skuld | 490c4334277eb8d189001b30ee07d5bb76cbf3e0a65b7cf0bbfab6dd2d3bf56c

Analysis

max time kernel
900s
max time network
876s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2025, 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

disctool3 (1).exe
Size

9.9MB
MD5

047853ed8dd51e5c78bb9dfbd2092919
SHA1

e1d8545afac09032921684c5213f228acdeee935
SHA256

490c4334277eb8d189001b30ee07d5bb76cbf3e0a65b7cf0bbfab6dd2d3bf56c
SHA512

deef953cd2800251eb1e2a54eb172f15b9a6661de6eb4cb60519e88767e2c643ecf616092cae65c2898819793b495c880dffedf20502dcffcbed060037bce353
SSDEEP

98304:S1mlZn4ppvE5GOV+9Ux6lct0znJkEuWIglZmnz:S17ppvQihlct0DJdh8z

Score

10^/10

skuld discovery persistence stealer

Malware Config

Extracted

Family

skuld

https://discord.com/api/webhooks/1327724786805112892/s2XypNsFCL8hyIIL_X38703UYXl8BfD0weZ-NwcGfI2jq8YtBWBnMaOWiX1SPNAaqslR

Signatures

Skuld family
skuld
Skuld stealer
An info stealer written in Go lang.
stealer skuld
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3308	disctool3.exe
2440	disctool3.exe
3652	disctool3.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	disctool3 (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	disctool3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Protect\\SecurityHealthSystray.exe"	disctool3.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133811014179099426"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe
5028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5056	disctool3 (1).exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 1100	5056	disctool3 (1).exe	84
PID 5056 wrote to memory of 1100	5056	disctool3 (1).exe	84
PID 1392 wrote to memory of 5036	1392	chrome.exe	103
PID 1392 wrote to memory of 5036	1392	chrome.exe	103
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2628	1392	chrome.exe	104
PID 1392 wrote to memory of 2536	1392	chrome.exe	105
PID 1392 wrote to memory of 2536	1392	chrome.exe	105
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106
PID 1392 wrote to memory of 1240	1392	chrome.exe	106

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1100	attrib.exe
2348	attrib.exe
700	attrib.exe

C:\Users\Admin\AppData\Local\Temp\disctool3 (1).exe
"C:\Users\Admin\AppData\Local\Temp\disctool3 (1).exe"
1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\system32\attrib.exe
  attrib +h +s "C:\Users\Admin\AppData\Local\Temp\disctool3 (1).exe"
  2⤵
  - Views/modifies file attributes
  PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffeb3c6cc40,0x7ffeb3c6cc4c,0x7ffeb3c6cc58
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4628,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4228,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5664,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4724,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4700,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4068 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5484,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:1860
- C:\Users\Admin\Downloads\disctool3.exe
  "C:\Users\Admin\Downloads\disctool3.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3308
- - C:\Windows\system32\attrib.exe
    attrib +h +s C:\Users\Admin\Downloads\disctool3.exe
    3⤵
    - Views/modifies file attributes
    PID:2348
- C:\Users\Admin\Downloads\disctool3.exe
  "C:\Users\Admin\Downloads\disctool3.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2440
- - C:\Windows\system32\attrib.exe
    attrib +h +s C:\Users\Admin\Downloads\disctool3.exe
    3⤵
    - Views/modifies file attributes
    PID:700
- C:\Users\Admin\Downloads\disctool3.exe
  "C:\Users\Admin\Downloads\disctool3.exe"
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1180,i,12638541348818816208,3429166543401562369,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\30d85851-ae00-4753-a760-19a18f478b6d.tmp

Filesize
231KB

MD5
0943a6c13290ebe0bb60d3c47c9ecae0

SHA1
a5ca933546443350f5d741d07170a2655509e630

SHA256
6439c5944d8b22c563fd9f73dfcc800140bfc4ffa468835a52c2146ba9ea3445

SHA512
bcc8c132523872e3e4bf65508d0a17117f24d192cb4a23df9e5d4392b5ab4362b543032aad33d5a40a966675e79bea0b5ea769bd6e08e1c31763084c9756623f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a16e7e465202de459b186a2b79a1c1bb

