discordrat | 1d184c635a032625f10639ec3458a6f8d0a36a6a82078a11b820924f39056080

Resubmissions

12-12-2024 19:55

241212-ym8klsxnfp 10

12-12-2024 19:20

12-12-2024 19:16

12-12-2024 19:16

12-12-2024 18:49

12-12-2024 18:46

12-12-2024 18:39

12-12-2024 18:27

Analysis

max time kernel
299s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-12-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mta.exe
Size

98KB
MD5

778dce14368e8b1105544c43ce09d2f1
SHA1

81c7cc17d48b8c5e6e5b9cc1efc8bbae1646dcb0
SHA256

1d184c635a032625f10639ec3458a6f8d0a36a6a82078a11b820924f39056080
SHA512

31a517a024726bef90c60c05173852de117e27960e981ec92456e6a3e4c0b6ac50437b8bfd2ced7afbad2a81c3e00a4c9bd5622af2236f3ae37856d6fd9d4aab
SSDEEP

1536:Vic45PApy/vpjAnT9ZqzY4r5VVZDAcE3VCQfwbJ6Pr5+NzxCxoKV6+UyNV:AxApgR8T9EE4r5n8rwbJ6Pr5+zNyj

Score

10^/10

discordrat discovery persistence ransomware rat rootkit stealer

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/3376-1-0x000001C1F2960000-0x000001C1F297C000-memory.dmp	disable_win_def

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 40 IoCs

Web Service

T1102

flow	ioc
76	discord.com
78	discord.com
84	discord.com
90	discord.com
6	discord.com
57	discord.com
62	discord.com
68	discord.com
72	discord.com
88	discord.com
94	discord.com
43	camo.githubusercontent.com
53	discord.com
64	discord.com
44	camo.githubusercontent.com
65	discord.com
66	discord.com
86	discord.com
87	discord.com
63	discord.com
74	discord.com
82	discord.com
4	discord.com
71	discord.com
95	discord.com
83	discord.com
85	discord.com
92	discord.com
54	discord.com
58	discord.com
75	discord.com
89	discord.com
1	discord.com
73	discord.com
79	discord.com
91	discord.com
93	discord.com
67	discord.com
77	discord.com
81	discord.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp8251.tmp.png"	mta.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133785072630005036"	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "7"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 8c003100000000004759a668110050524f4752417e310000740009000400efbec55259618c5920a02e0000003f0000000000010000000000000000004a00000000001c26a100500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Fortnite-External-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2844	chrome.exe
2844	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3804	OpenWith.exe
1216	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3376	mta.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe
Token: SeCreatePagefilePrivilege	2844	chrome.exe
Token: SeShutdownPrivilege	2844	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
3804	OpenWith.exe
3804	OpenWith.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
2844	chrome.exe
3804	OpenWith.exe
3804	OpenWith.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
3804	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 3500	2844	chrome.exe	80
PID 2844 wrote to memory of 3500	2844	chrome.exe	80
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 436	2844	chrome.exe	81
PID 2844 wrote to memory of 2368	2844	chrome.exe	82
PID 2844 wrote to memory of 2368	2844	chrome.exe	82
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83
PID 2844 wrote to memory of 2464	2844	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\mta.exe
"C:\Users\Admin\AppData\Local\Temp\mta.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9226fcc40,0x7ff9226fcc4c,0x7ff9226fcc58
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1976,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3748,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3392,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4584,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3152,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3472,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5244,i,585815727617520241,1911040657288828351,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - NTFS ADS
  PID:728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004F0
1⤵
PID:2736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\08f09187-02a9-4fa8-855a-3f8225123f94.tmp

Filesize
15KB

MD5
7e0a631ee9be733044835c49976e7ec1

SHA1
f290af1bd713c27ff5811dd638bb230837d41ae6

SHA256
b18785d46f4e931e9703e0a6a3154e092b3368c1c54fb411d1a0e341bc41ef32

SHA512
474699cd8fdd6689aee0b3430a395e8b87a3956c8dbe9f09c741b56203cc6d6f175ddceabeda445452f4545a5cfcaf01cdfb43320139079fbb46befec384d8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8482b5e2-dbd4-41d4-b62d-849969b0f140.tmp

