discordrat | f5bbc5fd1993c00aad0e04cf674216b3eb317aee7a1208aa99e3b311f60624c7

Analysis

max time kernel
348s
max time network
420s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
08-01-2025 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Notepad.txt
Size

339B
MD5

0f278ef649c5620e8c7def1f71069864
SHA1

a8743791baed7c850bda2df340730c806fdcf66b
SHA256

f5bbc5fd1993c00aad0e04cf674216b3eb317aee7a1208aa99e3b311f60624c7
SHA512

fc8077702c179f4b909a67e7f0b59d91a621c70d66ca81a587d64a100d8508e1fdd7835b3a25a157b823e0710f81928981b27c96f6b5e27e89b1ddb8e5aedd3a

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyNjY3ODcxNDk3NjU3MTU1NA.GZJyNO.rnaMtyJW5oYAn1hH52KFI-MXmTfJwgK3xvu2bw
server_id
1244454499527954453

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 1 IoCs

pid	Process
1340	Client-built.exe

Loads dropped DLL 13 IoCs

pid	Process
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
1204	Process not Found
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2760	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2864	chrome.exe
2864	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2760	NOTEPAD.EXE
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2908	2864	chrome.exe	31
PID 2864 wrote to memory of 2908	2864	chrome.exe	31
PID 2864 wrote to memory of 2908	2864	chrome.exe	31
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 2224	2864	chrome.exe	33
PID 2864 wrote to memory of 1852	2864	chrome.exe	34
PID 2864 wrote to memory of 1852	2864	chrome.exe	34
PID 2864 wrote to memory of 1852	2864	chrome.exe	34
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35
PID 2864 wrote to memory of 2660	2864	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Notepad.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb459758,0x7fefb459768,0x7fefb459778
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1120 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3200 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3464 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:1
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2772 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1480 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3692 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1044 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1188,i,5806698317144077504,10467495449875885845,131072 /prefetch:8
  2⤵
  PID:1376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2680

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x588
1⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb459758,0x7fefb459768,0x7fefb459778
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:2
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3300 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3488 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:1
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2824 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=1412,i,11211103587552318257,13077653122915297299,131072 /prefetch:8
  2⤵
  PID:3036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1328

C:\Users\Admin\Downloads\release (1)\builder.exe
"C:\Users\Admin\Downloads\release (1)\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1776

C:\Users\Admin\Downloads\release (1)\Client-built.exe
"C:\Users\Admin\Downloads\release (1)\Client-built.exe"
1⤵
- Executes dropped EXE
PID:1340
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1340 -s 596
  2⤵
  - Loads dropped DLL
  PID:2592

C:\Users\Admin\Downloads\release (1)\Client-built.exe
"C:\Users\Admin\Downloads\release (1)\Client-built.exe"
1⤵
PID:2384

C:\Program Files\windows defender\MSASCui.exe
"C:\Program Files\windows defender\MSASCui.exe" -quickscan
1⤵
PID:1288

C:\Users\Admin\Downloads\release (1)\Client-built.exe
"C:\Users\Admin\Downloads\release (1)\Client-built.exe"
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\345faa3d-f240-4029-8830-e7ad3775d1e3.tmp

Filesize
351KB

MD5
3b31be5a9263d1cd23bf9ddd9653f41c

SHA1
2b4aefda8204895be827e190bedebab551b0103e

SHA256
a0ee7675accb99558982e32e448272776b9dee28ce7b5a85c96a5ff9ab3d5c06

SHA512
1381eb457f0546e19c59b52b97ba18eca23e97408821e6874970788edc62ea2bc9c28cadfd38f6613096ec1e6706e651dc9c198265bb644014e6756bc538aa33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9b1c99d5245940563e9e81e95c4832ec

