195afd80fbc01d33334b27005de6c2c9e78c55220758f816c0a9f6ffba85566d

Analysis

max time kernel
961s
max time network
436s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordRAT_Build-main/builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706270704349387"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1420	4888	chrome.exe	96
PID 4888 wrote to memory of 1420	4888	chrome.exe	96
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4896	4888	chrome.exe	97
PID 4888 wrote to memory of 4512	4888	chrome.exe	98
PID 4888 wrote to memory of 4512	4888	chrome.exe	98
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99
PID 4888 wrote to memory of 3696	4888	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordRAT_Build-main\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa480cc40,0x7ffaa480cc4c,0x7ffaa480cc58
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,7990759530514182372,12754247171464529098,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:4976

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa480cc40,0x7ffaa480cc4c,0x7ffaa480cc58
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1648,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4348,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3236,i,4393728905403327019,1118502961096311692,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:8
  2⤵
  PID:3752

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
89f10307a4e87f78ad0b6081cd8e23f6

SHA1
a26e92f89231b60cbd742d0a259d63eebe2388d0

SHA256
dcf169dc4a6449c4cc490dbdb448505ec91dd219619f32496100649c259388b9

SHA512
5845e6b34d0effafa10ba9c5eded904c13af64128ce3a152a3c2cad9c6fa38b7358916a0948eb6288c9c9ead23bd5195e16c77c49971fb53d6ceabc1e276f0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bd814d061ae12eb036898dbcbf1aa3c8

SHA1
81d214f1c2b376bdc77752aa265bd80068e2e9f4

SHA256
cf9b73446c2f06052e31cee6d141c001d2373f8491cf1059c3814a1b0eac98ab

SHA512
7ab62e1ca20ac1faf2e1e86c451ec4ebde8a62ea0bc286034855b04ec9880f2349e5ea835b25de8356c553b986a5d2f032d199fbf3d2e321abd8f4be8e3ebeec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8bd5fc9bfa0a578e71a51800d5b7fa46

SHA1
9837b9bd1a6a85269799c3dda82c0da0cafc9758

SHA256
4c7764cea2bb1026bb98305f7e28eed1ccd938454528d76dd8a8e6af4a213d52

SHA512
d779aa642e843d2660e91244c32e69b37ba1618fbf5381d1cd5448fa5e52f41f6d72ceb2079fb06607bb55cb7f42ef0d22e5b8db9ee31b26c7b2801b30a29700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
9e6b30575a76a8ba4df38f30b78a0d90

SHA1
4e851810bcdfa261cc3e158d9a1aa9b2d4573bfb

SHA256
043401dec2b498b5622fe363c059c36beab51103945b529d6f8e574f3503f103

SHA512
7bc0b8a2b976ce994307381e96856ad907de46f134bef20eed5b21b73e10621a001073714c9f64d8af2dddb1990085ab837b1087d9d02822b0c6bbd9b5106d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
26da0a6207b601de1a2806c8a9687284

SHA1
734d292d04f1159ddc5f992dc0a2bfab416eb56c

SHA256
cb759b316c4188697db3d31a7f3ab60ef5938ca9896f6dc92a8b697bb387a076

SHA512
7c09ea44f5fa1f25fc34fff1b8b2f39b092a445ad0d5f62ef313014b5a90acd055bbe9371b8696d130b71a419f32081f843eb982b3cbd6ce5f79bb4562379eaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
244f50619378b1b57cac81ed24dbee6b

SHA1
4cf366cd17ac42d4e5552292352465eface489c0

SHA256
b503151e0d9b489471576f6c4dd13a1b378dfb4fb7f85ac3e565a064d10ee058

SHA512
fe18588c8fe7949eb35ec7b3f1667c34b469c78f3842c84565caec63f3740f62543d08a9b613b73e0b6c2c5d7f201d331b801629a63cd2fa2f081171aca29f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
9cef7c62c8220a8f71387f1f19ea48c5