Filesize
11KB

MD5
90b77af732d9fcad6ff7a041e90acd13

SHA1
4f46879617e9620858e417a6a58a180a07a9f1f1

SHA256
3b82d83e42fd52458c1640a764e5cb9d06f97d8df8f78ce9942b88b961bd66c0

SHA512
0eef4bb00397c1b43a0e9c554f3a7cbeefa98fff7659f6851a217f663e7086983caa4a0af88be9387ff51e30647c15b33c5ab1894a621d26bb06043c48366937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
96fb90b084cc0904408df681c959c2c4

SHA1
882c2898de89d90fe5996d3b7e171979f096e510

SHA256
228060a6dc1e5e2221a5e462f8f7013d6347e6b58f53a701eef6f1c939cdb4f7

SHA512
429632794e45b33741ec04bc7f8ea717268883ee7a7f0eccf6210bb825b1d876730aa5c38d3b0b917d8546725d66a812d357d6d8859f15291714c918e914c9c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
1024KB

MD5
8845624ff67a1f80ba832e6066162ce4

SHA1
0c82bdec6bd8425c63d59448ed27240a0fc43930

SHA256
11dda67df5353ff7bb0d7398b0a4b55ee2c21e7fb6b390e309f118bfa9b81a42

SHA512
6c14fe0ed948dd5ee5b32cddf4dda2519aa1312345fc3bc07746b8a44334ad36278b4ee1b6c59d2a4239f70b4acf8b0a8e98d577b2ba0e2a824f8e91fa5f4ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
1024KB

MD5
734f0d2aa02e153771b57835b95c6bda

SHA1
20a5574fce6e1fe62bdd75967124c4c7af83c61c

SHA256
6efac680d20f7ca27c644b2b9b13afff730a8f19c5ba30bce346f781212abd0f

SHA512
fde0cf755b8f1cbdf169207a0b24b905ea198b61c6b43d1eab833a23140a3e3928f8ae6669d7dd7cd1d7c8c50a47302cb84ef73eb85cee2d98bf328d01db1aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
543KB

MD5
d9d7132c00b70e1b60607908ab6e3289

SHA1
689b6f804c4e0893d9d1667766e63a4f1093d7b9

SHA256
49926953a3058452ce092f8cbf87103e48fa404d6bc09bd126dc1fddb5115883

SHA512
9e160846f9322fb932b1a293702a60e1a370788e57d585dd009687d3a632b5a788a9785f5e2234fa0b417117de28e80dcd9e21045ed5f2dbeb975b9bbe4d4a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a308b4def3ec7ef4d5dee7c6198cc30c

SHA1
c7daa52247eaec54bf8d3f9653e0b06ff28990a3

SHA256
42301e90d53a437875b6982055977123cdc13101d17c0accac1cd7e4eb684e28

SHA512
8f4a0f8c44544435a413fe3b4dc3545b31eeebbf7e4f896ccd6a4db33fead4f02ea48575473dfb521aeff3eec1dc1871ad17ad15a80a84bff39ca6250f08d80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e73ca557299d5ec89126511578aeac6b

SHA1
05ebd9907f5098593cae6ef857bc05a27ff7b97b

SHA256
3bcfddba7e34859cc274b63659bc138d084c835ea4cd927d691593d0b692f21f

SHA512
0d9e2a466950ae735fba3808c930a6ddf8437542e65eb8decb51c8f60e009a96159549b13f0dd35156d6310eec25c01fce214cba7f5f28d83f2c77d97bcc2520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
769f1c29b04752eb05472f1169af2b49