SHA1
cce4859969b6124b59a0b5a2d23e1026985a0848

SHA256
2fe956202f75bf48e4296e0644616dc9f6d745b19a1437465435bb8865367673

SHA512
a820ec141b8c4f1df11405dd2c2b9cfc0e561e883fce0981521de741ed1d6d936a8cb722eebb566db25d3adc9d5150019ce1c82897e1f6217383734814641c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
df880ec5c0c44400ea6ae3f52ca96a12

SHA1
cfcfcdb71df1e75dd65fb2a708ce5f8adb8c2773

SHA256
d00c7535347edf9a66ff04064d135d5451d1f068c04f5c59d7cecf15bed9e29c

SHA512
c769dcd2a28d0d3b99a58743204cb435eb2cd08820f3c4985d5dc4715809e8e4fb205dadad980db19b14be64b0c4be68d8aa8aeb0689ffc20f9621c97fe94750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d05cb4e916cd08a5f48ab92956f829d8

SHA1
16be92af0aed6aee957ed14afb225a99760f4f8b

SHA256
d411f0a0e88e133374d9e80260f499a0b30dd95d60bf326dec98ff8d79c5316a

SHA512
f7974242e0a1bc6ebcd54f5f6697f04504538896c93530fe3c4f7052f8d7108b0b4e6011cbf0cd98866632ed952f46396248a8230ced7081213dc7f50080353f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
67f606a27a3397d1bcfabb0f5cd261ec

SHA1
fa451294f35c797a179ad160aa87dfc66675524c

SHA256
69d794b1b7645047ff6ba6912f79d6214cfa6682fe8493b86a781dfb20bbd5b9

SHA512
7ff6eedcaac3dc7a4b318d543de8f85236dcd409dc0102a579ba8fde8d4841b5aeb31538bd52f0f9b74e83feb07f8bca212151b6fbf379cd50edae3d1ea4bb63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
dc9cc2678831e291645acc9879a317f5

SHA1
1d81dda116bc1bed2ab3ff8a29b7af180c6b6be6

SHA256
ff1b9eca69748dac39fc2c7588d4c9bedd7463210d542f73e23cdb1bcf4c09d6

SHA512
4d4c0ea736a7a9b381cbb2494d44d299d69aed0d90aaebf2f8181dbbe68bcc732ceff59f0af144cfc613a8a52c156a9930654a58e9dbe3785b4bbc9a91586fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ce584ed5ff41036836852ac53cb155e

SHA1
0c9f54c6ab829e312310e0673a7f629a44f73975

SHA256
59ce96433ec106e083dbd1f258f7b54e3fd8bcd131053191612040876d279c7b

SHA512
75c634d067798bc04a363d32bd64d3ef791be0cd4133150077d39bfcdbc38fca32bf42caf5646ecdb50944b8e5852b932df19d0d3e579e48bd493dcdfa2f901d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd1a14f2ed95eaba2514c90b56d497df

SHA1
b3a440e16329266849d94292b641e6fb98231409

SHA256
7e4496f237bcdabc7e9132be1642a5b38c8a1848487490d5a9c17c220e795631

SHA512
84c3b0b8fa6cbff663fb2347cfeb6eb26cb0ed769391b00c1adf291d9b40ee616f609f5e17d7bb8a08e7d1121d1b645422b826f1589e1264d1dc7e66d70c9268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47c9dfbf5c0a8d0ca74c39d6c41fd2da

SHA1
610b6e6767d831d55796c7a35685e5aea8b4548f

SHA256
9a35a5bc3541e0959f1c0df428e72c180ec79bf6e0b1090c2061ee15b42ce0b4

SHA512
e32f42169b8cba90961df2d63f627502562853c5a732a75b1d86f4c731e39e59ca9270b771306bb92aa7fe01dede4619f852bd79135cd290412e2f8184215746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55d1eead505810f7cccaa4ee679de75e

SHA1
e1ae930e262914d88701e1d63fbf2039f848d826

SHA256
7dda732d30859c7f888eb33c868f374b8929dba7aef344fd64830a3111a3e148

SHA512
f5285b8a768d678e4b2c642ab70ad99a66decf64b5fee90c46e9ae1de6e96a75b229f1005b6faad5369e614f9bfbcd013a19a5c66c4fc1b324b82a7beaf00b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbccc683a91c3f7be9d7ec137dc0e3a1

