discordrat | c9b0cf15c3febd34f5a69323a8fa6899d1d8c8e0a9298a1dad3d585ad75ffc5b

Analysis

max time kernel
299s
max time network
298s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05/12/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

luaexec_private.exe
Size

91KB
MD5

985dd3db3e1a085db5c5ac95ffb5a61e
SHA1

f7640891a75ec079ef5a0b2acdd6c2d908271906
SHA256

c9b0cf15c3febd34f5a69323a8fa6899d1d8c8e0a9298a1dad3d585ad75ffc5b
SHA512

8157b47e14ac829cf5f7c5d3688d71744b92ad669806587d96ed26931c2c0555111046e2d906b9b889294981d69cc4c3369e94dd4cb11242b7b281e36d38532b
SSDEEP

1536:2XKQ2FNJQ4FLHv1xCtRE9PLlX/k0SbIANr86Z+uexCxoKV6+frEjR:hQsDQ4FLHKTE9D5/ZSbIANr9+bSrE

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAANkquobZQzEeoYHKoo4wB7AAAAAACAAAAAAAQZgAAAAEAACAAAADBaqauDno8vH8FOpos4h0OeAznRqQjZkU9SN7ujcRlDgAAAAAOgAAAAAIAACAAAABU8FQpeIyRmJ2ysYUTd9gCVsdhxxDiy74eJYg71EUpPlAAAABOgZgKvjBQIwVupFzaxcD0sKx+7l0iUYrzzUtFjiNz78sXJznleOHSCnetQP89JjlFs3ggRkNwb1ybbOfFC3LybV3laxEhC8Qsqam3b2REM0AAAADK/ySGHljhro01res667I5sXglVd1ORtRPek2M8T/3KBcGDYREE3SkfmXPwSwAVsUEP9jPzHAcAr/sf/S7rtSR
server_id
1314287414537093211

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
4248	luaexec_private.exe
4940	luaexec_private.exe
1560	luaexec_private.exe
1376	luaexec_private.exe
4076	luaexec_private.exe
2384	luaexec_private.exe
2284	luaexec_private.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
44	raw.githubusercontent.com
45	raw.githubusercontent.com
5	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\luaexec_private.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778987819997420"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\luaexec_private.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
2208	chrome.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 3020	4716	chrome.exe	85
PID 4716 wrote to memory of 3020	4716	chrome.exe	85
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3560	4716	chrome.exe	86
PID 4716 wrote to memory of 3648	4716	chrome.exe	87
PID 4716 wrote to memory of 3648	4716	chrome.exe	87
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88
PID 4716 wrote to memory of 2640	4716	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\luaexec_private.exe
"C:\Users\Admin\AppData\Local\Temp\luaexec_private.exe"
1⤵
PID:3272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc85fbcc40,0x7ffc85fbcc4c,0x7ffc85fbcc58
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3572,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5440,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4720,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5232,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5272,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4852,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5296,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5032,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5236,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:840
- C:\Users\Admin\Downloads\luaexec_private.exe
  "C:\Users\Admin\Downloads\luaexec_private.exe"
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3400,i,16688283675962940285,17907663803380500715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4580

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2360

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:872

C:\Users\Admin\Downloads\luaexec_private.exe
"C:\Users\Admin\Downloads\luaexec_private.exe"
1⤵
- Executes dropped EXE
PID:4940

C:\Users\Admin\Downloads\luaexec_private.exe
"C:\Users\Admin\Downloads\luaexec_private.exe"
1⤵
- Executes dropped EXE
PID:1560

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4396

C:\Users\Admin\Downloads\luaexec_private.exe
"C:\Users\Admin\Downloads\luaexec_private.exe"
1⤵
- Executes dropped EXE
PID:1376

C:\Users\Admin\Downloads\luaexec_private.exe
"C:\Users\Admin\Downloads\luaexec_private.exe"
1⤵
- Executes dropped EXE
PID:4076

C:\Users\Admin\Downloads\luaexec_private.exe
"C:\Users\Admin\Downloads\luaexec_private.exe"
1⤵
- Executes dropped EXE
PID:2384

C:\Users\Admin\Downloads\luaexec_private.exe
"C:\Users\Admin\Downloads\luaexec_private.exe"
1⤵
- Executes dropped EXE
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3dfc4506-afbe-478e-aff1-3251f974cff3.tmp

