discordrat | 0377de27cce2b169ad1f3ca2c1b7bc85ba1c4b7ced9d02ad3aeea55982d248cd

Analysis

max time kernel
52s
max time network
149s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

78d03f901ec29f9a0ae6914d72a70fa0
SHA1

80aa7c600fe6aef92e28fa36fa9faf6d74af2418
SHA256

0377de27cce2b169ad1f3ca2c1b7bc85ba1c4b7ced9d02ad3aeea55982d248cd
SHA512

1f0c1127a11294d68750cd3627826adad38cbba2cf1cfaf29d40fe0d16149c0700328ac4a98bf78c24e4dc9620414ab3dbf149b0f542ee77c7d80a5d2a0f1184
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+sPIC:5Zv5PDwbjNrmAE+AIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4MzQ5Njg4ODU3Mzg5MDU2MA.G0CwMZ.iBMsXaOTjB__C6FtAQgaQ8yuZ6VJUrGf4VDtBI
server_id
1206159701453049889

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe
Token: SeShutdownPrivilege	2900	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe
2900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2132	2232	Client-built.exe	30
PID 2232 wrote to memory of 2132	2232	Client-built.exe	30
PID 2232 wrote to memory of 2132	2232	Client-built.exe	30
PID 2900 wrote to memory of 2700	2900	chrome.exe	33
PID 2900 wrote to memory of 2700	2900	chrome.exe	33
PID 2900 wrote to memory of 2700	2900	chrome.exe	33
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2908	2900	chrome.exe	35
PID 2900 wrote to memory of 2624	2900	chrome.exe	36
PID 2900 wrote to memory of 2624	2900	chrome.exe	36
PID 2900 wrote to memory of 2624	2900	chrome.exe	36
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37
PID 2900 wrote to memory of 2640	2900	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2232 -s 596
  2⤵
  PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6529758,0x7fef6529768,0x7fef6529778
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1424 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3340 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1420 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3036 --field-trial-handle=1196,i,4859807659667580290,6888164739047243370,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1976
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13faa7688,0x13faa7698,0x13faa76a8
    3⤵
    PID:2908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:1608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.0.304716212\1821737055" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9f3e5e-f855-4a7f-8f8e-084fbb54f4db} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 1344 fdee758 gpu
    3⤵
    PID:448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.1.376277567\1708143814" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1504 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a5c9c2-86eb-4f97-b254-b3866ceeda5f} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 1524 42eeb58 socket
    3⤵
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.2.1849152536\2124254932" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 2036 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3648e7e-1f50-463f-95a2-cb6b3e552c04} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 2056 1995d858 tab
    3⤵
    PID:1732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.3.347313865\1614018103" -childID 2 -isForBrowser -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf59cc85-15cd-417f-84fd-c9814fb49bd6} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 2500 e61858 tab
    3⤵
    PID:1508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.4.692432301\765543883" -childID 3 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08b88a9c-43d5-4d73-9e79-9b8877354c52} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3256 1d5a3b58 tab
    3⤵
    PID:1796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.5.1799106330\385026234" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3864 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb358e78-e383-4b10-ba86-4c9440c307b8} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3860 20139b58 tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.6.191219593\1558072869" -childID 5 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6056ac9-2b04-4b13-9ce9-1257000efc99} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3936 e2db58 tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.7.234397680\283442667" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3e7b25-de06-42e8-880d-aad44f20b5d9} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 4116 201ae358 tab
    3⤵
    PID:652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6529758,0x7fef6529768,0x7fef6529778
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:2
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:2
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2944 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3052 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1376,i,15535677679129643173,14358607897750647716,131072 /prefetch:8
  2⤵
  PID:1488

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7b124f4f-67df-40cc-9f57-fd64839b50fe.tmp

Filesize
161KB

MD5
6079ef3496e783927c9142cb17f2b9b1

SHA1
41370a1840d8ecd8ff5803ce20c698e743ae81a2

SHA256
08866cb8939423736d2192daf46d87e673dcc66ea286d22cca73484cba2ab9af

SHA512
526a00233370c58af9bf613729673df90c7f985376f2ed841fce192ac560519c69071089ea6b0c609cf158e09c22d0ea412a2e92bc26f4552858553e64dd8be9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4af14b992d16a9097ddb4009c70b96b9