SHA1
1bc5970a797d7160879f1ab93559a23b736a2ce7

SHA256
5e5e2d6ab15529a13c5f6fddf4908f82199df64cd0fff65ec624e324f6f20a45

SHA512
6d270d67927d391ddb39f5f2c3bbcbe36add45dc5cbf35099b0876b1b1c91f7ff23389e564bdf583fb4245984cd0a8af8f75ef87695296a8dc1d91269763b957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8b531c14-8c43-4c9b-be6d-7dc039b95e5e.tmp

Filesize
6KB

MD5
c0ed6870a2a290be69edf063e6e35e07

SHA1
7e20f94f5931b959628ac4fc38ff4151a88acbc4

SHA256
a22b2c5a4a8c67ef8c3836188f7307ca111edfdf9749a9be8f59ef99c1403058

SHA512
67c6e9d50050a4ef1d671fec2438021eb38850f975a113e324326d6c6403b00f619a12a3d2670885abe815df05e9466d4c847bffef8331d8a721c601e79d8e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b1d465b538e5ec1ab816ec056fe267ad

SHA1
79d0799b5a9695a5f053bce6beaa9c2203900ee0

SHA256
0bbdd5fad2a83a38077bba9c2634cb19b0d0f7a17bce8aa09249abead756d3ce

SHA512
6a6d96531030a1a9c080e9876a36f2803a96cff7e12af37e2e262b1fd19473ad029f89086ea7724687820a2df429dd2fee54c5505e9c6b2d51bdd73b15bc5a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
601017d7cbf698215658306a97334ef1

SHA1
c7a5ff47d3f2c09935941e2840bb0d63644b18df

SHA256
4e2316e4156529d0175ca65ccc3a53442fb80a7072d322d20cf54c3f4bb04a13

SHA512
c71c7fc3fad91d914ab32068ad5d23813bd5413cb7048afc07ceea6752370379d90acedc8ac72db342eb3ad686bd8c7b16cdb9c66559feac77fbcd77369c8963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
f3668379446e177441237ed50df780f4

SHA1
485d55fca4bf546ad17070b0595eb72d4959b8a7

SHA256
89597ffc42aef24be14b9c3cd46e20bfc65ea8bc2d4e72b25c4d23b282e1413e

SHA512
9057fade29218390094b3a5fd679e05d27a840aa2d54290e03a6fb5c35a42eb467680d6ad46ff7d0ec5d8d99e10176a12a28b76df7631b6002f957f55053f427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c4ff1045170abaa244c731acfe7aea2e

SHA1
c622364d57fb2da15cbe9cc844696696e7744989

SHA256
9eaf1a02395a1e04be589e1c7d2f7f7cc974cc12d804f16f12a059989fd7c159

SHA512
6df9bf70be99353d05edf2c6ec88b68379a4aa5bc8d68652964df0929ce11a47ea1a6358e19344487ff09f38df6a630687ae93c5e5a6fb4806f23e955a4bf527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4819357a9999f5ff299a6a322c372149

SHA1
b5685a3e3448f7f0b67b1b11e2774abd7421c51a

SHA256
4558ad04fdca76689f5677b35b33296ef03943b6bd6ca51b2a85dfa5e3137af2

SHA512
d703973f478a18d853e8d39c720abf127047bc4dd575fc49028e8ece0aa5d5ee2030cba359f62e549c96388cd2fafb78004416971cfe0dc326aeda027385f001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3b343137e1ba8d9a0ac339458181e229

SHA1
73ff488fb9b887fe983756663fa6407abbf67e75

SHA256
ffa2c2ee42e30102e999afbddb0ce27725c0ed7725cb0abe3082d7fa2ca79562

SHA512
870e2afc3872c4ea3f47935e49a527a84071f724b29355e3f2680a7b932d9045b2454e778f39db9bf88b29c0a728d65286bab1974e22eb103195b9d59b786a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
17f0399f72289a3e1ac83b38f21b1a56

