bb8ca34b5e2b921c4ea7c99d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 28ac567a828d4a751515639ca7ae627d
SHA1 97ebc4200261786c973c98f75d40f57c2814acd3
SHA256 aa3aaa64ef269318b1e706abdab4d6133be9d52a03987c5d71693b8ce635e8e4
SHA512 532f9077dd7d620944ed4b71f4c4943b646e9dd848fd2c3d7467eaf94e1c67374b6a7a0ef605531a6abb3d3753d701940e3277ea318549cc0396cab3316720ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1181cc9a-28d9-4556-8a08-961d799e6057\index-dir\the-real-index

MD5 fad146e38910f50b9a4fde68a96dc3ba
SHA1 dfbb39da625a83375a6860bfe26dc1639fa46d7d
SHA256 eced2c254194135db8499a5ac3066f5286cd2be3ec0d38480328ded075682794
SHA512 dd2bbc5333db913c542c93a19c874573fbef293a18ca32bf57b64ee98e62905157cddc7cfc1788c7a44a58f9f71ea039a0b55c653fb6ff6403df3bf09dc3f987

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index-dir\the-real-index~RFe5983ad.TMP

MD5 3c50da2077150048f14fd1ddf4e3cc55
SHA1 0a6ffc3ebf920d3db28afb70870dde73f39f9dd9
SHA256 f85fee9102f77c69f7d246357812893d3d8a973428c70733921c5e1677a35a4b
SHA512 19aa1e2d56544078942b5bfd318ec42889489543cc45dc3223efccc948f097bda9aaaa1df89660434e1722f2bceebb4f80058fecd0d8c180953cc0d0b0617d8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b05d51f4-c203-4f4b-ab82-facab7b1bffd\index-dir\the-real-index

MD5 8eda0d78def95a87ea3f2b7b44540e43
SHA1 5ddcaef3a232e91f9b7bbdba2eec63817de2bc68
SHA256 65a1e6fdf8e1e22a87b221a53fa1485cb8ef7e74fa89ca6513e7c05b83f8c2ee
SHA512 a9d1675f9539708d9b3607f0dc9ac43d6b2787f16477ae6e83ae0d5c102ae1c99af59c051018a0f832e2a53cea24df468daa4dbcfaba3fab06e0656201f78819

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 673375ba797788099c59ee4b8dc65eb7
SHA1 85d152bbd54714b1d5d30506e2e91f769ccbeb40
SHA256 d0fb72dcc121eba9e933022f179948092cbd914d387733d0f71f62237338a8f2
SHA512 9e443f60296ba2e1c3e8d2c0ada3ff73fbcf8f67df3c58e9d1eb1fd8faa9bb725c5d8481f666d645b8497c9202a107e501d2b098c645b9c9ebfbafb68a09a27a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff23229d816cddd41d08d82564db5b68
SHA1 4486d3781f027388d7a745de9e0f434aec0a9e75
SHA256 00dc3f6ec16e8820fcad7f846e6f916186992916be46747951309b3ae96c01fa
SHA512 d055709b1f82df11efc34de2642259fa26ba6496487f16e177004e5839100223fe2657634fea368955edef0630f0e66655c54439f805d704a44846d8eab37c1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f9f31deb05084b3724b85d5e8f7c6c0d
SHA1 08e1ca4118e7a2a1bf0fe5bf1bf42969692c4dc8
SHA256 e26e798dd17ce099dfbb6716f62d01a86968e24f5bcf2558f7eca4e026955f21
SHA512 2f19e83a55b95e0d8431f89a935d31e4841ccdd68fc933dfd619913397da6cecb2d5b5801bc4c386f2e8e7e4ce3d7a75dbd48be2e71ceda99cca3994f0b25963

memory/3892-844-0x00007FFDA2370000-0x00007FFDA2E31000-memory.dmp