SHA1
2606b4a060c324c2048ea8d54374d4f2402886eb

SHA256
6ed45c34d54bb5f6e8b2a14aeb78406c243ca3d5eecd7a00089957e8c98dc7ce

SHA512
3d7642f60e8a54040b80872747cd6f37017c77ad3ec3f4370fe5641f8a0b76ffbf59f6592f9851d35ee192789b525e2e20d9cabb4c52f00cc08ea3bd94fa8987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
71c3f880ba2f754be63ccc1212829303

SHA1
fc8e51ac843d64fa4e2014cfb64d7f769bb46536

SHA256
3aabe5ba553b53c5f3001cfadec4c5c15b77cc50d7a3ad318c4f07e9bf984706

SHA512
aae9a8074cbfe8d7623b66f7bf7daa40d462b22d4633166b2b9fc89f2d9d938cb12849f4d0aecc9878ed19e6a316522bbf6ae309fea9f61e904715a71ddde870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
218a858baf973eb0c40dc8b4b9b56705

SHA1
155da62c75afb50d69b68b1753ed9778d4ac0fa2

SHA256
1d50da6b0856f26db91726ca78195d196bcc82627b2a9f10f208027a2add0b1f

SHA512
ae43db5ba15168cf102b6c2a16960e06075fa84dc9769900d61dd9ac64fac73e10c384b48407542fe920a179405a42c8bc0dd6c449da0560d3ea0a2f84eaa948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
020ea105c9c4627958f7385ea5d22450

SHA1
d5bbde3b67b7071d92c379d94f380ce40444eb54

SHA256
0c532e5738827643886820a942fa8341e27820410e459beb2b7797fbd8ec7a65

SHA512
73f98b8140322b0874b697285e2ed7cd31af6506b73ef6bcb8d3e25b404fca0fa93a74847f046071fc7047d1351cd15b3ac294e4702b82578543483a069f5428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
400e5c12d27f180b4b0c3e89ccabc11d

SHA1
a3d46aad8deaa9733e6f616087a8239f1c788d2b

SHA256
bad772710ac1affa68503421750a749ac967d596c964fad552c82dabbfccb262

SHA512
f5a73f67874b81363f0bfef2246dd1eb7399ceeeb6ff025f3dc108b75f76ff75506445094d7323169d4f31b43b512a126182e82ce2d27cc1e16901f9ca8240fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b5053c814a7665232eb3572de0bb62d5

SHA1
ba489f2eba7b30585750415f0c4c29f7bda6c17b

SHA256
23bb184c7abd0dd92533aafff168b5b18ad7ea89d67366a22e42470b848a60ed

SHA512
110221e000cf84200e1aca7331fbab3067465188b46139703ffb0d56d5add4e54e8b7fdb6f1a4d32788858d26a979779d04a595f66d2d16808470beb1d4f78b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
abcb34d1dc563744639908b87f0b3a18

SHA1
7d928b1441dceaef3eb4fb2d5ae76a53c7b8b4d8

SHA256
c97eb2969c357a4168d3f534f4a4a0f76e9f7c3356c37c905fdfee827cf4968b

SHA512
a37b634369fb60b110993b5f8735e2d3bc5a4b0f6344dab03e0e0de071ff92773f587b5c5036726510f8b11cf2d4e8ad96e2f48cf7f8004868d216d889ba5917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
483B

MD5
02b4e304c081569727aba4187a30e458

SHA1
b85dfb4eb8c987b135e5e047986d0f05699843b5

SHA256
9e3c483ee1a1db68529f171b57be794d6ebce97f42f1006ab1e2b6827aaf115b

SHA512
525fdde66ee9e5d9b06c5478fa1988334f74ae9a5ac58ec2b8706aa4d9ea5de48f55b7d671b2db183d1f611d0bad6a473e6ed5e0c9bb1102f4253488f59b489e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d28accfbea5aa9581c811fe00471420

SHA1
6cd29fdfef0339c7d67e6cbf81f7f77fd9c66af7

SHA256
6e32c99331f035a69f6a537f3f7b1a83e75404e92388b020e5c3b06440fabcee

SHA512
5a97e4f2801cfc4ec1a15dd37766d6b8ae5306fe7199b31f76043ad39040d774babbd6e57c85c2c12d7453fe492a3ef54564527c4ab888b88857329a911723af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
90d2f68dc0952ec214b471651f7a05e9

SHA1
ebd19fabfffe916a7d3c31077e2939ec85a79ab5

SHA256
3dda2e3d2750e09914d0eadd1b1a8caa4561bf1a8c838c1faab203a5072d323d

SHA512
16152ee4835a6cd27b1d04afd5722a57fbb28b4d7595c2544dda6b7929a52de80875af42b6a7bcb1032db15164d94876f06b99f257a038d109e374a456414835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2cc0f07aaaf0c8b94000c8dd11052bfc