SHA1
792072a0b143e9dff2eeb51dafffc3857ac4f634

SHA256
eb7c5a70f635394aae102977459238293b561addec7e2dc68bbe32019441c53e

SHA512
1e51a020fc1b5b7469469bc2c3acbb31d7ed82c5072f6215cbe3421430f363deb211960c81173eb4b3c1279e237bc0a92e7a167388eb01c3ce099e83474f1710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
85bd924c19826859921ced7caf4b368b

SHA1
2ed3d40c1bc2a86bd462cb06c7db7a65d9a6fdc1

SHA256
90386d27b80b3181a1cb8c267d9a78ed974f06937e2fd89f06335229d76b0aa5

SHA512
54a2f3f8037a2f2a26913516ed4a346468448e8f2a945178ef8099f48d6cc3a7a1e01ab1b3415966d8f2b7af96d25c8c05e50fd04b393b5a7f5393ec61c8c180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
18f2c995d6871cbca566a677064ecb16

SHA1
ea2740286e9c7f99b8a2b30c8bc83c0bf3ede8c7

SHA256
0152b99490d5cefef190148f1a61430e0019c5b8cc34978b40531fa2e335e853

SHA512
5d7ba8b4de049b8787e85693508e61a5fa65ecfc81981b728d7be9398946259ad55e5a898e0b1474f209adea56b1bb21be31cc7564f6c972fa1551cfc83be297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
1f3a9eaafd37080bf4624f4734a990d0

SHA1
bdd0659875f9988865b62cf7ee32dac6508ec1f8

SHA256
06d95ce77a8054b60b5f37e71597758720ed5ac7106f8e221418ec0014eb7b5a

SHA512
f844105b8cbe7238082a5996b7bae28d1774aae0941e45208c05d519210b9d0267f56b205a1cace5c15b2c9385499eebc9b09305be7e23300f59dbff8d453793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
ebffcd2a3f2c9569a8d36f2096be5370

SHA1
f6409ac1c9adc7e485ddfac7690f671873dd71bf

SHA256
f6cae6362a0e767f2cfa83536c1a08f17e40db987bd4b3f70f7ed292b398a0b5

SHA512
d26ee2221f9362a26c2d8453122461c3bbd665aa13e3825693ff8b23e6d42380bdb557acc4cd7f77fa5f104ebfb6bed674566a752c073b7a391302414f414f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
764985f8eed969f1d9e8408c31c29961

SHA1
e19a6d612e9c458e2fb610049cc6b24ebd831cf2

SHA256
bcf5a4a55df4e6df830c7bbeca4efb9bd8eabf567cf5d1801ecfa7bad325f5dd

SHA512
bdb53048663a44b6b50855af1a62a711b600401e819976a4909b2fd383e958baffb9490f63de3787e8b0aa0b3f16456d8ad8af9bd6fdb6f3fa9fe9df56be2231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
83671d41d5683be67de80e65a8817744

SHA1
55b2c816167d4c258cdefc77f0c68cd8452f68c5

SHA256
2e550acf86a88548a86efe0251b573df90864b53d3367360e1862cf68b61a308

SHA512
25e1d39f2f0956577d50bafbc0e641df48784462925ab39e0cc6fba4bdc505b050a965b63e8758ce466ba9b11f2a057e5736d86f8f98d9f6f59fd3561674be75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9502a69f9a4f333d25f92a38fb5b8750

SHA1
02e5db8754a5340596b5a804772e676367ef66f9

SHA256
fafeccb3eb47fef261bebd425c1670b83de52c880b26d6cc87e639c1b5c14dff

SHA512
17f716031aed3700bd84aff94a7f2989a6ba98cbca012b979c99eaa0ba9429836d513dc6b20b6cefec5953356dffbb65344f5ac2617273d9473c74fc4b896702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
847B

MD5
10bfb6373801e956ed415baa2bca4f55

SHA1
a6b4871259dfd9892d6562da2968b066997f14b7

SHA256
12642cd523376d1ca03d25d1c5615e579f11f9c6446e379cc515bfc80b08bbcd

SHA512
71597f46ff4331ef0eef91043ae754e80eabe151e716a504e38d8d9715cb52fae39c35f77e40929ac28f001fd38b1dac88dc5c25ff9ad772ec066ba8853717bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
24dadf8b771c45fd927eb274e8d7941c