SHA1
063e4daa85ce4bd7e7bddd47d582c986dcf3cd5b

SHA256
27a4798c40ddc1a6d1ec940e9dc1b6cd604d4503314e3f9bff370eada0e006e5

SHA512
5a138db2259c32a81488aeb5dbcdb5a95f2d352ff3e8b2585205a4bdf6bbde2634bb7b83ba0fa663e223a4d374d81e8ab5fae8d77373bb74738ef79c6aadb75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
c6573b6fa57fe03c842c8287b2d50ba5

SHA1
3fc4296aaf0baf943835b312b176aeb0404f0003

SHA256
9e42404c161be8b2d2796a15596c45947a117f9ed1e30a3aa15ef0efd3d459fb

SHA512
c2a0135d11371ecbc99c26da1c9e7d6b72c12386e7395af9aea38989a058c1815fc29e6e11e91af77f7290149de64558e1f330c76d8db84c97b2a0c2871e29a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2e29c41ab8e2c6e696b2b09fd46a87f7

SHA1
67009d01187b168ea276c10432b18c9d058d64be

SHA256
955df9c1085e504fcadbffcf97234327745ba316f308f0d8c1d1cf27be105a36

SHA512
5bd4e962d3c8f4fb52ac3cd355f79e598189d9eeee21f26f2dc12ffeb8fb4106159f0610f4c45d1ddefbb1cf232e88e50c26813e7010ec63eb01fc2f8ba39a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
fe993339a25710ebec86c051941d462c

SHA1
1a7a578b7a32bbe2102a789c2321090d406838d1

SHA256
59ce81d41051a1d16c02906cd586fcdeabbe7ee30ea7b7b1bb0970b981ffa443

SHA512
b81201876efadc61a8fb48718abb16f7f458856f2ee676db8b0da36790492ad930585c14ce200e7a9e079b8115b15e20ed95176cbfdc337b3ab732e5fe72bbd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
d6b0609c4b6edb45553ff9afbfc95e33

SHA1
2697657b75906d3653f48080ec1f3993c07bd8bf

SHA256
eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e

SHA512
db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
2895c6d5d7cd504eabb2aa8ae7ab8c69

SHA1
0ec383eb88ade14fa7abcff298aa334a54424390

SHA256
c7821b1009841618377c63ecf336bc3640cf3daa5e4003060c89ecf08f03d08c

SHA512
b271e3b74c7c0fcd888c9348c88b4be306ea7ffd88d36c8e6cc0e297251bc26f0a990b8b05f49b7459f10b1e0f8cda07d27c87bee995734318fb7170d0a46c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
09649df83ea7ec69b6b9372fc8446245

SHA1
2c77a1a72c3e00ff126280411c0b66559ed410cc

SHA256
87b13153ebeb1c4d0ba633ac36c5b1221a2eb98babfc0046337ea480c51e8dc3

SHA512
a30d580ceb7da52f6fb2aa8b1b944afe7c6be27c52af9d0a9b093cac0ab0861db9752b2e0af93e8146fcc9dbfcae0f7a98cb9bff6e96c1b7a45c39c857d2c5c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
818543500626ec81200311da3c1e3242

SHA1
7bd3dae8a43874a4d6cac5ef980e5681ea57c320

SHA256
89875f1987d2669b6f5864a9d67826fa3bda079d073a2fdb01afd0430a708864

SHA512
9ba1e01aa1e79ef29cfda5f62836a591f50b9fdd5ed884e9118ca8eace938e40094c84cdac88f31adea9c8ee5e178c3371b410b2232b33184f8ff168b8c90f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
8890618b637979cec674ce5e417dfe33

SHA1
7282c4faa5a920fb31a9dc56d505925bb9191913

SHA256
bbb98d525bd00f662158b0ceb98f137e56f140db5fea3ba7322ee652849981d7

SHA512
7318d5d7dc7c5658f7c7121864b01782f03698c59f6ae7905936dc39333e493baf95101347acaf3b021dff07fcc5b7ed35d29aedc55a504944ff6aac6a2cbf6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
88c640d73dbbf1e02f3cf9c2f842662d

SHA1
c44637733f2c03d9254f4da9d1804460aa9df943

SHA256
92c8789ab466c2277bcca0c9d89cf669eda3a07a87f1f1082b5dfdfd8baef1f6

SHA512
51d165184d2f7a56ed3b412ce266762d842308cec951cc688312b2299772bd8602470495d46cec43f470956beb1e25338227811afd91aa6b4e275a5e171ea37e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8bfa7fe33f31eb2b239ccae76e04594a