SHA1
c609003bba726a086efe9b095e593d73ec364fbd

SHA256
2746fccdda1684063d980828e1a429fe90cf89d31bb5516ee918ba4bcfbb0773

SHA512
a173f9124104137ed983535db10e1a2c9273da200a4ce779b8128b08e8924d2571eabc19730beb4e938179c7e090dd0aa0bf09182de411bde3e3a72e6084e94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c2c3d8e95c816932bf3a30db60a92143

SHA1
50511bcddc9dd2cc2011deffbc221be9f015177c

SHA256
94895d37746fdac9d98349f75f5087c83afe47385f7a7caec38505c0d1a52b9f

SHA512
bc60ddb3a6bcdf8069042dd0c4173dabf09224d2bc69dc05082e2965867be9978b320c70448bfc10910a1c5bc5e8200d2f96b272f7d22029c7192b45f0af164a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2efe8e9f5f371fb57c2d3082a59da0d9

SHA1
c0101174b477d426b8e8393d6dd6a76142c7f387

SHA256
8aa2e8b0e81e41fef7b7112cff019bce6e55cb2adbb6217b8a38ff564643ba12

SHA512
2e3fac24c59e6a2021f73fe478661d8db92d1b47ac0fd58e622063dee519c269448ade82f862c458d3b3ccedf251b56d258ad92427f7d08af36a3803bc5d8f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0a6ef5f81c96f25128b97b312584ce37

SHA1
46539f9ca70084c01a6d4ce17b6953e340d10b81

SHA256
c7004a360fe7650caee3e104f34109f861d5d30583403c232a9162d15b1724f6

SHA512
71dfe3887afe70b9140187af03cb7b57b85e56d22cd7d3ca1aaf56e9032f8e7c19c3e1c35ceaf4fcd78d1f4e21e73a9cfefbe87f8848fa2a894a142e6959a7ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1f953f41319fa02a549eaf8ab7d01549

SHA1
5782518fdf18adf01da9ae35517d815340ea1646

SHA256
d9727a518c826d8858d8c7d82914d43952796f8a0e16db58c2239579be25a6dd

SHA512
70a306d4ee7c2890028e2a06ef745644938e40c29abd8a771499ad9d39eb5f4660a0378a8e9f4bdc7324d3968fe475ddc1cee8897e34731a9d6a50ee5fa8d55b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
edbe1367bb8b79bebbb83467c6b7a5d6

SHA1
1bdc5e290699890c9177f536b68119f403bf811f

SHA256
e2d1da1cbc985fbc579f7c8eb4b8f2d0654570622f8cbaef42fb1306d052b73d

SHA512
b90e5bd4dfd2bc1efce76d0201e46336d16bc4543994e9371c8283935a28732be59c2223f1b3dc909902e4c789d477c9e489a40bf1f9fca327d3a4bf3d281e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8b6746d1c5d3bad4f9434fd12b03a83a

SHA1
12e889752e2d02c5778ab79948c0b46103101c63

SHA256
d91e7daf95e912dd92ae469829c82fb0bfabe8dec7ef9ca48d4b559c912e3e2a

SHA512
bee888a5dee0f2b22e96fde672ab72b294f7c094ee6f4d40b9c5614de7452a1164cadb710740dfe84e023affc3ed97c0568d03f56fa12bf850495d386a9e813b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
589e926302293bdc4acf5ab00c123d7d

SHA1
b351f25b89cb924231654e519d024f6cd6955ce1

SHA256
c351e5a53e1d07ce709673c299c961bb147e4bba14ff6e0e64ae622fd8ca9bcf

SHA512
9473479d78accebdd39d5edb214b16e2b2449a62125286a4f5371fdb1eeb6b2f4d3922beea8b3ab7fc5a55c26d7454de9067738ada6940518f89e09426b3c904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90f0ca910b86cbe7b2053ba9b167eff3

SHA1
13102fcb59a46853c5e2378e8a8de50af68f9e80

SHA256
6699749abfea26951ac9a65cefe5c46b466bca93a3609c2b223ef32f2c3a6d28

SHA512
89d2bf14a351be10321a230e4ad10f3b64a1da0c6292cae0bb724f9910b31468d6878db2147477a4c17721d8c03146386421dfd37f10a3b6704d3109f18185b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
35d0b6ed45b8305acdaea79c598aa261