Filesize
10KB

MD5
5d6337fd6f8c5fd321cbd8b9b17df253

SHA1
401feab75ada95f4b9c3157d1f0da4983c944778

SHA256
41bce38286c99e4b60dcc5b512c857b14882910492a2f184b3b062a41494b518

SHA512
a654bed343e92cc547622d4567e481e6d6d80b165897bbd1bf9f407d4bf059eb76da2ed110fefafe88fca8785661955c1576436022ba500983cacbbdc6371b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
94efd16ba743603f715c3b844f4d5507

SHA1
a7270873aca6850de3160c7d759404297f1113b1

SHA256
97f3dd78ea92efcaa0a7a9b69e229d0bb3e62bd23021e87dae82815fc0f63d94

SHA512
5df0ab53e3a3a6f7b135e98f38bccc27828b9a35a5c944542db98776dfa9782bb212a89657e4959286a13dc89807235dcbbad8d9c48f2971bde365923c4a4ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
16KB

MD5
06b438d5e1a8ac9850ebaa924c67684e

SHA1
943849718ba03f7788c14ec43fb29cf503a0b0e3

SHA256
406f8ac9d271e8e74ff9b7dd5bd4f36d6782cd3d036fb9f62f8a252a6050f946

SHA512
0d21fe32b24b27807e96ef5c963dd1e78a89646638217c37ae0075689ad6f683895f942ae3d9b0542e74a9af22bb3756a885606c70d7ed351385bb2770533ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a63fff29790f0a22591934bcd1f624c2

SHA1
ff843a78005b875f66c9112103a8c3b10ff54879

SHA256
dc5c74e998e9468ef41ea4a10ba2c25adfddba4e5dd54817053a8f71a1b54059

SHA512
ae0ac8a95cfde6b7e4aab028f1427b2e1b3e6838ea8ead11440a131315122edbc2d58e7e31ab4133d34ce151915e9633d6fa2bdc87b117242140791408380e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0a69683fb499528e05fffba623c3d85c

SHA1
a304822fbae29823a5f3f294134040a24ea83dc7

SHA256
31e5df599743c15a190cf6a30912d1ce52533a72359622514c04fae831360caa

SHA512
960d99acd93891e99da47ae97e36af71dfe413cefc99a82ef292af8a0e08e2036089c5cb28b2731b0fa27a09d9a8ce5af4df0558d64a6dc18ec80d9d4e523eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fb7f63bd190d13fe71ffff685758e6e4

SHA1
873f22d2d2a77f5ff30335193a0e2e5f8633cbdd

SHA256
7bb1cbabfb7fbb58337fca535d4cc95ebb8767db0d9e7b9a1c2115da311875a9

SHA512
479805e5dcf85ea3ff700e16dc216ff8b6ca53c291849f8b50be609a1a3bf7e99e7ad583e4aa165c6ccfb5e2de554311e51250e622b3c87b2565573d3f3eadf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
60083d1b695d1a28f280916cca881a02

SHA1
0d119a38b244a32b9784e940105b70590ab48a0d

SHA256
9c23b1cd9c99dd3161b3a372de5c1b60a57648c2847534ab336dd082bde5d0cf

SHA512
6984d3d643bd27c2544c5060f988c9e4bd292ed189485fdbe3989def9817d146829a067d0783ef0f6526545290740ae8c544f8bb29b83b7328be5926e79fd73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d1ccbe977a560860f081650a7bee6235

SHA1
31e6447d0d8e9c446bbbb434d5a817407b6025a4

SHA256
820bd2e2a0b2eeea6f0d4a51c3221c0509d77884e21adabcb995f48ba6884765

SHA512
2aa2d916a9189a2f33d25dbd51945cbf98d767ec5be48d85363159414e681e0273f8e6b888a76d553e1313cc8210e59e9e25f29a8b6006492778fb2af09619d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a3e854ec9cb9562b8ebd931842ebe43e

SHA1
fdd13628dff1ce102fa292d6cd0dcdec6b415c1b

SHA256
e24a6b2e63d82cb051468fea5ba26278ba8076d6d31a8b59c3392ebf80edd75f

SHA512
4a6895f7f52a1ac772ed36c748a36cdb986891a81ea9bf268a70de2313002492b5cdf918a49717a15099f68c31103610e696a32402c7a0dc056ccdc8329c9d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75497c8b5e2f7c74fda0678a85c93360