SHA1
745b82487c5d787adcc10dafc020594b82d2839c

SHA256
ba2f420b06f59204485b9b2e1f35bbd915dd2205b688cbdefe7c15d62f1e8733

SHA512
6940fe675f4027dba2ce40a10c5a81bc6e0ec1d788ae75c30057fcde75bf91b073c2b21ca201b4e1ef3ec22eeb06721fa7894e82094b83fecf600ba221f0ad02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
845B

MD5
a63375e8d4b0c87ee642e8067684d808

SHA1
6ee92cc67af891f9a3dc0517dad83e429363712f

SHA256
0735e801d497672f60af1d3b571aa9b026b72b3d81467644e45a503d4b2f37e5

SHA512
d0f8aa5ad2ec487ec2ab19426c94b7e9e66756946a7cd8b5378e0ba512f0271e41513e96f49c70b629cf476edd3d52f4cbad0bf0833b99653a5a85eed2e5000e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
6bb397f7edc59a4f76bb5e7c5bb0651c

SHA1
0562542873da87562da373d901bdb4038400a978

SHA256
77713988e4c5422db7a002bf6307d98a7dda44ad74800110722e87dccb9b0337

SHA512
02b86dc6cdee82c5a1fc90727c5dcb90ac53ace3e8e6705f51cdcfe73499bf07b7ce83f9682a5cacaf050d895eae30ddd91dc05c3b958c63cc71cd907aef0f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf7c0493.TMP

Filesize
845B

MD5
bd59d07af95b7b567297c1380ff90400

SHA1
628e25e4975c1381fadb516ef214305b32a9b39e

SHA256
d34933798d8b7372462cf9ddb37746839b6541b52dea22cd31599650f8dfe3e6

SHA512
87b0880aafb7660476864cab13daabea115641512df8b2cc92e0c18475ffe864b92c1e377081ce18d25d08ea6f9c6f286fd80c5f1dce466df9f070c92e2842a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
259c734695bc595b3db16bfd2643657e

SHA1
ea1842655a4534a329db3804418f915083bb47a3

SHA256
f88aa78f6f9dcd2d344ae674f3d75a7d6f8f9959bd87e285b5a6799cb8601cfd

SHA512
d7f358e49517e9e6a8277080b40854452285952b6b748a481e9bcb8df417e82631adf031239b033dfec92bf86fa96c6c8093d6f214d9ed5403c271775a1a86cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
013afb15173bc143f452d3032c0244ef

SHA1
9bdff2c5b27099c4b8225dd5609db19b19aa8b62

SHA256
f8bfd2a945654f0ffbf5be1637e99d9fe73899f87b263b34cb43e11d9cf2eaa8

SHA512
d3a53496181d3dbd9aad9607c169cb50559d3a7bbff986f13b8356a1192440497db923ead9156440f807ee83daaf2bb06314bf55e9bbfb7985960e033f3b0ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9974bfaa91a225c7a2c5b020eddc8346

SHA1
fc6f998efb9d142d41c9e278956e6dd06c6adfd7

SHA256
e961846a5f79f14e316112f277b0e748f458be0adccb62327977b18375bbea61

SHA512
b6b2ce7163f8f9d5f2084ceb558451fa9753b60898375e96082e7a7f1a7665dbdabb801662cc57433378c59f5a2e17d8a7b0f4093789a32197d727490f6e56f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6a2427ce619487bd1b26fd6efc39a24

SHA1
fe269545c6fc2044f24b9ae252e5fc8d12c2816d

SHA256
40bd90858d0fa4f4d8dd4ea8b98291d469923e1f6ae1e21a44d753911657bcd3

SHA512
b49dc71ce5a0bc47e7f1864337809a6455154416e91d971aab012a278c3665579254cbd8fa4f46b06ef5a90b36e1fca0214cde44571ff714e2de624478b66dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
899526bb93fa396cdd290574a3e5a9f6