SHA1
4fc07a13388134557cab61542b8c08800e10618e

SHA256
a1fc0b7ae70b04005052da0bd03ffc1d16339a681e01a724e7f1433d2fe4fc7d

SHA512
9bc70dc4a44556af1720435cd03648099064d94e9f9985a919fab72feee528a3ded69a06c3e525d714570d2f48b652200b96e8095b4f99e60937cf3878c637a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
b229780e4ee84f249fc2a9d4b6814ec9

SHA1
e037fe7eb823d6398ee405b7d1a3c55c6ee17411

SHA256
f1e7997028e7eb2b2ec5504fc8522b0e224eba3775a270d0de0d611ac347a9a7

SHA512
2fb0e9b8e00cc167ccbe34480abd1e2ec207300fefa0cf6e18767a183e57bf522b719750f103e87232d740caedacefea1ab469bf951db04ebb7a751de6fd29f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13370554449998400

Filesize
2KB

MD5
dba462cb8b20c7f4beaf800fcd2bc0f2

SHA1
f5d9fa57af01b9038eb7b61c63202eb49ec76c05

SHA256
f87eb88995481c80908681acf9a715e55893891f2c96335ef2caac16eeec76a5

SHA512
24225c6ef7c329f6c50f1f027e0d0a3491a525703b3d3d86548b7265fb6047fafb480752f66134d8f09ba24d1704f3bd3d1dffa7f6b1b6bfb81fab48f4185e58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
72B

MD5
fefeb20bb016f79bee65b866f4ef9f82

SHA1
6dd2513b9a0f267ce2935a187f0877906589874a

SHA256
230d671e7b30430b4b15cb4f2457d5a66e6d0d80047eb3e0ff03e7bd129744d1

SHA512
1c3a4365b8a30e850a44fd0685cec6c1441e3f1bb766953c6e28250ba5af4938b4f28236dbacce4d6d7ab2b9069e635b327a3c0baadaba70f1105cb347988c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
550d8197a1a7a870b3ddac35b567bbcc

SHA1
fdef35f38aebeca8f3cdab54ebbf8de5a63eb71c

SHA256
8bd6d149dca1621402b887c7142d3a87e46b774662b8f5290df234046e8f3d0a

SHA512
19a775ae64ff90d7650356081c7cafaff65f584f9d961bc37b467d4ff622095974e271297fe9199f633c9da8125a16537a627f2bc1a28f52ce7e46fe43854816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
e6305367badace56469a80ee5699626a

SHA1
43c630767f2e7b53541f007d12fc152bb0dd6b42

SHA256
c6bb8753b375eb83740a84710049bc0bdf3c9a16aa79089976b97c8e844378fc

SHA512
368a6ffbbe92d1ae144e140f3e9202116905656d295e95fec8032861b4dd7618df29c9c520981078a9cee35e73f22a204f39e531abcb6bec5cbabb46c420d0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
90665348e754e2e24efebdb080703c9b

SHA1
0a212ea41a1453dee445bf3f9773711e0cbfe3ab

SHA256
cadbab74d5731b950589e2c1430f3c0bce3adaea5896690ff3457012a9de30c5

SHA512
9c724f4d0872d546eb9a4852297f669f0523bbce098343ee9dcc6bcb4507508d884d3343b06ac3ac53ba82c4d753899a63a7aa5a7b8f28d615f30cf71e5cb605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
10060dd78e29651b793edf1f01c7b17f

SHA1
136e97beceba9ac4cfcdc6c0bb1374cc3280df42

SHA256
87cfabc625001c02f6315670ddca6273ca131ab9417648c2096a1e91a688593a

SHA512
26cc8756d5556bb34e1062b421627430de282d1e8a415013fa1b26eadde92bf2eb91e639953de2ac518d36826ddd8b9f1ab837e38aae717fd9e133c23b4aab5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
487B

MD5
cf061b40d1b911f7df8b27022fecfe65

SHA1
9a7615512be4c78099595603946d68b6aeb486a1

SHA256
f2b82eaca2ef045acc499632084f4586aa31a677de60bf1f4b8651aeb0302c85

SHA512
e4685b14e25e7edd7ed6577297520665d4aa2a81672c1123ec84da4d6b53314c1e284ab8d633f97c71d593877bc3dc9d73aaa4d6a24725429b6353a216f9edc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
368B