SHA1
3e4e9ef1dbd9d384d3306dd0fe7d415cef4cd13b

SHA256
d3eb35094d3dc5dc32459336838e513cddbef04cac5a585edd21ca944b04fe9b

SHA512
2216101e3808a3e45edf60ee94ad93c381dbb9b6b5654bcc0ef912cb0344cdf7d5f4aacb34a2f5f491a104d5defd9f42dea30c4b941472fd09f84989eddd4e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc5b068ae5f580e51d3e5dc28838487e

SHA1
c49a4bfe83a13b301da684f7231f1737ccf11d5c

SHA256
0e13731062fb945cb566cbb75b3f4663666ced1bc12df385710da7e12375118c

SHA512
d227b0dce9b2fa96980a83ce09bc444f17201b3ff5e6bb4258047b61d202fa59d7c1ebfbd936bd7beb73c0de54f7a69fc487f2cd9fd814fe1396688739907f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72b318f0df2a55ab93b5ba133b8dfaac

SHA1
fff7a2380a919d1b548f5de7fbcb6193484f0864

SHA256
26c9b5381a33c1d638ce7e9d62e4bb5856b667a6548f201bf3431659118c8573

SHA512
d3b6f1021413ef96e20040ef086d4a2b6cfc291344f7458f975e2cf1f7c4d810c270d64f996de29f969e832a490f10e0fb149bb215a19582c3234bab2a96278d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
282197b8423c8abaa1f4ce016ea099ef

SHA1
fc84ce184d711d23b76280691dd489b8733e93e3

SHA256
b8f05a7eb9ecfbf076b3a5d528997c088ac5ebec401d017f617fec64179521e6

SHA512
330a17576677911402f4d153cbdb5de2c6590e5118f0eca88dbf51937d419865c45c182d71d912d853cc15222c3d107bd9c030bd2ab55f4e899f22417ba95082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
687011fb1c08e44a1fd4c2552d3386f9

SHA1
a25eac514bcf094fe9c336137e1e413044132abe

SHA256
1d630bccb1d7bd1f92695e4813b2c6335e6dcd9609ea2934a93d06ba01a83a50

SHA512
c17805c05d58b6cfc9a824f5a394abbf11834109e1ff24dde5b325189ba53cbba0d4fcc10ca1186e4d2ce8b2d9fcb12eae2502506c5a77452d9bf723ef25745a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85ac00263bd24f8a37d265656299226e

SHA1
3f326efa9362ab504d0114540c2b79877fc9e758

SHA256
6e4cfbb29b53da67759d8d615af415602e0a4a1f478af176fbb401a90fced388

SHA512
d10f18d8874cb611da06038acdb0a664eb29d9217536a5877a7ffd3c74686dff99ecb36f5c57d5428d40295aad55a93a3e8ca10e2f6c662569c634bc7efaecea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d24cf06fae676c53843cc6a7fc9bebf3

SHA1
349d91da9ef326d585e715101f2d038d0fe8a2b1

SHA256
b58c72ad9f37e25dd5fca7a211173171d5ca6db3cf50b62a7a6cd2355b1b107b

SHA512
b7d21e72fc703fdee52f3ebcfa40371b0d6c862341b69d39d91c9030a0bb33ca2bbc994f54aa97043f6582840ed2465454fb82b07a6e1b8fe17bb62ce96b0f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b882053bccfe031265738763874d4028

SHA1
316e6f3d6f1e0664c73f7e77dd5cba8142aeff48

SHA256
81fcc31e9165e47068a2a5342dff55b2cc324002f4964c16312bff79fb767607

SHA512
d5db212b43451000cb05c147b09949794be127ec99007caa5b10b6f43465ad4b3403f5eecca207ef72dd80571d24889e774f856f6995e616fc26bb3b4f0cea8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd36f2307b0cbd953ae3fc70d00aa3af

SHA1
44e5282e8a9c058a8b99c6f8201d79b4998c1546

SHA256
a2372ead2fc9d4a37c6377845ac143af62b7257863906aa48e22c61e491d446d

SHA512
44c320c9f4ae8143cbb1f51509e46f0f5558b2620304a9fdd5da5b404a709d14bbd9b22e97d0322fcf7a5717ad2f0f4f0a839dcf4c58a6dff8afc74eb7d1e944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94a88e082ded1402bd43b79462da222f