SHA1
52d8620e408884f41514b730a9c3c2ae94b59355

SHA256
6327a0a764fb8971bf05e6fa215e0f2fe54759e4d7c2278edec47f791ff2cb3a

SHA512
71daeada286faf6c419e06d77003144bfc84022b3358784934e3e87a91aa709d5a7fcbbf943b2b3a736f6add88dceffab54da417a81fd83fa8e721f30df3ab05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
3047a4fda81ff0fa5a05ccecc7e3a1d4

SHA1
eb57b86a2691c7e8034b0111c135ce5d44a3dc26

SHA256
84ddc1d83dd3e5ac06a82abba927aa79c6889742fdac72c8618f8f607a52aab0

SHA512
060c346432a4856033b38b382974647162f67b9c66703f6585fa87fca540619a80b8548d7dd5637118863aec8293b2617c334e127950d1696285d3c5ac28d609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32fa6f5b7bc1faced20a65b49aec892c

SHA1
800aee5c400e423b333c52e747c2d29ef48475fd

SHA256
973bee4c44a5c727e6a76a91517e065c125ea628265e8bf9e5bc42003999eac2

SHA512
3899db88ab2e5bd11eca0f1a927b6ee6a9fbafea2400a45acde388e3d5fb6fee91d156bc4b079a95947c687c0e7b73c35a8be2298fdbfc137ea7c482d37e097b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fef59fd758815a16eb764c60668e871

SHA1
7d77d61a5e02ce9cd111440f76c018e30c01cc11

SHA256
6db2706f1125947f0078237ccc0321bf5b00a88e832856193c1d75b4bbe2c228

SHA512
88d9acbb080e81475511d84119903b20dd57596682186dec44093e5bbf45f410469b0b29201a0b44cfebfc5f281a887c19c77ea0ccd00413315a1deb53467644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a2764cbb5a2d8c07c2bbec4014814a9

SHA1
d86728d51dc4d0b6737d9b8c8334fffddfee803a

SHA256
1ae61dfe903250799a8334e24dfb3d165cab5aeec02478bb602d521cf310ae53

SHA512
c2a52eb7b53dbcd11daa63c47b136bbe85526655ffee0609152991976f61341df5a926c0c6a71c3a6163998858be4077a4671a8625a6a346d82d5aed66bcef04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac50f0355d063269a02715828a67b4b5

SHA1
1730f7c0443714ae8ba126998efe3f60707d34fd

SHA256
2abd5d7b60982b6bd81928411bee5e43d5ac461c3b0075ed62f39d3557faa679

SHA512
41144ee0cdab3e2f5dafa81dc07fbbea63766998fb5d7527df96c4d23b19c9c9a40c980c6b69113104a890368f54c16cf2fe5544a95ff78d10f5072171ea0647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
5749c54333674e914d635b8f01eccd42

SHA1
fa086f26d3046168aaca7eede92354b8afd91ed2

SHA256
e455135c7700e7f17ab4729b308f645fb4f1168d36f811ea467357c01f736041

SHA512
38234191d360f130ba64c6ce246868b413d4f6d9d7b53882f313f570dba2a7150b3a39649f9703c7b46d6dbaab1240709c97bd4c48d3c46d64b9c876c5ee97e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
6c9a79b09b8a4537772a32b088d9213a

SHA1
8acf486d04982e7c4dd2fa22f69a00f18e52e994

SHA256
8fdc26a5fbb5cc6c370cb484be835fd6bf0373528fa746400e82ab78c24b8220

SHA512
5ef3edb84017202bfc7bca61de76196048895a55762aa9f519a2f29c3f7285b640377821a7b4be56faa1a7f043d0fb1d1cf604e0a8933f847e94d43f9655c415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
aef3266771808db52aa4980d6d78166c

SHA1
443bba76a49514dae2f14a06434158baccba4db1

SHA256
8b259606fd10d2f4c5f7c58d11b78d2684b4ee81d2decbd1beabcf7c01ae3c7f

SHA512
f602c49b6e694f5d85476bd3310e5701ecd00277ff45336653e380faaa1fbff1a81ca5e5f14880d44d1f8d1847cd87344ba5af77ef024fad267806cc6a0992d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13370627032509196