MD5
ae502f6f9cbb19d0426861336f2d77c6

SHA1
fd28d9947620b67d3f0726c474e12fb5be0398b3

SHA256
035a60dc6d95e094c26df47435e837d4fc97ab99c547888e5aa4da46fa135c3a

SHA512
ba577b533176975c8cd565a4701d7adee274ca99c87e4bf3ea19f2e117b1b83ba2ede3db83f6f63862aa427bdaaa81f48c8a35d9cdc7262f9a2a996c57096c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
d8152b6ade6006ed6740771fd6151196

SHA1
e85b886e6bfa41091c874f95b361276116c9635d

SHA256
41c79ae9f3ca7603a3244444841afa3f66d4f6dc085eca7604c919ba3a7123c8

SHA512
3d8b6c2fe6c0e3e18916efeacbb597f176da1c823f6fbd8bac37c3f546c86f8f18b00711243e558d744abc922f2cb1646b94a73cb13a1397005114ae963998ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
61c22786fd625f0e68e668ce2f2f4069

SHA1
5e63f1ded1fbfcdb004da5f4bd9b9d3f41eeb0ce

SHA256
2c0248caa9603b6782ba43028b036445216782ceb6c3bc93f1105030f828e396

SHA512
7fd9cc680048d8e4730cd360836979d4f0f54666f9cea87018e0b6602ae707503a62b84bde1a701410694e434c26dc2faa85e7a2d54d989b6464f0161248febc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
299d7ece0cbca4f231f4b7b329dfd01d

SHA1
1cab3fb3114647e500e975f02e6e41261ce414fd

SHA256
733b95bf49541b86821b5e3ca1ce43492b897e3a760ffe9176c8c0644c1cf5b6

SHA512
833ac6be8aa3d0f854d58ed4bb291a2f944c87cef8503dc5309914b32659f471d3ecbf536a2ea6dcc7d389826ad3e33f1b1caca80f0cada8ef792ec0d16a945a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
7564187f03580f394d371aef63e051e6

SHA1
f9feeca47119726cc6de8813b502d969bf04e198

SHA256
db8172a5e016d584be658f77489c24ed8e802ef9a58759e8465906bac34aed9a

SHA512
b1095e23a785ab4fb0599e4bb73b1797852e6cd200503ba13196f31512c809b9f96a6d7ecfb6454f772cda0a1013088c002a18fef48e0298d1feac773867e476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
fb45dce6bda278c7d3d13b393437b975

SHA1
401dc4c3873fdefffb73d4ace2c33eba4da6f031

SHA256
39ec38c22a26d9b457a468bde28023cceead2c76c189a2b9ab9cbbfd7ae62607

SHA512
966ae0e1c36342af2abab8e62713646fc4c17d8013fb160fcd58891e47413b89cc5adce1ce52195e7b985c3e3f9092f63171dcb7a1fb572195b008a88d2b5aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
a8c59309eac78e89d2af6763d6cffd32

SHA1
370c4c0e850ef3c9e7c2f27f1b30b538338777c7

SHA256
9ddee73e8fc21592203048416b24f0d0604055e95482e9de58d1503857c846a5

SHA512
af733c55bb307ffacb6c27cb563ba9dcc0207b015ec2fa61b09797290748fe28c134c25f98c8878cee41928f752d082aafa47106bc142d8e56d63d778f80b67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
e3c550467240fc413960f55f644c5c50

SHA1
6990a8b0d5f907ccb8972e0c177f324d0e72c4c1

SHA256
5d5da72d6d6991bb7cba6974d0d6af8afbb0104f523e6731ee7f713bf6f0aacd

SHA512
7b9c91a5ece04a96f06a08985396a0cc3c6e114f29d4763c12bc544a3ccfb686a4618c48f1c9ac42ff7b3d6a3ae46b198020c8b15c49f8c3e4a38d3e922d6915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
8a53a3cb123d7c28982fa906ccf760b0

SHA1
b6faf3bd02abdb127df88a7fe141f40867333170

SHA256
23231de20289163b186606932e61d22f4dec0e64d74a5070074a1beecc3483ac

SHA512
3116375e12d73879f004055dbb5ae4792d3d2b885b03a8a1c70898e87d0fd2974167e6342ce2b767a3aa4149585fdb994b9cd1c8317113eed416e84e2673df2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
dbb5191d2ee4e9d21bb2ba1a3986f6a9