SHA1
ab0744116ac6bcb30b9209b2a44e297494511baf

SHA256
701f39d68ca46a0bde8862c91582870487a0b99e9aecdf0da6f479fc3ef1a352

SHA512
8381e4f7f2c78149dadc95f69dc99b3e583393acfe760b10b6b518809905a95b80c4a6f4434f883546b0449118571312dcec5429d84a3c3549f7bf7b75e65e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9767a40e70aa8b7a2f239d8527a50eab

SHA1
1f7b5c426c70168c327bc0ff3945d76360ac5001

SHA256
21fdb255fa63281e6b7cf531bdb5020c5d4ea87b7944e50f7a66f08d3c88774d

SHA512
e6df92c9935025669ad96137603369b1049df9485a9822acb7f8dc081cfcc3fc3dc953c72f60dcc6954eb6540f6ca9b2c18da7ecc0d28d3ff90c8a83ce62bdff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2e760adb313fdfa5c34d7908ae891dfd

SHA1
fa4ec2a44c176d949af36ada5127040e9ba4ee64

SHA256
7fca4d32c5f5e9bccc2c18fe1891133811c86f3d366bf163b62517eb7530ce4f

SHA512
9bc42bc3f52c6b781bccc244a692adb4c6ce501ec4edffed8d2ebda4bfa4831c170d18f7b158e1f96c2d627c437dda1787258fb7e3468b40c2964bb834d92180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68fe9099d6d22c2ab184bb99a53badb8

SHA1
fb2c63d7871a1c02a96a2111e1eb1958b1ec3191

SHA256
dc6b1dca600b0420be15c503150d3aa92d69b4ccb1292465818251c0a3661fda

SHA512
74c6c9890770bc20c0f159c6bee14ea0eab167118db45134619ed8daaa4ada89387d3862fd1ad6bcf116581f9599f920dc6751bbf6fa577314ecd374307859fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c24950cda0f261c9d289f6cec3375e11

SHA1
7a47624b27f39bf678177e2cdaff3aaf15d467e0

SHA256
1894298913e84fc713d56c613fa8dc56b7cbbd8fd102683360999acff403a78b

SHA512
5ac30774c836db0663045f58a6617bf1268912f651095d398c9b505d9d031c6958454ffa43fb48a8f3f6a39abe0acf26ccac81521cfc85a66843e7cd01a92c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
16adb39fa7f844dc5a07b1ddb624bafc

SHA1
580a7b13304f3425e8aa38bc880c4cd83256742c

SHA256
2a51e12cb4cd68bcf32cfe07a93255887869baf2aa521dd16546b791a7d7b460

SHA512
1da96b5ed9e11b29074158ed87dd1733493e41b3bf7409174e99fc7ecb67c2ba412f45fdba47ca69d3b4bd501a9f93717773fffde7450b52f375ea6ec340956e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1beecd1192dc8f04fd677d984b69cbd2

SHA1
41d2ecb371c7cad87702b663de770e0934ef42fd

SHA256
a94b49d61044a4198c75baec93eadb75a9230e9acd67bdc984143024146ad838

SHA512
fadd0af0e449a34088f02966acc147386b2c132964cced7a9171b3d9e38cff88402b6a2bcd778b064f359e559f9bab76c9252405a724da4a54b2f9aab67a0fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6606be186737e08a1f0d62af7063a469

SHA1
6ae5f4529079b16480a916621d60bd82ba39f8fb

SHA256
cb974515f0500ad8b4513f7af5ae6cdf9a9354e1525729a51053c7ee2d57328f

SHA512
f9ba348732581c2c8075e6f0a59763a98e33b3b4513f79a8ed70506060580e8309f3fea17e6dc9d3ffa038c1d5fc8761c0d0c010cf9b748b0d56fc85ad116155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2ccf3d8276e2b3caff87d9ab272070c9