SHA1
d2cd18abc8cc4caba483ad99db156a621bf69146

SHA256
d8fafc83047670d62a88e94c58a6f43e56a4973d2f3573da970f87c3b3bfcd9b

SHA512
624db930e9b52407078989986cf37115667a2532b74d0d6e7279ac2da66dc5e67cd0cc7846ea34e4a7d5c371c4f006b1d12fa05d7f992cbc4b692c5710dc6b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f8a873026d0aabe4657ae079dd8dc3cf

SHA1
5aee6d6dc3e035dc4c5aebff76a065ef3f688f6b

SHA256
6f2d466fe3c5e7a3067d005955e6655510f4d0d4acbdd9f09e53899c40666cf3

SHA512
71f2bb87ffcd0d14223429d8d8c2b7322332b78bdce8b688d7993b69eae9ad1b562c33e3b8bec0353a0884897f83359aa79f13f1697cdb1fcd0d20eb1309edbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
43a78b6bdb1d3584bad65101c7d73edc

SHA1
440c763815d1ddd0967eba27e85c714d093e7fe3

SHA256
c2de7aad0ecdf602ef4590103e6d20c248c5b707429aff87525e6623e498026f

SHA512
9a1c1700717fe07a622fbf0e471b74c287addf76d09563adfe38281a39442f6c1b7f0685f9134e9f063cb1454d8e9cab799f7e7b11701ecbf41ac3871b526a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1648ca149ee14566aeec6d8f1c3994be

SHA1
c3be6c667dda973e33ffbc43317679cbbbe217b6

SHA256
df94c5a9fec665681ccf85a406ea404e5d3cd603772919844f35dfd07a6c863c

SHA512
8131470e91ad42b7feb86669cbc10c029827a09bb99d98fe640435f65d950fb571ed427018b3e1e05a2066209e627d045eded36b7e9e223cac2db8ce275d3657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b7e53f389958e0cc13c44d49e743e44c

SHA1
8e49e548dc2c33ed0780854f90a87beb070ee33f

SHA256
307e028db6f76587fd87023870990670230797e62b5ccd1f15ff2d52a089b797

SHA512
83276ac87d25e85c327e5e7349a19c43d8589688dd695f4b839d391b5f51602699e9ee9109acce72da9c056deed0cf54af3e80fc7b05f3157e96c96ff6e3911c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
569946cb34ed06ce763cd9b1e1fa8330

SHA1
fb402a34c2074414ba6884acddf7489da7d23d79

SHA256
57df68b790e48f28ba8698d37b42a6f4bb01cacc2faf14c28135313d97f547f0

SHA512
7c73e77c97a292458ab282232c4b363fb22eaeb796b62f07e57c9b02e7ce0de34c5aa7eef2cbeaebb4d6dfd73df4efa7ecd8417e6c54af44d46437f9be5ca205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13380849313694000

Filesize
8KB

MD5
16f02eff68fdbf3aa61a7a8e66c384a8

SHA1
13b573f5f2a22ce196f9a46844cf2247b9b1453d

SHA256
69fa462e84d44cf8e3afc301c154125391eb3d0b8bfbad050e02de13733dd814

SHA512
3123c4686b5ae11abf88ebd40c8351ff05bdcbd6a1771a4fbfe5b6b5037959c39966b8a0784bc1127d16c2c913faae7032732000f436f73c2761d8ed50178b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
132B

MD5
a83f0a01088c1d31014d2f73d2175659

SHA1
1fe7bd3abfbe61c68044d43a4b24d3aa9ec92ba9

SHA256
02fd018488224051b8dc1fcc0da895d47d921cba794f5266a98e183d27a20a20

SHA512
36d03ae71c71a87670cf6e5d0fde86bfa25b271448688a98e88ad809b51f7f2ea6aec180f90ea390e9a308c2da4f4070cd1d1ef96b6e26e75cb9ce55a18b3434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
75b597dd4125ae144532daeca30b27d7

