discordrat | c8f8c3931dfe7aaf4317129997d334a66ce63831ffba734646b2fac665f73aec

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-01-2025 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Archie Executor/Akaza Executor.exe
Size

78KB
MD5

1122dc03fd80494144a56982d0ed162a
SHA1

891215f3b9aca2b6b4c683e04061e6cd1e54346e
SHA256

94dd471caec018c37563c6ab44d84b831e8d6681096f05920091233562badae6
SHA512

865c6263e62b730b86eabc6fba2b07a6b9fb7a27305baafadda7c07888964dc43fa79327d905295ce2a03d6789348a6b6c3579aaf12c8ff99040388f215c509c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMDk4MTIyODExMDY3NTk5OA.GtjQhg.JmWSRpTczxrX_1A9KdscxQg9DQjJe5yb8Kg4iU
server_id
1330981226093346919

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
13	discord.com
14	discord.com
30	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133819533183252630"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{BBED784B-F782-4707-8C09-C104BA2352D5}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2748	Akaza Executor.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 4948	4756	chrome.exe	85
PID 4756 wrote to memory of 4948	4756	chrome.exe	85
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 1440	4756	chrome.exe	86
PID 4756 wrote to memory of 3744	4756	chrome.exe	87
PID 4756 wrote to memory of 3744	4756	chrome.exe	87
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88
PID 4756 wrote to memory of 4788	4756	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\Archie Executor\Akaza Executor.exe
"C:\Users\Admin\AppData\Local\Temp\Archie Executor\Akaza Executor.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff43cccc40,0x7fff43cccc4c,0x7fff43cccc58
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3132,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:828
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff702cf4698,0x7ff702cf46a4,0x7ff702cf46b0
    3⤵
    - Drops file in Program Files directory
    PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5224,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5184,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5420,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4792,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3472,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6020,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4024,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5672,i,3549820483175482201,206157283715003499,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x4a0
1⤵
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
20KB

MD5
f92ec8f4044bb8a416e05e255b7e0b6f

SHA1
d33dba53f960cd40b87a6159b0daae2a4475a638

SHA256
87913cddf943d3eba9140536ce406ec3abf4f637b417c05a973cc096b9929346

SHA512
4a1735c357944712e8187580950884834842b50b0bf323305de397823cbccb74cf57e371da6a542bede6cfd60f9328e89630093a22aeed6c07dd2dcc63fb7a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e2dc2a0a3434dbee28778b64c466fdc4

SHA1
1e584ea4dfd9c242c65267aa7e3dc1ec84afe4da

SHA256
29d831553c5b1ab9b3dcf7057601a23d1346547f04284f78baaf76e0646ccc98

SHA512
954507c5042fa2437c0a6301eda79bc3869b2be9e83c2ebc1366ea615569f7e22c1d3536cbf137d81d1fff734536caf71058f58c1a3dfc5600c7f11cad0326f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0da2b9c6b8ed31049c5d203aed3585fb

SHA1
a0caba11c36b38f6654caa7c90e7701f9ecdead5

SHA256
e9e11dc5400ffc5c866d69a3b55c5caf4f14e6b07f4f77b311ed1ae0978ca217

SHA512
af3434b8d7542a74d8fb18fafcb09575cf4107eeed174e4735a636917209c9705078d30b9b0f9ee5208d9d63f2b1650b884e6a4fd4c7c9eecc6714d8da14c85b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e4a7cdc4bbead876392750de73b597c8

SHA1
5ea801dcdb1dc1133eb6e2d0ba27158c14963619

SHA256
8e8922102bf26cc603f7bbb19c1b04d47d94d8c92d21b858448dcd6dd1ed6a19

SHA512
72c64ccb4e4dd5b30934a91c75f79f22fa6c6e4525f4841ac1fed66a362370b4a44d500b794c4d0a4b4e910c263bb4d3ca32fd2d8b3fcd7349375971bf9b7df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
7ec31bda1487aa3a9df1b51f18f6e4b9

SHA1
5146864b8195f2f4207c70455b2147cccc4a6ded

SHA256
5b23dcb21993af534f23ba64f528601e3dc21ecbb018b79b55810dc0cab5e349

SHA512
f2a3eff5574998b7186d4952d6d17ac26a44fe9271ec29080415014573467e73a803546dd93a0ed40c70ca04daeeaa6ab673a2daa7f0a96d3624380fd8c4ebcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe596c8b.TMP