SHA1
dbe0b8c084b004691a314e39731446e1052ce498

SHA256
0946a2259ea4a1406c970b14d6e6e1c7a463194dfac9a70ac8c49384b464bff1

SHA512
6bed06472474b13b9dc8623351f987505c7893909722d057911a31142b9453601bc1fc47ff3fa9a74218954fc0fc4446d3f3e94f613a9111d77db74f2ab44fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8be7cf36cd9e5cf11160740cc44b95c

SHA1
9d61d259db9e61c740c1e67809c337703ee4663d

SHA256
e23add71f7806452381d3c2a62b4fbc3da1bdd0b8d81c5b4f915487f52f02451

SHA512
6cb55e46dda55c4e60c12032de6ab413a9fa107f01969416e1cb35396f48576f277cd6c9a3227302355f942aa707f9e42659b82a791050259b65d10e47d9953d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8397e18c04652268c1e25022d2ec5b45

SHA1
856c96826e88ff47d9b364effc9438ea98981f63

SHA256
dfe8a6e668fe8635402637c802cb5d2b953802a70d24f2fa6e5eb3e8fc9b867e

SHA512
31f6f38241dceb1894d7bc0612802872a7287f595e8b7d9da1a184a1648bb48468554cbb7704f4964ddf439448e13996fffbed4c8f98ba4dc8560d6137e19ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30c38c475466b0b1cd220000d48c3737

SHA1
96bff701e647e36b3e5a3cb79b6ed24dd37c7bdc

SHA256
6cdeec724067ca38063f975c1ac4c8da44823cbef1a786a9982877808d5c2b64

SHA512
06682983877b311ab019aea15ab053c66945cb4730be44c5fe34fcf4e0c0010b7c1e8934bda1dcac548e6c0a27ddc8edddb00c5e6f82335b2312d9e60e89f263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86d606a0b7efd355a1b1f555ad8f50ea

SHA1
fb6e7fb73732c295ffd62b6335488e0c2db1d634

SHA256
525316738caa3b83428932198fb7305257c6d77e38cec31fb0088192ea55ceb5

SHA512
098c23617ee70b64168e61e53abef22295b24c98e367d3c8c26bb56c5a32408e3d25bee4ccfb3ca4f471ddb8e067ae86f3c47eecea7cfa17162bf42a3baf77e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a516cfc4f59ba59a9a2882e9bda5ae0

SHA1
bef06dbe3708b9a95377e48aa1051aed1e9d4afe

SHA256
505aa48029cd56dcd4e743cf33e1a8bf3a6f8f3ad6a934af5a019623e201d52b

SHA512
ecbf81e28eb8515edce72aa5779629177c6af2fa71605463aefc5a477c435a85235e722600947d839c4c139a6fc279b8613ceaa9ccebfd913f01ce33fc461aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d4fc2dc6944a7629c5bf1b0b599e61c

SHA1
75de67eb86b5423465219fa9a44064a24d8d38fb

SHA256
c205fab6a223743c2fc15493232e95723aebafe3a94db8a713ea8b373ea78ce1

SHA512
ad3399b96d98276eb5085809d57ceddcd9e2fa1d564e9bf8d5a27033eb347528fb96191f9181cbeb27cd945a294e43cb7e37114f2f6653f2e427df3507e69776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae8de602ca8fb8789a0e82757a8844ed

SHA1
b58f187713cce49d337b15edca088dfde5b738b3

SHA256
31f146c74636b28dccbf1fdf6f8825a28c316c803799b26f0aa478a0b117b0c4

SHA512
0a853f6cd87accd3e197f0fcaa4fa897578e247da96f2524e710cce0fbe1045773e1a6a26d43dd3f9b98d57c16ad28225a2d73f2cfcf97b0b3c0773ebb7f978f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c5eee76e5970c3324bc3f07fb4b1817

SHA1
5fb38a007c5f6c4a25ab077422cdc28a8c522e4e

SHA256
9c20ff6c8d414fde54692d269880150b3207339e10c43fef4633e781613c7f0f

SHA512
2cf4afb9d35c92178f908b3e68a5c0dfa9e565777b6ce9f6de0e26cd3299f04fdd32949527012d70ced372a8418ebe7cbdc31f97f9e6157897e18a384d4603e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4994119b57eede8030c173a92261777

SHA1
bc3cadb5bc8dc6a011d8fac54ee2c24a1e1bbac0

SHA256
334b29bb89f3d835bacbe7c7609629fb90c8e02ed554af00b84b2d3a9b887403

SHA512
dd365c700e170d316303dac382fcb8acd56bd4d73ae2ea0adf08cf90af32caea5960165af42ee9e80802efb78f8176c7fe48e36e3c9dad80d506c781557f9fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81215e4a53a1e24503d838d58feb6c86