SHA1
8bf77de3ead649d8ffc7da27699d4714fb8efe10

SHA256
191508d244bf17fc861032b7cc5c1ff0c7b4e2999acda3109840cdc0efb1bcb4

SHA512
9ce987ec3c6c9bb9817ae245d7fcd9d283beeb4a32139027860b2976dbc83b2f921f68103a71917c69c14a8b05bdd1e403f12377625f61b73ea3b1b40796b904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d8c0fe8c3b6109771b4de4d76f5b14e

SHA1
bdb6bcc1cc373ddbfdea6a7f04d78cd4e6c44ff4

SHA256
8f2772a364eb3ab3e73db8a96c78b4498fc1dde1d673514d0f727d254c90a8d1

SHA512
d313ea4c8da139f1d08788c109c13b4bfed6f5289c2c14fadcbcae53ca7d71da5104388e1c9cbff39190837d65f10d60a8be2634cd7326f56c0ac2e65db6adf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
017145cf3a2b01feff4e2438c25711a8

SHA1
44bf0aa855a5ad3b1da2a4d794a5b0effab9e2d7

SHA256
effc6bd77b9e6d736ffddfb140a237fd8756ac20eb0fd5d208ae87d47f863805

SHA512
49aeaacd699160b368c59890978ba654fb691f90dca2e45a7e9fd49dd2fe41d14e5152517f83d3280c0ae533f7187b723d681ccc19aa3994cbed4a3a278e18c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
633ead6580c657da1cb092fc948d2baf

SHA1
3c5604a2abf6debc3a283eb475370feffff43480

SHA256
d06ad7756a41049507d272d084b06136dd57a2dcad172ccb116f3d74d188f4a8

SHA512
258668ff0500d3b0b6d89a2b6421a3a6e35bd7748f948ea3785115aa1e9a7ee64ba2667011ff478659836f9ad8236a1476c31aa3a3a5c31f00dc5486379076af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b9f37ec5af5a62109c05ec22c3fa1f8

SHA1
835cd98f92352c2a6de0547ca594600e840a3619

SHA256
7aa83e532f8102cba710e5b07dd572f4da24d4744d1ed1b73e1919b7af8d288b

SHA512
1f20cebf3fb694be3117ceba6de2c12b85bc7d1c89ef00e5937b95e2a63404ac3399f7e9806073f699ae59b94b9a72fde5b4ecc264656ce87076a45b7cfb9468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cd25931803a853179473ef159997d32

SHA1
804b1dcce2240a68b038e02e21de3daeac390277

SHA256
9937165f5a253b930f4d06b1d9d8923322d2418b21d703a16ff6ffe7eee0e3ed

SHA512
0e62035ceba9541491085aa583e858bd7dbfa1fbdd8cc18ae6e1f4ac27a454ac5e1cc631786e6b76d85ee26d433d8993d927391fde6cdd2f52a4e0049027c98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
39dc63fb2207751bc8ce6b9c8ed26f89

SHA1
d18340793d5224376bffc1d485a698460abc3a5f

SHA256
781eaf5e125aa1049cde828a698d68ed258d87dfa05989f7db7ecbbdb0fb04d1

SHA512
e015f07021592ef33d498f5baa6b8fd1b3615f0f54aa99710e24f16794f3bce4002692cd46a36647efb9e199207595b9ee528ed3b70becd9aa74ed39b28ae42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7be7896caac1ca9defe01d6f64077fc7

SHA1
69939a349b1e6fd74c9b862d416fdc693c42481f

SHA256
ddbed175e3bb5583353ebad0af1a1102d878da1ee5e096d1c5810c1bcb8f906b

SHA512
2dcdb2f86382e3b2f9049c15643352c921384d662ef898be6a97d609961907c0948e5e64d5490040d08735980f938b18520e9d93894313d03a56cd9a2e2806de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5822c58e18aa8ecc42340de1247322e

SHA1
6029c5a8c3f13b3c01ea31377631c0493b5f79f9

SHA256
33108303cd29fc8c99b2d050cb3875fadefd957bced301f2fa5f535cc85ff2a5

SHA512
840bb59bf6e0607c469a5d0d369e8e55f55f99af7ef3a5aaeeb6af9f1b5602e713d26ce1e05182fc6b37ac2c397aa19bb8f294f8c805469fb9e3f0fe62e59387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b40c1c533904631954cab5a17d5810bf

SHA1
17b4cae7b3c1f61422e9888e52aac930e388555e

SHA256
7bfcface311adf68339617711f80eee36fc494ec061638d40a1622a8c803ddcf

SHA512
9a35fc2c609c6afc458da9070f8c216ab2bfdba16de9a3bcfc4c071a51578355c7699ec0e8fe159f9cff68cfc398493bd16b4f2b9062213bd56fbb92e9f60f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f1abfb32fd603fe0b6c3f4778be539d