Filesize
675B

MD5
892697eb838d1ca40279a89b37967c38

SHA1
6bb57366f865309fabb3aa7817fe53acd06a8f48

SHA256
0c7f7cbae8d546f05d82ffe27ca35f2aaaaa096c11d37cd5fb250ba2947ffe54

SHA512
591a58ac67b7c9735099ec4ecdd80ec76df0fe04cfe492eabe39ccb4b2ef2a226d7b1c4240658cdc931c9ff6df023c88992325bfb7e7ed8a6e149293d12d6292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
18098abe67c07da8ba82a28c4f645264

SHA1
2a97539499c4cd3ad0225d9a42c711f2c26fbc7f

SHA256
dfdeb41bef53aae56766192b58232c13612ffeeb7fd0261956acca21d239f402

SHA512
8eb5efea4dc08b3bcba0cf06a6c183520d047570edb6984e0821bda40d90e61dd3ec1a5d54e906a33f4e7ec32d05ba1b8366330ea4e0da9f63ec8b7efb88e8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
7147237761197ace56d57c2c4ff506dc

SHA1
0590c9aabd9cd63cd1535900638ec03c178127d1

SHA256
83c10846e5ff4ef7b7d80d5ec1a1194d90c87ac5d111b612be0827178641a420

SHA512
efca6436f7951e6d031162e74d62013c649e0ff6379ec806ee088e8849974f3c323e2c9be203199455b1c1d6edea29a94f49111a411f4bbe1f0e1c16010d6ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
479d48abb183dc5705364f09e608f746

SHA1
d74fff4b967d82a6c7507be65dadf8338dd89098

SHA256
a3a7e8996482961cf5eafb64e53b751ab48f00a530c9925d25b29d0e35f2710a

SHA512
3134c5570f5aa8b5e1cb825b671013c019efecdd37c4f5f65793e53134cb352a9437b74508fc49b5ffab2bcac1bca9a4970e3b4dbd1e3e844e0b5e9ed11404de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c0369bedd68c84dea920f5b678331b04

SHA1
209696c020b610ae70825dd986ccf30cc32f132b

SHA256
bf8423ca5a0588710ba9053de3e03074fa5ee9f1620addcf8c99f408c40ed214

SHA512
9c89464d8c50039ed92eca26977aa1469d2c54e18c4f3e76fa69795e2b5a007b0cab21d456891c1b3cb364249feeabd810433baacf23341b8b5cd891c9f623b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3f8d876cc9ea3ef818eb94394a0ff1ad

SHA1
8bbe02fbd582812f0130bddbfb1cba815578c524

SHA256
663e2670a9fcb76a46f2f2193d3ad1db899e2acce7e79b3e09f4f2da774edf5e

SHA512
15804e88a281720114d7c084417a73b2365478f7f2f626d039ea024b1ccc04a1e3529d8183e7a362bb6bdbf43d9b3f1a0b34f56db91178ded2aba9a832bda8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
3b3d84052da9d412c8915fa3262964de

SHA1
84b12a5cd968e460b3d58ac442f2e6b1680d574d

SHA256
a7b941a138537adcf4165872de5797ff7df2e427445f62cea8953fd2163838c9

SHA512
203694814c58d1955c3c17a1077403a082f65a7706fd61e24f31529e9d04b81ef2e1be3da2a10087901c69f8ccbcec5ecfed118474d65aee43f622e7e872f768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e8d7dd315c386eb115f38f89fe938685

SHA1
81f22354d9f25e310cd63ae7e6fef381a7815623

SHA256
29328dfb108f1fc0f94185d4aaf75a53ffba124eefe0ad2dad378b5b0041e4c9

SHA512
a6d642c0fba2c0e843a61adf160e066096c7d738dcd0ab2ce96a50e514ce1dc094bcc4687f0d4f14e6511c548e7556f5e0f90180bf0f210ece787ebe38cd8df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a786bbe41e718632234e63424c13395

SHA1
af572a04ca55ac1935c6551dee3b6ded8a30571d

SHA256
3fd82b6d757f2e17c683b7da69c43841cc63e5f3b46b31e1e4c94d581e93760a

SHA512
47743b3d13d748c979f79ffc383065febc4a569b2025ff446dc302a57268d3453ac653e56df720ff6c7f1744f3ae8d41641514a64e4960be504d2b21fef43aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0f58ea00786a9953929d0e7889bcbc42