SHA1
d60defedc86d1f3e5e130cc5ef6e79b9bc7c623d

SHA256
5e9552d5c29504be3b334c461acd501885969045e34d01a0d1c8e1d6e2dda8c1

SHA512
a60c408d8917fead9eb2f43bd6aea023db405dba8957d40e95f1ce78a2de06689d5596750756650c4a889bc6debd001f7fb3bec1203a9c4f5d90a0b6ae211b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8b04db35f0762816b55ae95a37ad15a

SHA1
faf768bc493da89bbe26b45e700e229469959f1f

SHA256
9fcb647a7fdf0b4065fddc584d713bf10f5bb1c90691614de56e7c893a8316a3

SHA512
475abfd75bba47d02837388b7e0f01fd27cbb197040a7ea86d6ebb741a6e42eceb3394de2fc812440a97959fd699e17ac5d2e801a4aa68991c2285bb84361acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7e21b3ce55ecd33e44549fd931393a0

SHA1
86fc7fe5aa871434dd6ba8dcb3c1dc029d294ee3

SHA256
65c6e34493f29b8a4b6a5c03cd2747dfe1c9ca7a1dfbd841cf2c022e8e645379

SHA512
baf32bf7bfa7cc43167b7cb3864d930956a7ed8a810b90dac298108b7df950320aac0cf3831856a5a06698911a37c8d40144e047bf4b997e1325e1e26dc51c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
26990f9e559591a3e813cd285ae51d38

SHA1
d7ebcbca4f9781ed7259220cd8fdc5891810a1e7

SHA256
37db882b4d56e3a099abfa8cdb4e3749ed03ea23910d5f61036ad3b5085ab220

SHA512
5b1013b2a8720a05159050bf1c5e1a1076a3f3afdc0b5925b71cab636021d45c25a3b27ed43aa2dc0c8f99294fe7513e33658d5de39525cdde257d0ab4ee8c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bec8fee5854f4b25ec4252f0b6fd1a04

SHA1
3211dddc305a0d11c8fb70ae062973f391f65166

SHA256
87cc542d48dfb5ab865a64e95b8edf49c09856b2d56bebd0f32aaf5c35c20f08

SHA512
5679759001a8c0f7cd4da1cdb1f9bf0745310932e7389ad358059d4c3a4a8267c587512c93e648390e07e32fda9c91e3987ab164af22e54ef7e9980076dbdce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1c447beb0a9dc3659f0303ce3ecbb58

SHA1
ddfeadc63f95316f84332443d916b867ac110a77

SHA256
ee6b0bc5924cc64d10906f8736c24522a806e894892f826a8f4320bcdc5dd929

SHA512
9cff548f7ab074591edd59e7ae5c956cf6850c33e694e7f64be5c40de1dd80573959d96edcfade27a8fcca24c62a3005e2b13ef980306fce1d4db9817b19f0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea90c525226b7b5fcadd522376362314

SHA1
8961efe282e42c19432f80c220cfa1f6f72e3aa5

SHA256
d059ff5898ad02120db2159f96d52b6aea68b0fc3207076fbbe1bb4ef8314126

SHA512
e07d86302d14ca5d9fff42fa94b739eaf27d6b73b815222dd4ffa756b82698de8fb935367355f9ea5232413e3ca94653cae523764fa62be97de3b7ee915cdeda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a0de389377fdb2b17ce2326656b509f

SHA1
227385f64110316748a6ca2b2eb3a0a5e1249a1b

SHA256
58011e59f3789a37ce11285e11ccc1e634b7bff6144144caf6fd2164758a51eb

SHA512
5283be3735b545edfe1216836ed0c22f67722106c0f912c84712e27f8033f9b84a34fa6693bcd445f637495177ec8772e8396516241d60eb3a9278c16b4a3414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
438252ff699219ab49e2b5aaf40fdb3a

SHA1
5ad43555355f202dd69bab3ca992756d2d99b020

SHA256
6f6248bb83945105c9c68fe0154e1f59f44d73e89a039cca4e8d5caddd377302

SHA512
92dfe676db506abfec701ef4e3a940393b8d96dbc97162a4cc67b3b205193815a5a92649cd1a6ff5710ff6d0659064ea8679980ed8ee8e86194d52a89d1a02e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d562cecfe10b80205e7fbc20b2b18d9