Filesize
2KB

MD5
949ee9ec24a8d92ba4d49ef0f26c3968

SHA1
1b02333c3e02ea8e0c988609fb13f3d564b45276

SHA256
9ae4bd0fc167b215cf14e597aaf64ddba64d1f6fe78d810ba48e8b6bf3415d0e

SHA512
0919f63dcdc0ecfcb5fe63d1508e5465511db30160350151f783c5236839384550769796e254f77ee8035b83d676b9fa5e1afbb8bab1e9d8eb163c15b03d9124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
59cfd0cf02a1fe3c882fdf77d84778b4

SHA1
b179eb734411591aa55af1d62e08b47267e8eb53

SHA256
96b2655db9bce8b7c0769de7f4becbe2141e4d3db5fb1ae92c3538693e03b8dc

SHA512
cc76a4efac451521c65c9410c96e036a289502684c54ce09fa36bf948dbf1d77a3f2bc0785e0fa4464fa725ef83f1e4c81fa9c6a36e6ca86ffe2f66eb1ed2b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
fef0917ff59d7a84adf6ab308184d5b1

SHA1
92468b4a826eeded68037975b11b3ec4f0eff722

SHA256
bcb30a6047e4eef04f2776817a16d0150f1a45c32ed5eda8ce9a4028d73458eb

SHA512
9085f5285f3df495454b806f260367c6ba421bd9004c25e6e9979638b9ca7bc6b2fe1547aa13d7c5139313e8aa01bd794ee37d00e2375e011aef062628e2f605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
9da1d084e54a7ce14932da1e0abd950a

SHA1
6ef4a2d986d7fccbf054652656f7dffb8f614c40

SHA256
43bcb9ccde4189c349da6891a539de90a734f540050850362d022bd9a30bcd6f

SHA512
c5456af7ca181f2de0531a757d378424263c09081d763577b681c09bd308d87be01a4fa8d8cf94fb89c64058777475e55559d79af07ec7355010c2ad75d62dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
4797badd226845df04fb03ba89a90da7

SHA1
e8d29c9539d723f9f10f42a9eef7dd41bceffc3b

SHA256
e0661db09b8d2c249745bb6ec2da1cf91d634e9f6a20c087c487594f750cfde0

SHA512
e0a9a38b4fb82edaf749b664666c02072a195386cff3f2e21f903c0fc18635ccee9e22bf6b51fd0fb61d84af08d8cebfbe19a6cc563cac16203c65c61415381d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
80e2f66541b87b0efd3ba58862ef2ce4

SHA1
2c48cd49d4d55678ca7f4f26feb5da93a04494d7

SHA256
0a25541ca358e0b58abcbca8f566f7f7b5cd404904e9f0b039de1a53ec22e13e

SHA512
50a347f2e142e628ad38ef7b327f3694db09b0f3b46c64fc65ad2e1e6ccdd19e63c17eb7fb542888c628cb22b0d7b24e3e9d3872ada0d8ccc14ffb374667d73e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
1fae47216a7cc07a8dfd2642509f354f

SHA1
ec7415e16aae2250bead6f7073fd30071910ac52

SHA256
887b37a3d8c93a6756ab8ba95fdd88aba576397980833247f57384fe1ab76421

SHA512
b574ccf2e72cf676db721fab59c264cfd271771daf8011e8160c43b012a62b9bde851e92005565235e063680e0303adf94d3d107a4f66480fcfe5e00f3e25be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
16035ab9b148a03e4ae3c6222857ea22

SHA1
fdb1450b2e1346fac6a5c1aeabfaf0d6d72de2c8

SHA256
31a9216f3f8fc2a50d818a6663683410e81fdf59d1891350b1e5aba760867f4e

SHA512
9f5acb0a578b8e38129164ac1768259efa890fb564a418fec61402142f09b645b2a4c810ae8f97254290a5e766390b10d7d30ae48e868eb2cc70e9d2f8d8ae88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
33b3609c293480ca7abf13c62081a9cf