SHA1
63013a33079b523c8110bee26f06dd4b68e580e9

SHA256
2e4109856dc32770ae19f06448da642835a1621ece86c8580d00750a68c30829

SHA512
76e4d9605f141aee3a6046021e72db754c07fa218a1fa3836772b0cb956581620d3246abad2a0064e1eecbac62c331c385fe361087498cd88f307aff4d1e2838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3d831fca78e2c89b3e32f1870f99e6df

SHA1
314adb858249012b1f47f01f1043a72303f24344

SHA256
2eca50af4b20549432df2da69614112a7ce0c6c00af24d4ba6a40ea483c64675

SHA512
3439ee8c8ce1143fe2117dc1f672fc5aa10fedf60bb6ba543de6c01b38fb144a4a127ab9313a032e2357425b3b4358549adf60bb8aa87f9a539b2f0b6d06a403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
e9e8f51688ed725fa076e9bfea00337a

SHA1
ce97d64d771a8f73465fdbb9b10598862079ec75

SHA256
82f0a4e7347fe7903297a9916f397c24479529502c4ce6ac8440985c36383724

SHA512
670b75b46e3ca72c2293e59520ce8246f44385dfcd8969c48374bc7e6219a57c9351e57ede33c3cb55ec8bd2fe15a639b56dfd029b1b4fe90559a29c7da1e11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1e2557bceffe16338051af0c9487642e

SHA1
05630d8f098ce9b96dba9e59b5b1903736e8a8e3

SHA256
a5e6fe71f7d3837724ac4be27d4706c851e8b1061c6d173a863b40c09ac080a5

SHA512
90ce0b73495bf154539291500afc86b6d57d9a11ef6488fe90e79b7b83bed812ca19361956456774b36b91c6e7f114552eb47dff557b959ab0e8306f38443045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
407395e599608886361503fd8efeb058

SHA1
5786812e0f60008836030b7933e30aa4b962419d

SHA256
17b7dbabd053900561f841294efabe4231f37e8a4ccbe8e044a5ac1e75683ec6

SHA512
e420d76f43b5d72cdd7e1b13391749a84407ab3b77b05abdcf7d22bcfafdbeb967414e2e3c09865b658f6623008c284eb915a4bdd00efd9a4640dafff7573a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8390344521edd09db11b1b9b70cd5635

SHA1
41f3e0bcd3fd384d7989a113f6bd5251358ed296

SHA256
fc785ab4857c58c950c9200e4cb18ce572ae68f4fd8977bf0a3be5e8d1a74985

SHA512
0b1e67c6093897e103c4f35ca6e7a12d5be2aa6458a41b0f949c93f977e200d4649aa4e12a398c622f63cb105d5a5cfb03b4ef85457ed87077db7648e5006742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\aeac8a35-623f-4c27-bb79-711dc5bfb365.tmp

Filesize
4KB

MD5
3ff578f9d7949195efb40be5f0807007

SHA1
0b1c15f54afdd554121d8f97e4cfbcd34ea34cb4

SHA256
eb04e54e9252df063c3d1fc31fbd26919d71b9537ab39dff9130f1e79e87f41b

SHA512
4d73e1da72f33eb76792fe6d5606d86089cbea18fca6e869e8522758b7af6dcfd22bdb0437387cc63172d7f89657618c5648df217fd12b6f96e129e069a270b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4d646982b010df5f4bd2ac3831cd14b5

SHA1
c9e4e37d50fc0c1378ba3eb552b6dcafa8194d0f

SHA256
9695e7887672d6c140f2c1a18ba011d6a126f338a2464c1fc449637648b04d49

SHA512
180560ac5f254188e431b4850aaf7e84ba6dfe8b200eb6f35b25bee8ac18383a8260e5359a3a78a7b8b0b990da9afdba4c32a925e89f4001eea38a9bd7ac246b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70bafb427690c327364160dc8eb207a8

SHA1
1e68a44bef6bb6ca071a7659bac2bedb9463b1cb

SHA256
faeb79a8b7711229b53e48d870cebb6a3d61300aea1728402689bf6493b2d8d9

SHA512
5665d9475f6976ae1152d5ff39660cd975e8fc4e1b5efebfbb7ca30886c4b704a13934fb284cc7d3d4b07bf38070bc9b024865d9e52675952cbe8069f13d003b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b7500c96180a2d501ba16f11b4ede14