SHA1
8519ab8ea2f7b362f1c5eb529be6b82f02fbcf31

SHA256
220b04ebee4391fd0b60c2b1a484a8ec9f867c499171551c51c1c8372f1d974e

SHA512
c43673f4100c71fa1f9eba3ffca8206d3750d3d64f6a5584a4230e477aca152cf9ff20af52849533ae12f5452ec19a25b5e820be6f0a2b547888cf3da0897bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0317cc7935640d49e6930064aaf8c0dc

SHA1
abf8f62861254ec807796557f731df6fc6ce911c

SHA256
556440ca522ddefcaf8759ef24b87c896b5a6115953466a99a13a0ab9cc2979c

SHA512
42f7838bf6c7fa1590b7aded438f3778460e109a9c630459be71c9f9484c046de2f5873ec30ebf0485574e9e162f6291742d116e98cd01e47d33c4d94dffeb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ffee2fed3f1c1ea452f1020e18dc18a6

SHA1
a5a732821d27a203e31e87106e8d67fc438c9105

SHA256
87f62e5d7562e83c8cad0c45a1ec1c6379e2e7d25c77dc9d2dad79ce00b4ce85

SHA512
1578cb235debf88435c264e08438ac7213da81ad16ed156c97668b9e05945a100ac6becac8c4a9410b8822fc610e03d2d2cc9788d380b978703dab5029a537d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
11cf6905cf371b8b360019e40c5b871f

SHA1
46e94df41279a2d1bfdbe331a1b686949f9a6f3e

SHA256
cbf2ed9cccf05c05e17b05cf44353540895d37d09dd93443a20cd151a5ec211d

SHA512
d06e5516161e36cbcad28daf002d3f10a89066e9f2d18871c95b177e3c454846a3bafcd365a84ebf1b0163a1a5720fc5ae4a7cb0cab816c91f5084bfaeed67bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a7b3a878-e4d4-4d1c-8b7e-634455bd2101.tmp

Filesize
10KB

MD5
4ad9e49ed81d1a49e5ca0c2000280364

SHA1
272defdaea896041f499f64a6f534c59d7d682b9

SHA256
c6698ff1343b3619a0b70518d7b8510d041d4a3efc40e047617f13db2656ff85

SHA512
8fc91554892ab6726660520bd5e2ebd5c3485110b612a365ce7659a8371c71436b652c2a94e4cbc9a8c8514014edead1a6432efb3512f34a6658b56c96ce83cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
9fc5c567dec33a84fc8c60b7ab97c09f

SHA1
3233d2e4c703aab23bc264308a80754d79129257

SHA256
6ceafe5ee799be823aa4474219a59f51cf54c63e9cf174ea113d53c17dcf0e6e

SHA512
92c2bd637678350684a70a739cde4dca10d6ed409cad42457a15cc984960558ec84cb7d6dbde111ff214e81df173e14fe087412c30234bbc05ef0408181f06a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1392_176114759\5b78623f-866c-4301-8cff-2b229ed10448.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1392_176114759\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

Filesize
8.2MB

MD5
b3f417f8ad27dc4f04ec60b0cbca59a3

SHA1
eed2c27e62bc38fc3ce7c4f3a00a75dd30c20e91

SHA256
d8a8657e9186a2c30be04b8a4b84acc1aebc2326cc6871fdc41f732ce6efd0df

SHA512
610458e59d818e9d23f96153de62939fb4b9d17c152cfcc048b8c2e44eb5bdb8c2d4e9fdf4c93211a0b2df8bf3bbeb1d30469439000b68ffdbb1a95bca46ab03

Download Submit
C:\Users\Admin\Downloads\disctool3.exe

Filesize
9.9MB

MD5
047853ed8dd51e5c78bb9dfbd2092919

SHA1
e1d8545afac09032921684c5213f228acdeee935

SHA256
490c4334277eb8d189001b30ee07d5bb76cbf3e0a65b7cf0bbfab6dd2d3bf56c

SHA512
deef953cd2800251eb1e2a54eb172f15b9a6661de6eb4cb60519e88767e2c643ecf616092cae65c2898819793b495c880dffedf20502dcffcbed060037bce353

Download Submit