SHA1
7bff1bdb1e92f42eee719be32dba4786d9fdc4f9

SHA256
27bc3dd29aabaf350a5e26a98320a5382f5691aa89e7d5d57662294e53b1d8ea

SHA512
5d8402075f3235ad63f8123c8427319e719cb388f89eb096cf685b01673faec03c1fb7253f4255dca653ed9e0bf0bca3fc559c6423a46e93e9c7962c23f369ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7889ad572efd32253b50f04b77f352d0

SHA1
dc89b4f8849e090771dfb81e0ee8707f66ea039b

SHA256
1afa0099e63e28b545f2c90d89f463fec65401ef8f60858d9aac5e80331fcaa3

SHA512
699284c44dcf8cbd41244676bdc196f06fb0b821b8be9f4eaecc165c93da00a1cdb84a777bf52e079ed836a14fd7ca2b821ca37933889d64f6ba87323976bf97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d553b563576da3fdd411b4a90001bfc

SHA1
8a111d9a3107fce6dac529be29ec3c4005343bbb

SHA256
29b440d8db1bf6c886360e91df474e41cd05b6dbea195a6914c003b86358a062

SHA512
0d76cbf4402586cdc439d1722c9bcfb2e013230538f24b1b22d434067bc35415120be9ef79892017e854e30fe3a4f39bc6d6157895a2a4739dd47a9a643a922b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05fb7b776ef1e01f493118a7b5041075

SHA1
46ab55467a5f7a2f7a6a7a6f8f5ab8f0007ae525

SHA256
633b5deb0eb35fff133a673e90d724f6130af0fe4f7eb96309235256e5d087b7

SHA512
49237d0973a6f68dcc98bd799f96ca9dcc5c46cd3e0772a94f6d37f2de956604779f61b7b3b908a5925132bf1bf203138b8df7618cf4d8bcdab3463257ecde7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1101f790e3eaa28ac53ff0306741565f

SHA1
0370edb0a59efbc576e27ae7391224608b1cbe57

SHA256
42c4021516265765e52430ecf3f845eb778a929e82340fe8d48b14ecc31ece77

SHA512
abee333b58fb6fb1281b5bcf3151bdddeafedf78260ef94664e1eab48617ef6187f82914618dd234880a9da1fed785eb7984796ede3818266d619eda1136eaa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0163ddec9d5352c176a81d07c003b38c

SHA1
e62d8da80357bc79834525ccfc5527525c746f29

SHA256
6725eac9edcd58669e70fe8f7aa660c8ac1ef33d5ef908a7e3f7002e04f39b49

SHA512
58361e2fc23ca9f6de5aee2b3029e1afa8bf87e0dc9b3f71d189037d2c687eec1948f11a7567c52cd6ad75ea201a8a95d8259bc0e2654c65176542df0fd8c82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85d42f6e16552daea937a09ee67fedb2

SHA1
1ea21741a8599159734ad9b284f8dc22b6ed8fca

SHA256
c247f83586a24843a5ac50d4c9db486be40c591a0b305a58eeeedc8d412cc64d

SHA512
df02340e85be93a63ce68d64ac25be818bbf37314ca9ccb399d06a3ecada5d8e0830f81e841a834352f763d265364074c2769ede39d394df9b376feade3a1875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9cb1295ab6f9fc5f5adfca234c1354dc

SHA1
1b16bcf1cbdd0433f5e902b80c7dc1894315ce02

SHA256
5a2bbf9a01aa20e1944c5cf7bb49cf753381bb122f3d24e6651138f383240849

SHA512
34e6a85f13abd7407d9b57664a0dbedab948d46df7790e8b145090431d36cb89b1219f8ff5a4a1941bc1651471394aa8f2078a49cc0b255fe6667b96f9c00d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
931e517f4cb598d4051fd7ee53f87e98

SHA1
3a903be3b31e6e82c1c25504773ac8f0f8a9d256

SHA256
1950bb5e963b21320293a7b7c356d277e69b8c66a1e87d3e86c8ce9126153e56

SHA512
e6368952c795a8c8dbeffa2f8eba9685da7ab4b1059af3573e33455c1756648c2b2f2e25c88a045640351ee736fdca18052ff82e54115e5c364c2e5faa0f82a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
741475f735859ce9778eafd919a0bc45