SHA1
3a0252e231fbf7eefab5884f9ad0b5b2cd84e3f0

SHA256
019a5e1bb5c5fadba9c34c4314db44c0b786474c9cb636a5bd588b133fbf08ce

SHA512
151e78066babbe435ef4fe338d05d1dce697c481b3681a4eb07259fd3e763f3112cd5cfa6b130414c47ab0460baf91b09e3b9a11487bdd5483aa8344301bd2e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fe2e0cb8f4aa6768584d8b43be0529b

SHA1
f3d888d69252db2d1ab584c0a365bf5d89cfbffe

SHA256
84ed4ff68b5142d94e6e13bd2020701a986218c3b8f0c3e9b4d8d060ba756219

SHA512
41b00bfb98f1e731e0ee5d506c0c6a3726f781b6236b5ea0a36ced89cc84fffeef9e8233df7f23df6c49e139402951a89bd48628fcbd3386a91ae0bc0fc5b162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c58ecd83660856bcd2571ef691af1ab7

SHA1
618943a74f519d649f81531ddca58db62719c212

SHA256
7b044adca9a3d1f5860e607b99c6557f542b8ebed528d7eeb131eee2804d3298

SHA512
73f435b05bc4afc3f7dd926efb5983da5143187b2db0f9dfa2701af5831ed0ee8a69a79147a834c17f0f00c4cbd9adc6c600147a49308b3f05c42ace533ee819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7917c7c00e13e0d7c37e53f1b3d5804

SHA1
283869f057a6874987b4bfe6963f0e82320a1213

SHA256
960f307209d0f71e470953d6dc09519841b4b80bfe9b79daad0da8ef548b9582

SHA512
fab0769c848108e9f2435140520e651d4009f20d6cdf9fe650858f20e295bfd1f135da4856a5ffc543ac1cedbd12796e927ab956338fe674d1c4a760b0410482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
309d5d81d7ddc3bed0ba8661efa84e8f

SHA1
41e044c8406957af674f089643c8a4d791c74bec

SHA256
78ab1d67c2be9f32a3975905b0ba4b9a9d64204415f35d61c133a07ffcb00a59

SHA512
02d6b71a91dc4fcd7339ca8a01c7784653c2e996b9a7e360d3b353425034d034797b44c96e7216ed28beb5df460f194dc1d8627b19398d07994880bdd43f265d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ad1a3f7c7fd1e3d79cfd03c8c570bcd

SHA1
e9d9bd7fd8f6ac6ac64e75ee60c7e8230310552b

SHA256
fa6a7c36ca07c436d7f0da965d1c0f00a8f15e71fe52f5682233a0dc9d9a00e0

SHA512
bcf0901f6fc566586347af4d7a422769d2caa3c209205b0a5203ce0877a6e0b7c1d44f70c66d163162c456b819800f4dbd52b8adbc77953bf1de841f656feef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
255ef9cc52a33d990d4b963480e04ac1

SHA1
53c6ac23d9385efbc529906d5dbba4c6b7a59eb4

SHA256
051f60d0bf520d91cebd5e5edbf719bafb2c8180fb45106796bb44c304fd69e7

SHA512
b17f6525042872b946a27ff6e4f50e4d11f5d7f557e6a568c7d42c32704ac8fd3cd5a59f0b423cb0b6b7f91be448e5b80ae75ef1fda3541441cd4b2a964877a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9326c73e0c0d5bc243e43670e5d1156

SHA1
c35c2f788c9e1ab0e1ff336d16b30bcb294de177

SHA256
9c7e06abc1eeefc45d625e8b6a606deb9e1c19a30ab2aaa41640afa3b084e8e8

SHA512
fd9acd85e88c49abaa2c2b2328f6b90cb49457dbca60e4e9a1cc777ea802a94ee0ee1f0215033db0bd3bcae618f760efb9bc4325ee65638d31d5f684c91b8ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f5dc80fa9f0e17c13137f64458bf5d38