SHA1
13940eea880602244bd2495ea9a427b4a34eed92

SHA256
8b4b144ea734ee31e81ce151a47b5810d465848a9758416a402fdf303fa49612

SHA512
3b5bc335ae0ec5283d73c9a4335bda9b90be3e68f8118a83d5fec6fca79895d14aaf79abf85c95e09009f57738a8449e3586f5221c0610ed53d61c73fc26a073

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
5f779a4d46d5beef01bd8bbb0d2f5998

SHA1
2eb54713d1553ffab5188f8608e3e20912deb71e

SHA256
8adad10100fe7c6c8fe52576b125b49513ba492f381e08ed7f387bee79cba5f7

SHA512
beda5936fa84b3fa553993306f5b169e8de72c8ebb97f25eb9ebd71693e5da9ffc81931702d4e4ee1633c86acce20a969a49e9196f8f8cbd617a42aeaad451c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\715227be-c0cd-4354-99b5-42d096b690c5

Filesize
11KB

MD5
c060bd5b36a5594df0a36a5263f8bcc8

SHA1
42d81a161fb0c36614583e46c9776e94db21e974

SHA256
2b6e261dc743717f8bcfb4f243325ee41910e89393cbb290bbae146e5f74e094

SHA512
e2df00af5f34e60d57330b502732d8ea241f77d4ba739451ee512b6e31e7aca6edbff8313659d8fcaf09f946d4109c8985c84e74e2acfe9f61860d5fae41a84e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\a04d1970-4996-4e6e-83ab-f871986d9e73

Filesize
745B

MD5
18f130dd9ae99a46223718227401a5b9

SHA1
a938c3d771752ef391b43dee7e81ecb59399feb5

SHA256
83b32df70d0964c262241ce10e2a942a02c0ba9c1b3ffd49fe8f3805093948a6

SHA512
e27200ff1223d1244534842294efc61149a9faa7e89330609515eae295274e2a1589f64c81476a4abacda67208910ed9ff54f191e2cb661a13f69e9bfe223dba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
6KB

MD5
67f78183a5ec0381eea43e6d5b4cda4d

SHA1
2187a99f2f66bdbbe983ca880efeea2a18427348

SHA256
d98f142a25d990f2b4b9d240cf2dd0d9d734bd98231a9e41ea3cfb68d4983d4b

SHA512
d198af5aa2bc5a47605343df795ac856089f131304b3c282c9b3e8dfaa424e8c34ea40bc74ead62c0ecfd9f506268b62d814b5a7d78b61f5f6eb9944dfef7878

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
96cf796eebeb92eae7e5a722c9ec712e

SHA1
6338b3814c5f5596c3532d28e185b6008b7b2d9f

SHA256
da89feeb69aa0709b4b72e399fc9055a3f80dd8efe60589a67a0fbc98881b5ba

SHA512
d1a6f5cf655e72f2ee8fb0c9cbed3d36828740c01e65a8bea1baede1a84d2044d7da9373a6d14703de8dcb0fe69e53983f51db3e4baa36f858676ff6ec123c9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore.jsonlz4

Filesize
950B

MD5
41fb03d9cb136dc6a082dce5b03604d7

SHA1
287dc4381156ae6c1327fd87b5b9bbb38d9747f9

SHA256
0d99a8ce27eb6318c85f09912608a22143fc22b3328f1ea006dab27f73fb4ee3

SHA512
a712d72e72fa00502e4ed806f51396baf7b9bf73d3915a2ae27a763b6bdd9737e2d4ab32ad6bfb13f6bb319f3c029de5bc57d63173087be8c352d14ca5458edf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
bece0acf9d7f19d01c7943c54d2ad372

SHA1
aef59ca4b0fe97f32db128e103bfb98aee3b5e29

SHA256
ce40f79585195148ac86928d18da80b963cc98d6feb83c1c2e75e8b6d6ef39f8

SHA512
105fb01521fca054766d1d1e46cf3bf177b8bab44800f7bbad9a84f388af32e745474b3cc4f70c1fd779b4e7bcf0912502860092e1824f7ba4b52c612ba5a70b

Download Submit
memory/2232-3-0x000007FEF50B0000-0x000007FEF5A9C000-memory.dmp

Filesize
9.9MB

Download
memory/2232-2-0x000007FEF50B0000-0x000007FEF5A9C000-memory.dmp

Filesize
9.9MB

Download
memory/2232-0-0x000007FEF50B3000-0x000007FEF50B4000-memory.dmp

Filesize
4KB

Download
memory/2232-1-0x000000013FE20000-0x000000013FE38000-memory.dmp

Filesize
96KB

Download