discordrat | d6e052c9445c451e1996d502db25acf07a11422669346305deed555609873d2f

Analysis

max time kernel
269s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_631577.exe
Size

28.6MB
MD5

75a296926d21b2e1c18b87d19b3db434
SHA1

ad1e59743e69fcb718dd49beea6f26007a5357e0
SHA256

d6e052c9445c451e1996d502db25acf07a11422669346305deed555609873d2f
SHA512

2de27cb04987bb93e5329b52b2ebccffe0fbc933f3244280103614617e89ba3afc7d74febcf8e543e49c0b36d3e32f548884a88178691ccc1bb5d5c78fa78346
SSDEEP

786432:XTEQBxEyYj1czwFwHIxwjRowPdFG7d90ukIBT2:XTEQbWjGTIxwjRoSk7d1Pt2

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMDExMzU1MDkxOTk5MTM2Nw.GrZwe_.ee6et47yN_nUfmpLzue8e-7WBqtjuRMl3b29EY
server_id
1320113456485109791

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup_631577.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133793665204494563"	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000006a4174df9718db01b8af9b1aa418db01a678984ea154db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2616	Setup_631577.exe
2616	Setup_631577.exe
1424	chrome.exe
1424	chrome.exe
100	chrome.exe
100	chrome.exe
100	chrome.exe
100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2616	Setup_631577.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
112	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 220	1424	chrome.exe	85
PID 1424 wrote to memory of 220	1424	chrome.exe	85
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 1348	1424	chrome.exe	86
PID 1424 wrote to memory of 4984	1424	chrome.exe	87
PID 1424 wrote to memory of 4984	1424	chrome.exe	87
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88
PID 1424 wrote to memory of 2064	1424	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\Setup_631577.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_631577.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff825bbcc40,0x7ff825bbcc4c,0x7ff825bbcc58
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3448,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5280,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5480,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5492 /prefetch:2
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4760,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4608,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3500,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3184,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5304,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5620,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4684,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5788,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5868,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3756,i,9403340305118682586,16842174496031553819,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:100

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
347b0695c9b80e08eda33a252dbbc8a5

SHA1
b15fea8d20c262e5f46dc4e6d2204c11baff3233

SHA256
aa232b0c77a89cb2f89d92aef709141818e00f51a01378cde0128e193af282f7

SHA512
0900e069833d2d4a9f91cfa3867c9f65f0b40701bb27b886ef812ed8edcbf0a15c0e0bd384fd917ea3841b76af79bb50dc6cfc1247f0d1fd8eb826dd16c66845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8edc84904f31236447e1c7b087e765e9

SHA1
6af1c1dda98a7f8ddd309e471a82af413fed49f3

SHA256
e11e018328efb888eabc3fed1098da2547c045a70684bb452e76fb9f4fe8eac9

SHA512
6525b6dc02a0038defc7c33993391c250fad916b793d7dde538723515db67fca75602cb25bcf29764aced68f5dee1933d0e61a2e9c6dbb4e1557b2597b7ba7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6ad4d2c83334175959e6df754db49bea

SHA1
86f0700611c649ef3595aba7616b1495bab94120

SHA256
1f16a3fe27aa9cc1fe84f4f2117217dbd4e640fa8a7799157ccee00abbd4e4d9

SHA512
cc112c66e4a6528a86bfc3473c2ada7ceb191292395c2a70a892cf34057f309dd0f8d13a523645518e99517a66cf9e644ecae423ebf16252b6faf37217a5e6f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5b8345f8a8674727d1ecbd9aac3d7bcb

SHA1
3c808e4a2b63778ce42db95298018eac6515ba83

SHA256
ece2616d9aac360b9ca730320970f8c5b743c4783424a982693ad81598781dc6

SHA512
fb8fe8f262da929411fe343da11110a04524c5a22833f061463a73415e01d31d5d213c95e3f6738e76dfa6f07f65c031ac0a6c044c41fbb679a09cb300bb16c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
60b68815be3663208ac9e7eb9e0eb2c9