SHA1
759ca7b2c07f4f29ce88a69d892a7ec827760d87

SHA256
eb76b6de4bf9672b2516a1af8b0160c59ca3f8f1327638ba9c307cdf43b840a5

SHA512
cb86a8a182cd274e7edd04b239461ebf41fb5dc4c3b3ce4c778bf6faa2f62536c876f08064aa2cfebd9f3151b2c545e60eff3939d1dff37a7de4e447850c4a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0f1e4a167e3668a543ea7923d8ce4cc7

SHA1
d7bc3decec516e78f446e14729010f197d234ff3

SHA256
0920a4938cbfa94a8d84259b4a1108d4351da62da271898856d858acfd093db3

SHA512
5628bf4392b4f1d8f9853a61712850fdfcee2134e561e910c4633c1f6937a1a400972e17c0f4369d94858639f133a04e3bfb66de8c29d4a159dd10344025c1a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5b07e0de3af111248e38793a93c8c4bd

SHA1
4a52cf60a0e3a56c30288b394a7c84532dc04f4a

SHA256
371c2a96b3bd0e4b9e5c97097f307ac0caafc25d67df78554b165ae85c9687f4

SHA512
2856aad779f3910e305556ef8b6d5e0bd83de2b5481995abd6e0ab97eb5fa8102208a2f072c0e47242134e129d490d4bcaf21e748c90eac964dbe2b16d227f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ca980271-8db0-4b0c-b878-618ae32058f6.tmp

Filesize
649B

MD5
cb01b238dd1185e0dd475dd8250bb1a9

SHA1
f83b1b61408e5c3b0fef0cccb2d60f154913c8ad

SHA256
574cb24bd69c0bc446b2c2d98f87351d23cddcb14701b8bcbdb303ad5d11cf23

SHA512
0c8334671a072912c40b86fca319787d85d1c4af91fb6cc6fe2d6012531d49b2fc31bbfb6392fbdb96422ce4401c1fbafe29e59d23b40582a35f43ec5f0e5e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1dab5ccae5931dee1018792efe1526dd

SHA1
0ddd2c3d513021905c8eb6e7c291a365dbbb07dc

SHA256
0487a72c13ecaf34bd7b1e4024df987f4dc84ee8543820c548ceb3945d4558f7

SHA512
98e8d9f586f44b8522a5592a1103cb2b6fa60527fffd2b8c060fea69a47ac4f385f8bed0c4d2447f5db353143f08fcaae1fc3d9f73c3b2c01d49e23ae35f1888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
4ae3c3fa0b1a6a755b3dc447b9ab75f8

SHA1
437e350a00afb915795c8f561efdf27e1be4aa27

SHA256
5cd18f3bac528ad3bead4bc976725a46f19e059c85766d41756fdb48f2423f60

SHA512
fac7a3f18bf09d60914227cd2178e337e718ef1de04723fc1be613ccc6ffa62fadb72a751da21507afd676a6583fdd600847517bf8aa5c64adbb69ca7b620bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ad666e03fe3dd2c0dc0d387e8c976a5a

SHA1
21307291302218c5b18ed0e5308ebe0e1525c79b

SHA256
ac5ff8195d22f8e116b0d007c65b77b30d0aa75fcd204ca33f33e475794620af

SHA512
6050ab867a30126bb7325ca5428cc8ded131c1879d5dda6bf8ac38fde3c832ffb4325cf8b0361d4d84f2c2713f640dc1600f6470cb0d1b98894ba9e3f732d566

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4756_1145806428\625200d7-8b6c-4cb7-9a87-edfe9b6c7fe7.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4756_1145806428\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2748-603-0x00007FFF48353000-0x00007FFF48355000-memory.dmp

Filesize
8KB

Download
memory/2748-606-0x00007FFF48350000-0x00007FFF48E11000-memory.dmp

Filesize
10.8MB

Download
memory/2748-4-0x00000248E4560000-0x00000248E4A88000-memory.dmp

Filesize
5.2MB

Download
memory/2748-3-0x00007FFF48350000-0x00007FFF48E11000-memory.dmp

Filesize
10.8MB

Download
memory/2748-1-0x00007FFF48353000-0x00007FFF48355000-memory.dmp

Filesize
8KB

Download
memory/2748-2-0x00000248E3D60000-0x00000248E3F22000-memory.dmp

Filesize
1.8MB

Download
memory/2748-0-0x00000248C9750000-0x00000248C9768000-memory.dmp

Filesize
96KB

Download