SHA1
8dff483335a76683de0fa8956a423f9573e3b923

SHA256
481ff950f4aad1687af93ec774dc9b1cd61bf05a1b47d1c79b1c2beff9b424b3

SHA512
62fef4e8525f530d6b5431b15852e97f6fe82aaff0207d8c934198b8527c4d1999eeb6825b22b346341dc0b1e101e822faf1f179de6ae8841d1d7ddd36c269f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
554bc5f5b9c26618ad8dece7ea4759fc

SHA1
5b8731adf7feee69d8f80434c3c588c4b9c8e6b0

SHA256
2bebf8b7659e344b0f64ab56bb1803c3b03e20fcfe9aeeca61b9fc0022da7a4a

SHA512
a970dc7c1d9158f44bf09bcf7e650bcac6a9a69a7ad3b112de7f5da7c78d5eef0adb17139ad8c149f56cadc64bb467a4750445efa973d718090c8fab13fe9f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f038df36e6472579f3d45695a01ea6f9

SHA1
307baf016c099097e644bddfd8e42a527b891a22

SHA256
79038bb618c6dc8eef49c9f717dd4b0945c33242be76ef857f48afe826dfda46

SHA512
ba4e07ee5b7f95de0f752a83e5e52246bd327c124523213caf5d2b2100b6756388038c5b4c38c0a01450812744d8dacaeb404fa0d17bb986fdc63d8fe0a37204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f3c9f28e2927e5691bf8bdc642ab6403

SHA1
2f65bc7371fd65acf32ca2a9d453b8d1bf3989fc

SHA256
0f7be05f4ba4b8ff190fff53a53fd89d0e759b319d4d147fcf7c9fbca4d0e49c

SHA512
e9ab7778b34b0497ecc6fa9007df47516e9cd68248a9e3439edbe108fb4076704cd6ff614955eab6001eadeb55d193eab236c3cce591ef8727648de8c1b22199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
e12fc283194db7a3f2f2e6722380aba4

SHA1
a4d51afd38bf0e543e6492257855bc5e40da28d9

SHA256
be06289dc10c7bf4f0b6659fdf30e7486cb9c8c2a4a567c99595f8fd13860313

SHA512
9f85791c591029a39f027ffc28130fd62c02924280121913ebe3a24d018da5cdc51825f5365f26befdc381deccd5d446a0402237fe1f25622f2c51be99749396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
537508fea2c9feda3dc1df56d45be456

SHA1
0ff9291fa9d2d7c90917d1c4c98c64032ae7e76f

SHA256
427b13d089f365d2c2d2dd8c4881685644d14fc226e7f6baf3068f911856bada

SHA512
802bb8f718a51fc3b1b5fe0a006378a0edb6aadcbb9793b86f5b4e15b78bfddaba5451fd223bb4d4a42331070517e07e20bbaac793b7be86aa8809346f84a2c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\ca913317-65be-463c-afa0-9d1fe88401d3.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4716_1013912600\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4716_1013912600\afd39e1d-05a7-49c2-a9aa-93f8fa3cdaed.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 538302.crdownload

Filesize
91KB

MD5
985dd3db3e1a085db5c5ac95ffb5a61e

SHA1
f7640891a75ec079ef5a0b2acdd6c2d908271906

SHA256
c9b0cf15c3febd34f5a69323a8fa6899d1d8c8e0a9298a1dad3d585ad75ffc5b

SHA512
8157b47e14ac829cf5f7c5d3688d71744b92ad669806587d96ed26931c2c0555111046e2d906b9b889294981d69cc4c3369e94dd4cb11242b7b281e36d38532b

Download Submit
memory/3272-3-0x0000015EF9D00000-0x0000015EF9D50000-memory.dmp

Filesize
320KB

Download
memory/3272-2-0x0000015EFA770000-0x0000015EFA932000-memory.dmp

Filesize
1.8MB

Download
memory/3272-1-0x0000015EF8090000-0x0000015EF80AC000-memory.dmp

Filesize
112KB

Download
memory/3272-0-0x00007FFC85053000-0x00007FFC85055000-memory.dmp

Filesize
8KB

Download
memory/4248-862-0x00007FFC81EE3000-0x00007FFC81EE5000-memory.dmp

Filesize
8KB

Download
memory/4396-1018-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1014-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1013-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1015-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1016-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1017-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1019-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1007-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1008-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download
memory/4396-1009-0x0000017056300000-0x0000017056301000-memory.dmp

Filesize
4KB

Download