SHA1
e2457e0e33e3650cc8642d0fc6308905d4bf7e95

SHA256
186e00b529a2ee3da1267f8f7c22fc9bcbd9119690760138f749ed8983d3ec9d

SHA512
f257c540bede2ce5b264cb7f4a1d8ed1ca99723941a1c90c320928fe8bc76d0d76903c62067c0ff64c0ff868ebc2c69d536ef0e8d2cec6fa8f15e8aeb2194040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
14e2e1fff91d11b3d83e583e72da2bc2

SHA1
190d258e825b035b2097f47eef04a166401b2c61

SHA256
007827ad59fdca33d3d398488b3691966382215c4ba8ccaf07319f2e05022b33

SHA512
6ae5a8645fc8dc2c7508fc68dd00a3b35f70a75a2ff6659ed07819f9392974fee815d99d1ed23012e98b92c837af91ffbd9240a7b5eb24c0a90c4fbbe33563fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6fccfdbd8d4736b5757328cc6641daee

SHA1
bdb355e76103514609518410690efd83dc91da17

SHA256
596b3e800d3f854963070bf55359e4acb77e815d5a6730a4dbfa0a76941e4fb0

SHA512
022a70e7ad6cd8bee7e4a5fbdca2c87b3bcf4d39edab0a5a05ef68bb0c72dfdcaf6b8e46f1956d16303111f00ec266b2190c8bb5761bb5d8fff835cf536ddf58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
68fdd65a822e60b3bbfe224265f60a17

SHA1
47bf317cfb003b39708e3260acb097a5e592c18f

SHA256
c7c010a6fce62806e2538179dd2b5502a889115cf873a04278d0e9eaeaedb1da

SHA512
94f8d8c7f63140d4ca8edf39536d750f168c67bb088b190199535edd9a5edea827f1b19e494cdcc857ac592e486a4750a6fd40c30e38bf0f742d7e3d02bd2d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0ab4362a1f732dfd03941264520b7728

SHA1
5ebac5372623d654866e48636114a7cb3f54e075

SHA256
b02d9b3f481686c8375c337c4d41e2af2960238436f48341c7c4b861e8d8a57b

SHA512
eeaf63f876b0aef0bf32743d23c5b9e6f0f0bdec6e9354405a0c1293ad7c03dcfdbfcd6f9648edb514aef750e05b88951956aa9daad6a336c9ac5616f8e54e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
580585aaba7af41a6664594e778b02f9

SHA1
9e949b86e34f59ff2633b8117cdb76724ba8fab9

SHA256
7cb5252384b9d946940aa19a8bf687e9b0caa3683512067b972eaea889c3fcf4

SHA512
15480bb00f9d478df292e4d22ec6f9b0d77cb6415fc9780036f1e956a641f1470e4e569bd376b6f8a64c9c5e8a4886dbff50bd9c47b14e25435a535c3328dfe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03a7418426f25ac236a72c7120bc49ee

SHA1
dd2a61d463e01f4604828a2ec90efc9354f64c19

SHA256
d44bda2b3fd23e4e2216f64cee26dcc66ffa779fa45a759ed43ae7abc39d09b2

SHA512
6deb3a3deb9144b113964ba4eb749a2b39c20309b9705353014c32d24d985af30b4238775f5ae1966281dce2fd04ac835a33d3d9e245416dc98ae5949653ed76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c48d482eeee197268abc9e9dc714e25

SHA1
7785b87324139ec52ffb7a90f533e073a37c9e3f

SHA256
64c785a20bfc90822d8cda1bb392bc9335d8751fb9bb08d73d3dcb4b86430f8a

SHA512
035ff31dbab98ecca29cda6bda86a3fc4901f7428421cc3e812edaf18174398131ae37001c18a7e0077b4c69b60425135ea73f741e23732727f4351366d26ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9b8a1ca6e2d9d0a569136593bed9152

SHA1
530c4a201eac7630ab735654b30c05c1fea3cd49

SHA256
9430b735afbf10e02c9f42e72f329662981e5b3a4a31a65c3cc07aedc34737cd

SHA512
f5f62274696366bb96a21c6fa87eb4afc7e93f6dd3a2bc6ac740a966339587f7d86fa41951bb9446663a2f21d0b2efdd05539fe2b40c236da89808601c45dd29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e03a1e79725c9e1362764980942f973