SHA1
822db9fb172f0f6be7478406a8daa9b47c29d1bf

SHA256
dae245484a0bec1b5c9958c67d19bcc612d045459f158d67af28b9e95af40762

SHA512
17c8616b1d0a3decffe2388cdb983aabe2847e70c5a7322edeeb1c3e6ad510b5ee27fb4bb155a436c57949bf79dabb64e59f6d99e2afc5b1a1f1c0899e08eb2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
5e487c6dc42d6eb1152a2196128f879c

SHA1
cb97329678960dfd399730143bb2d33fb421d9cc

SHA256
44cd44f94adb56966e7fab6b67971f13dd2c2666b2cd12ae493fd54d2b2b1e9e

SHA512
77c77c2d1553ad1a02ccc55dbb2321cff698ee84ecb8bcb9a6e88dac7da209dda4c17082f763e9487a8c26414162f62f8e77e336f99424627250b7d268732553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
2bda3c376383e6b9356d8109c9822286

SHA1
aaa2ada216aa1a6a7e372cfe46d2fdc37a70b6ae

SHA256
98ab4771a406af0179619289ae0e159a75f60cd38da34cd87cae5fdf9a44121f

SHA512
3ca32382341b34f1462b31bc833549e565219f4952bccaf6ffa2ceb2c2df02c888e9bba9fd6d7e1fddf899904db3d869fb7355771d825c1d0e2699c99f1dc019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
402B

MD5
87d9d8e24fa16e860dd559a735d400b3

SHA1
624a4fab7f3e2d6990cfd1a32d048dd40613a218

SHA256
90c34c438a97c392636611c9c3f0e7072a805577f4566b9b899c08550c2eb70e

SHA512
ed89508c83caca604ab2184c53ea02fccdb37051ac008f14dad80dfaf446d35bd2152dfb528acc12aaf85193df4fd789c7fcb685a8db8a3932f80ac29a37e205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
4KB

MD5
d4cf601d966210acd8eb4f54c74a8fca

SHA1
f750db4d6f18b33a6ebef045e9aa0383ed2274af

SHA256
9918461a4bb5fb6377c6aaf4a3a311e26be191a3933863bc447eb636d63f7d15

SHA512
f80510a1f817c0f8d7aac9be597bbc67dbd43bad3e5c7ff44289d0ce5aff88b3f86a6ab5dfeb32e980504572c9ad027b4f297252ab5c982d64c183139f636c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
b6d86eb6c3e128abdcb203425b890842

SHA1
ca581cb3cb690ae22cda4815aa01da44bb11b9e7

SHA256
b115190eb2cdad85f66cc2d0eef07ec0b26654284e83b9e5c2ab863f4c511246

SHA512
905f616e705034ee45dda911f99a1c142fb5b2719b38485bc24d9b48530b554a94805194319352f47298ce8124ecf9f7f18a8b37b94dd7d3dbf4de53fa413c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
3e21352962a7bfc2a397c124e318a36a

SHA1
51581f037b445ba225f11111af4338aa33b82225

SHA256
edcbc47f18fb58317284331119be7550fbf0d6dd6be77b788c014af8f8bbb152

SHA512
e34d5d6dedc411cbe73b952d0da2a202e9a2ff389b6c4da1c138cc82f2a9a40d74c06d8d56cb1a81a3a31e600bc2be2a6c94286c8627a155125f96be5b40636c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
303B

MD5
10a9766fb0fb5ec3fd9bcd5065a0242a

SHA1
6e6aa9498c1ed3b966aac2ce2c459b54aa137a8c

SHA256
f7c652d4e2a8969077d46a09fc7e7b5a935a77843cbe19d52547120411571856

SHA512
de86278468ee7e22ff3bc07e2fd423452ea8f45ca24e26bdbf4bf80e5c758613af96e0774eeeebc3adc21d3fc81dd7c7fcc2708599bfa6ea15447fd60b5e8dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
90B