SHA1
6115ccd47f701ca9919a527a62baa316b37895c0

SHA256
2706b950ce6a0f91765b42e6ef3f2b680aaface138366c3c76f3a0d2a12cef29

SHA512
c8f9cc1382e4b84ab8fa19cbaf9d741d9382adb574c98df34f64d0441bac6031c045eed8b946ee1579687c3628ed1f8061ed2354e46d11ef2c8b73eeb470e3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
64b6ae05f96364f9b5ac0b59f8b16f2b

SHA1
ec5b056fe4374169a262ef50c2da6c0f485706fe

SHA256
92e33eb62dc8b89d7bf2fd245ae1b2898e1f504da5dafb4baf630e4aa7dd9a5f

SHA512
afedf9507b3065610962ab9444a216862d90196149a942c4e62539602b922b71055ccb97da9048e09168a35b899ac06fb470e6b18c8140f35b7ad57d81df31c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ef9509b6518af345acbe3b83952e37f3

SHA1
ad4d061873dcbe5d0b3343ec22adc1dd1e8cf2ab

SHA256
75b92696d30a8de401bc5cd0d8373d9df285350766eaef7c36c8916847902a84

SHA512
1d874c895f08a76d1ac08e9820f1dfdc4109a44a24926718d287c0b0b1525b5ee9912b25398301ee18a4d2be813dac7619dee7db524c83cdfa0dd2ad3ee02e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1ea0375fdc27cc148e50fa2ae1c4833a

SHA1
c045e3908c9dba5d1c4624d3dbab7b161c46be58

SHA256
e488a74465674e9b199ef343b7ccbcdf4f385120ceb396f1d3a92fc535b29055

SHA512
90e1170fd19023ca3a3e5b0571ff87725dd1e88b9c432349ab679efec3fb5bf5298337ba1cabf6db96e4efd0974ad2b3ccbdccb05fdf1f072beacab1b4a0bcdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65bba78094088ac94a2fc07546c6e47f

SHA1
850b0522ffa564e36fd633bff7802e5981fe7768

SHA256
1d2870d223fcf8d2958c34536c1a5432c4ce0c504af9b15ec3784d11f3bb7755

SHA512
45cefdff6efef262757011f6ec4f1d5527788bdfc5640a3cfdba0b7cf2de5413be6bccec2667fc79361851844b8d836baef7269e79d2fc2274a6a5a381630035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7c7336a0a9472f0ef3fad4fa2aa6a014

SHA1
6df9bed543822e8176d372213122a0e1dac1ae2c

SHA256
60c64fe91f6ca31262110d5496f63183cd6b1055dea202a79656877d48b6cc72

SHA512
a26a919585fa779b02878856341e8acd0753a88d4c23594b9649cb4ee665f45529e17d82deac68ea93a9e73ccb29f056c92b163c0ee6f179fc77a9eac6857a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
02368866cb82e9cbbd31b6a4bf184158

SHA1
f4eab3eea7f8658cdadc86e9e13137d13f798b58

SHA256
5fa78843f30c9b76f680b18d0bc0b05dd8963c76101d1d55903adb5491e90ce1

SHA512
d9575e501fa16df4967dcf2d6078d12e797d353aa694be97259fcac3f08ba0fae481846434827fceb446c88c7eef3b5ab1ce4c5b04fb239c38b5c6b33bb4754a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e9afae17582a8381d436001474dbc497

SHA1
b7e81804ca807de713b491c690f3ab50b00a7d9d

SHA256
b5a290a801855182c30df276a1a67991f0a67d204e3482f2bbaa558c2e21a641

SHA512
687be56c3189f2157d42db4b0800b2b4e61bba180323d0f49d702fbf3c2cc2fa5ac755e40b37a7526822b957c56993dbcdd9841298f1d6fe6feba7ec98c486e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c171a72cb2b87168421caf81bdb20417