SHA1
87d63f6a7bb28f9abcdbaebf1b791e338d8366e5

SHA256
74fae234dfc4331b6dd67a45abae049c598df96b6652e302de8bd4ec0474be85

SHA512
5a6d8e649f38229c13e2a246e85a40de29bd6fb4119fb00187f597a5afbcf2eee1dea0825fff09ff0d36f0b7ae6da315515bc9e82ac4d4aae1d31057058ee785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
7c07cba97076feb534a6ceb599af1739

SHA1
ae69b26ca370955104efdc12becd6e6cf79f5b6c

SHA256
53d51c7fdae825142c975bb14c25cc33c44f50c276165226962be546df32d0df

SHA512
49331bf5645cc0af6f4983dca8d6d1e6d0e1ac2951f54b57bd1af785fe77982e9c428fd620fb29614771de6c99509b2a8e8b300887d426de159ebe37a9e8b8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
11ff92796d131faf3dbfc6cfcfaf6cec

SHA1
5e399c67171175132e8fe6ebe5a1383303faf3bc

SHA256
fbbf7fb085500e0b6f99bf518aaff545655a284283d30fd91f925af49e972ae7

SHA512
cd832280388a1f4b4bec2249cbb3635802904a667e7ad0bab908d223b7fa7d20e8445a74f3fc06e8e2740f91e1de0b6cc5be6ec600130c20eb782d9c964e47f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
551eb03bb74dba185e3f32cc48384838

SHA1
a9e01ba1853ee533e58241db0f8a8b8387c9177a

SHA256
f426698d5cf75a1d1428d8a3b00b5e2f55955028fef175d14866c438e8c2136a

SHA512
d33df7e3bc937950fe6e50bcf36afa8986ced42ca4b21366095c6dd0ec28df98f6bf2bd6eeccf40aee0b151fd1ce1f602e8c1057fa8b2f15f1324a87b0757baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
289fce643cf3cf00a1a4d54aee193042

SHA1
0787adf2de59e91124cf3419f696d5f39e762b87

SHA256
a2bdc345ef78a8fbae394e92656d80b5be42bfe55e305cc7918d0f8c3e09c181

SHA512
d304526d43d5f1fa956062b43c0d4ca3c3fc6ad95f60599523b1e77b61fd57d170747ed9788b075baec3d38ea1a60c0259fa0ac842610ea7dde813faef6dafd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2d18c941e4bc403bc44ec3e633845471

SHA1
dbe89850afb769bb44a0163b253065401d2c29f1

SHA256
b5c668cf4e3a7211b74999a1bbebf855189dffb58c78c336f977bceb9bb225d2

SHA512
d9599bd68486b14fd156ef92c33d44114facaf31a04e1a5f28e7482b6aff5424afa9ea44700bac43d5029406833103213899a6e22cc5c15b956f0888d83ce2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
fd0ae78d2a1717b73afbb789d3f19c5d

SHA1
5553be58b6f277ae71314b10f79c60a326171972

SHA256
1a5451cb8c9d7e01fc01797543f6f3864716bfdab1ada2d7a02a68311fc02b25

SHA512
662bb1492f804232c5b307c3c4db25dfbdfbca418063068493f4347efe1dadbd5e3adf2c4b8eba8b31220bb96ab3bb5a9c996464cce22e37e602f543df04dfb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
memory/348-0-0x00000000747DE000-0x00000000747DF000-memory.dmp

Filesize
4KB

Download
memory/348-7-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/348-8-0x0000000006D00000-0x0000000006E22000-memory.dmp

Filesize
1.1MB

Download
memory/348-6-0x00000000747DE000-0x00000000747DF000-memory.dmp

Filesize
4KB

Download
memory/348-5-0x0000000005BA0000-0x0000000005BAA000-memory.dmp

Filesize
40KB

Download
memory/348-154-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/348-4-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/348-3-0x00000000059C0000-0x0000000005A52000-memory.dmp

Filesize
584KB

Download
memory/348-2-0x0000000006020000-0x00000000065C4000-memory.dmp

Filesize
5.6MB

Download
memory/348-1-0x0000000000FE0000-0x0000000000FE8000-memory.dmp

Filesize
32KB

Download