MD5
d89dd2ce015d1bcb03d2f013a5865e8e

SHA1
8c7ecd513c0a63946a2cd9c162fe7a048a58803f

SHA256
0e7728f49aadc9c4cd56d7fdffb0a89f62080ad30eca7d22aa4b1a830c43adaf

SHA512
bdb368454ae1bf155475a425caada0f81bb482c349c6454aa000833054ce4b1242279c43920c7a3e1726cb26056a56673a562ad8c92cfeab6d4448ebd1b12c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
f908ed2f7981ccde7bfeb75f415b178c

SHA1
b7ad32e69bef312bb8ea96fe5ddc2def20c00b74

SHA256
10ae06bccbc75b29bfb6fa08a65ab9e1b3fede25e083fa7be05454fa98d5c0aa

SHA512
cdb233b0ce4b8f01db9b566bf1208d428d63d8ea94724752d511e5c4f7fad81c39d3e0a0a38e6c6df57a6b48e2f271e2b3f64c1bf5ea0ed32afb2a0630cd340e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
ce5f60711b4a97f44d6cc32961fee382

SHA1
f8a4047bc4d7ed99ef3156b9afe63fbbc9f71ed9

SHA256
f53d343b2371c9c2ae2cffcdd84a22b47ef12d1b4568a4c59a5fecff6769bdc1

SHA512
44ba1635a0e9f198190e687cf249e2e624f3700f7c120ee12442d19978ad0d865202cc34e905ffb6963e6395b9f19e85ab0c777abf1b99064d8b4285bb0bd5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
351KB

MD5
9276afe30ae1a2bc9fa4d3f73751e0f2

SHA1
ec7e8b9cef7aea9a6f34ffbf44dcac52fed05c2e

SHA256
cb4faec3d4de48c6afd32411d14bdc593417b40dbdcca577d3b7bf33a88425cc

SHA512
58b3a0bd33d9bd8b0582beafc8aec93a2109ba60bcc8d8e7fa7be1f3c7b1d6f191a39d3dee7a9f2a54f0251d5e19cf1b88b2a9a91490e37edfecd9cd3db77dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
68a554e45eb7f4dc963dfc5f792d6af0

SHA1
96b1cc9a3c2ddfd3127a9570d3d4fc6c5a71fa3a

SHA256
64c8822c960c69a8691c03bbbcaaa22c7e7adee11f3a92f50176b97465dd725a

SHA512
c2f8947756b467eb6e4cf66e5993c191e6a9006b983fc0c2c619bba84831a9f7cae4df6edc40c721ce22fe717a097e7560abe5bf5b3532f6d8e92f821e79f71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE9F4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA16.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\d417d889-2f45-474b-858e-35aafa2f2c6e.tmp

Filesize
92KB

MD5
2b7dd1f9b5751161f69ec7fd87f0af9e

SHA1
387f76c1b47f1e689c52f035989ff1e09b5088f9

SHA256
8ce12d2723afa406092129b8ac88c17cd211403fcbd018d5df87c06523ae02fa

SHA512
356bd93fef2fc95a6c742ee4d1d4ca062463223d64b2c1553de52f2a70c9ab5e5f5ffd0ae119ce3ade9d150f16104c30cf1058155cb2639664f10a3eef99261d

Download Submit
memory/1340-1022-0x000000013F5A0000-0x000000013F5B8000-memory.dmp

Filesize
96KB

Download
memory/1776-1020-0x0000000005DD0000-0x0000000005EF2000-memory.dmp

Filesize
1.1MB

Download
memory/1776-990-0x00000000011D0000-0x00000000011D8000-memory.dmp

Filesize
32KB

Download
memory/2132-1038-0x000000013F7B0000-0x000000013F7C8000-memory.dmp

Filesize
96KB

Download
memory/2384-1030-0x000000013F160000-0x000000013F178000-memory.dmp

Filesize
96KB

Download