SHA1
0911a65c12cb709b1d58ea484a0079798f791279

SHA256
61e43733767c0d8397723797a764de06910cbfde3949ed33ea5fb44580e24c14

SHA512
0526eaaf6cb6b2342e05380c584d6ac6973ea78c5e64bf63d86b26f1ab1eb49329c8d37513aad41291ff10711d08b83c3c1554ce7d2fbcb71b376f0acdfec59a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8315e2f9a6e49b7a77a32eb794d12747

SHA1
307f3e8e4738562cfe7b6d568618cec79ee66829

SHA256
8ec1522817d4d8e69d3785d3820cab44ea45ecd2c07677e6c520197b9bef82b8

SHA512
47c2035b5076f00613be2ad0766418854a7b3837ebdbbc4ad9ab17fead855e3450a535aaf8a03e7e7370d847c03f5e06a94fa57cfe3977d13e09564685bbad87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
989bb535abc0a2f17f6fe5e7ebc028b3

SHA1
10dbec138b92c572ce22aab301e549c195775d52

SHA256
cd68164d4e39da3861187de7f6936f1e91546488f16e6a52db7514f4184949f8

SHA512
ae05200f12ca7047f7beeefd6c55cb70b7ebeac27c90fd012bba5e697046599f68733dbd1c5bd11ded9d2886f8731f8ca104dcc1c29fb8e71e108fd0dfc09157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
8cda861117f6cfabcf2a5ce088b53e95

SHA1
28d9a3b3129e1daa56f2365233bd931134ac787c

SHA256
5e0a66ff85c34a589c954760608b7970277909b0cdf4b5399f3d9c831fc97f38

SHA512
0efeb9e031bb08a0f6eb31ced32dff02cfc1e37210fc6a7012f3188ec4878f0b896fda22688ff7b8ad3f31860332af84ba9783be409c31a419c4b402b4874946

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Fortnite-External-main.zip.crdownload

Filesize
1.3MB

MD5
af00ecbb7510fa64ecd37148fb764226

SHA1
d0170a93e8426527b47742c5519806a311c73200

SHA256
54fb51dee1cbe87754b41350322869531576e5cdf005141e477cbe326e504803

SHA512
fc40168ce1686a51e7b069a9c8ed6810a11f85a3120c056cc9f0e7d446399a21a319b642b1270f775ba0d0814c4378d67fc4d89fde463e4c4b7f62b6e26da314

Download Submit
C:\Users\Admin\Downloads\Fortnite-External-main.zip:Zone.Identifier

Filesize
88B

MD5
0abc908426695c8634c6bce04c1bad03

SHA1
3ab75f3d0545874b767f40bb71603112ada517e2

SHA256
cbc3c887df9efd5ba6329e8c0cb785ad97b2b490e5e90a0fc47f99480ffadd6a

SHA512
50b81a8d5fb1fe1dc07b7857a481a3a719a12abd4394372d243220969e77f67181a8b1cd9a2ae509fdd96b5daeb1bc7e6f423d99dffdeb3ec0e4d64cfdcd9b18

Download Submit
memory/3376-3-0x00007FF914D70000-0x00007FF915832000-memory.dmp

Filesize
10.8MB

Download
memory/3376-4-0x000001C1F6410000-0x000001C1F6938000-memory.dmp

Filesize
5.2MB

Download
memory/3376-5-0x00007FF914D73000-0x00007FF914D75000-memory.dmp

Filesize
8KB

Download
memory/3376-2-0x000001C1F5040000-0x000001C1F5202000-memory.dmp

Filesize
1.8MB

Download
memory/3376-6-0x00007FF914D70000-0x00007FF915832000-memory.dmp

Filesize
10.8MB

Download
memory/3376-1-0x000001C1F2960000-0x000001C1F297C000-memory.dmp

Filesize
112KB

Download
memory/3376-0-0x00007FF914D73000-0x00007FF914D75000-memory.dmp

Filesize
8KB

Download