SHA1
c1025fdb808fb7f63eac1b4c7a8047428d97158b

SHA256
fb732b2fbcc0eccf715068a6ee40a43d32a69242b4e8033c2eeecced8cf400cc

SHA512
31b9ddee067356ae7ed2a19b6afdfb0513ef38917ac97070092952bb9fb533449c1a9b643b64e2518fe6d04e262f85a79c6dd34aa06632f7a67e7ebcb5f55ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d2532b8fe94fea5344f77d07ed66f5f

SHA1
72cb639fd417b785795e822d8f6e78e2218c88da

SHA256
b7b7ad6b9b50e085470eab3a107acc6acf4912b35fe76b33c3acbaade549e1c9

SHA512
3db4b63953f01c7129f826f64fabf793698ef35b5e8bda1df54f2598fa4286ccf17030247ab7cf137b4cb2e46a4d1a2eebcad65b18cd13f94a1b7f1f764002cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fcf6027054103015c8e59ab25094aa0

SHA1
01bd2c6bd537124b593df5342c50264169d88790

SHA256
f5226d2a17518627ca97fddc6b3f643ddeac969b6a4cbfa13418cdef283bb603

SHA512
1ce4c8df97cc42408664ef44b7821e5d117b8117e4f5810d98afbf197ca4258d24352a8c1ca19d205460ef508a1e30daeceb9634782d9cdceb207737cfcfb708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93eaf7097d839c70c51a8ceb81f3b7ce

SHA1
4837b4c6f1d185abb947bec756fdd8bdf3390c09

SHA256
9188806870510cb9c1fe4b1433a591365970c9b024306383e2f7868f688537aa

SHA512
1fd2eada12838a294a1ec2099760203c80038df99bbe0301fba16293168d40b56d28a072106d2f826596fe11bf4c77b1cab7a49c0c6928d171bf566c19213b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92355ad0d1dc7ae49bf576b44d6a32da

SHA1
4ea261cf24246956063ae616a014ae9de406a47d

SHA256
51aced7bde01e7a67a914b1c7e4374d230f5ba0f2cb56c0f14fb3d1b6e84b230

SHA512
3577fd6c31156e872c29e6ace89d58da213a8ceb6e5f9a12963d11842f0fdbe56a643444e87289ec1bb5093939dc53f89a45110666e615b3d0e9a8d217ffe2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c1d5e83e5521eb42cc2a94c9f5cd130b

SHA1
75aebde67425a7e7403243d50bea775028daf5e1

SHA256
a49cde0fee29eb2d187cf06fba303aabccc7ed3e57a48264867b898fe2b5a229

SHA512
f12eef889f61b344f59efc3f212a8d8ed9d19a4b655ac5dbc0995d7620857d6ed4ed119cb01a5c36bc3fd0ef757d9c678d6858507fe85d581a1ff2b9b80386f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
647287c261612ab3d482b2d85d6d08b4

SHA1
4e14117b42cb89d33a3aa5b153a73cbe4177193c

SHA256
90beb26943d2fb7d6bcc8de60f564235c3e8038b99ba40f157d876f972492afd

SHA512
771a42e67acdb576023e30ca937fb390072b72f34ea675eb6c0aa247c92e6e7c4b103cf5bfbf51369e4a80390810ae3dcc212f38632709c05025d09a44d420c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
680d6e6dde8b19f8826b52a0e02bee79

SHA1
7573801e75382cd77b7185b7213641a6577017e7

SHA256
41d45d3bcbdda44a6da2beb955fc9ae61322224ad79383a6ada7c8ce57b36df1

SHA512
1a70a58adfde6b76c6f167d8f4e70f8bf8d3e96113d95015e8995800050fc4159756752b6fe9ab1c54d0e66faa79db5d6af534631dced4d4ab4ef1d266d05148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
118ff65f6bde0a60842030a5ae6bc54d

SHA1
694e367821da78395c67b8865f037d7fa2938fc4

SHA256
959ecf96c0836f2a83f61760bd87063e5aefd9c8fd40608fd220470fd7a86e82

SHA512
4f845ae16b971d874ab153f97a5f7381294b52eaa4f0f7fe4e75a0246a08296d8ead9ac0a823c17e5f018e36231100ac28e6b096164b3c2d1f64ba2627418db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb93f8a1ecff0ecac9e26eda09e1b55e

SHA1
717c39c25125492116814b6ed3a249c0d9e22669

SHA256
700047f86ce8bd223ee82b1584e7bd5c32c11429986d88916e2ccf67abcc4d8b

SHA512
ded2299101cdb0b137bb084e606fcdbef1c652cca2f8abb6bcbf2aff4f8bf9b3a2afa8f726d008a246abe80bd2c47be18a497762971739da3c424a42c1dc00ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e128f3f90e840cfa001305eaf90233c4

SHA1
2163bb5ce4bf595a0be47c3c3dd25e49d6e7d996

SHA256
6b8178b7198a82da2b9b5d72b82c2586da0f407e453d646ba3167b1b2f53c22e

SHA512
d9f8aa9efd575785fa16a5c97a27378ee628e341cefe297f5057b8c4d5dfbb4cb9199701281bbf247af2fc2a2a27dc420b1147ac4613e824f786558db1f673ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
820b93424c85710b714fde7e6f6d7995

SHA1
f2291767a2ed535f77069aec41762e9c6c8a243f

SHA256
d69ac8ab71040c8d10626c6b5c148391b64551b5e398d1c7a9852cf275a36cbc

SHA512
dc15adb911319e93bf7c3c6c25479ef18be584c665628217be2af8d246c939e48f19558b1123e44724d4bffb410c9d69a1ed1a4e3958c64bc12b1fbb8af4d352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
99b6a17465367157f7b6f4e76ee074a3

SHA1
eb7b39c4b98a1d4f205e1da6c6ae4c0c80ec06ed

SHA256
a3b861e613bd37d4411eb3830614ab49ccb57021dbb6d99939fe23f9fc22e18e

SHA512
fbfd15969e153921ee0bf10d8c57dd0f30cc53f76a0a6344384da92820d721eaca3c748c4a01c284f03e1653da35663044157bcf9d5eb4d13dd75228d3280fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
11177ca859a3f709a3ab6e8ac1f2ff61

SHA1
56f6cfa526ed4f144a4fd4232738865d9f1f042a

SHA256
7cc23039bfda39205063729cbc6f9470bb91701d9bfeeded7a2b96ecea390234

SHA512
7c649aed4dfebbd06532fa22a39c5b4e18371177dbb6133a9ca2128de99aafbb050aaf1111371d80bc2d81ed7b83d38a8ef2066181e1fc9a1f014774c6d662b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
6382d7ef9a080a7bdb8297928b843743

SHA1
f918514e633b73df161ffbd35a20be8057ee7a03

SHA256
d05816f5b270c0c58ade5d6047a7cad48ddac229f89fde6ff347461ce84ef93f

SHA512
50b95b7ab32ce8e3fc17e33ce41ada8439bf2e0a46751a2ff69da00fae4c7c830d9675d6a7dda4ed99365fe0f3e2b3e068bb6d171bdc2f364863ea2630ef29e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1424_2078766065\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1424_2078766065\e2cfe65b-9a6f-4534-a942-3cffe003eba7.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Downloads\F0rn1t3 Inj3ct3r.exe

Filesize
78KB

MD5
9f3b35a688d05d25888687ad03de633e

SHA1
25b005b76aa47b395b9970db03c8e45e6eb5ca3f

SHA256
def14ebe202efb2d2c0562c74b6a787f44d44286fadc59360564346da12a2df0

SHA512
91b1188568da23e43f3d48c51dad0a0db8c93aad2470eb34ffb512752431545e4677e2083cff6f421f321741fc5a2fdd2b7b8c5d9f1b83ddd2f8fd06931a1d34

Download Submit