discordrat | 66e66e7cfc1fdbd78fe93b94868793bf6b39385f729b30ee8222d9a10e2b4953

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-01-2025 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

a335f7430f76494c6cd48e075d9234fb
SHA1

5ae9f1dc16728465a806e697d33d2b786724e2e8
SHA256

66e66e7cfc1fdbd78fe93b94868793bf6b39385f729b30ee8222d9a10e2b4953
SHA512

dfb29f07f1dc1da41a358ba5e64f05c6c0ea88d76163464a7728b20f3ac2d857fde800354e6ca4faa4ff0943715b7ecc9b0899589bd3db247682d9a05ae86668
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC

Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMDk4MTIyODExMDY3NTk5OA.GTXYi1.Ia-IJmhfUV7i8S3D2PVGX1vSSL8paN3mBZjXqo
server_id
1330981226093346919

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

T1102

flow	ioc
190	discord.com
179	discord.com
180	discord.com
188	raw.githubusercontent.com
187	discord.com
15	discord.com
183	discord.com
185	discord.com
105	discord.com
182	raw.githubusercontent.com
189	discord.com
226	discord.com
227	discord.com
16	discord.com
30	discord.com
98	discord.com
186	discord.com
99	discord.com
106	discord.com
181	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133819535818620440"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{8BD987F4-7021-4750-A409-5D9F43A9589E}	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4580	Client-built.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 2076	5008	chrome.exe	85
PID 5008 wrote to memory of 2076	5008	chrome.exe	85
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 1892	5008	chrome.exe	86
PID 5008 wrote to memory of 760	5008	chrome.exe	87
PID 5008 wrote to memory of 760	5008	chrome.exe	87
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88
PID 5008 wrote to memory of 2184	5008	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8237ccc40,0x7ff8237ccc4c,0x7ff8237ccc58
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4024,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3364,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4440,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4516,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5272,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5132,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6008,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5980,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5364,i,14218048295925396649,16324075055643744069,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2384

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
742b56833fc7885f10b339c3a64ac19c

SHA1
67769228ec5170fcdb8b8308c99a6f0a3ab5cc2d

SHA256
e28c405839c9d06e59096267c18cb2639ca682f6145cbe530337ce55414ab075

SHA512
d20d76b6ba88145aca4ec37ab95fad5ff6ac31bdef8f90324aebd756694b8b7ce746e6ed87521e90ee64e95b9e983f519a848ae80fcee5f590c48802c3d93de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ee

Filesize
20KB

MD5
f92ec8f4044bb8a416e05e255b7e0b6f

SHA1
d33dba53f960cd40b87a6159b0daae2a4475a638

SHA256
87913cddf943d3eba9140536ce406ec3abf4f637b417c05a973cc096b9929346

SHA512
4a1735c357944712e8187580950884834842b50b0bf323305de397823cbccb74cf57e371da6a542bede6cfd60f9328e89630093a22aeed6c07dd2dcc63fb7a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a95d5f9f2ec8a62c1033420e2c6a5b31

SHA1
fe7c789d551887554d536603ad74c6cca861ff6c

SHA256
668a9ba0370e79689cfd9c054c6d07e4ab5ef9ca5f168b23b25088d08405bbc7

SHA512
183d24eb9821e894b5da1dcede5cda8f9aa1f743384c3a647385a10959fdbd6fac898303dbe10e8d910892f202696319b3d4b837105f17b58810b0e3d7bd052c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4d7f8ba128ec7f3f503999793fa4c25b

SHA1
e01d66f47bb85f02845288403ff2afa83955e7ed

SHA256
0ae9985f7efb331f0122cecdc5e4128aa01fe359b7830281effb792efd3b5987

SHA512
573b53f8cabcf976b7a9c50ca6643347a58d20224922dde17e4e0993ba3163ffb5bb6da52f91df946f6ad5b9b09515c1ab9147bf82e9d522180dab7732901a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
265271932cd5f0928fe1314f63da310b

SHA1
bbf897cb467220d4cc29b54697239e73005647be

SHA256
66a929d2513cba23b62f3a1a34c17424894b06894710c8eb80ca282e88bcb21a

SHA512
ffb1d5de3320445478057462e432ea09630e86dc6eab141aad253441f14479e2429b706dccee9863c4d618948f660914d5dec5d054945d2c4118f3dc89d098a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG

Filesize
387B

MD5
21daa4ce11a1490e087cd771f4ec48cb

SHA1
0315e1d17547186c840cb0a1db1e8e8322f1398a

SHA256
a2e140c36943fad1845a05bcebc55e78553141e68e401d56e4fe7639092a4bd2

SHA512
e8f6255a2586503e728bcfaecf2542ee013fb6ee34363849bef275eaf0a0d81060b390b872399ce4044167bfae8023ed1e197e617962a229cd50dbb0766a58bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe593195.TMP

Filesize
510B

MD5
d3c043efcb918349c1f2e9fb337feeec

SHA1
458d9199d6391e0c21c1e0c3f7b85c29dc5f705a

SHA256
808efa47645385cbf4d5219912815626256e2b961c67575fbdf9aba0852d9152

SHA512
281b66b24f83af26e6bdbf877989f74987b782687882e70f738e61ef6ecb331c7c5ad3f78ed9bb393435cc9f8fd1da39b7928c66ed59ff15ab4e971da2430865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
40KB

MD5
dfa4a171cb199c246518f3462fd9c992

SHA1
ffca2e92ac42d05726d07b6cb8a3ad1cc0195e11

SHA256
fa83cf58c7f349f248f7f39511d176d3889030267a9a78675b5b5ef096e5ff3a

SHA512
1d57ea091f7ff6463bef3e8a1fab028aa9c1a8bfe938504d27a9f3a6c81801be6096a8e09ad4fbc82ac204a0d46c0b6b2d6fde00c82cc1539bbd64e91b1e4495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9062234ea666302ed8c901e9eedfd1c0

SHA1
8b60ec732c0bf0e644efd9fc76cc7f45bbedb4d5

SHA256
e54605010539e7a0cf4ffb1522714c6436d37309c326c2d861813972dfb1e978

SHA512
1bca3c8998517d254db39f246637f0c9ae9b31b4b618727ba6b3bafb210a79d25483e537c40732e74019a692bbc9786a5ae8db49b444f4788dc71f8121c941f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
eddf6003c94a30f8f4c85ae7a1e61e50

SHA1
a222c6dc6849cc74e8ecaa0aa6e8865f1ecbf1a6

SHA256
73d7f894813625cbbe58e5502773a05839a3dbaee8fab2b4f9e29ede19d80fdb

SHA512
d5328183912a0a7edebddf98b5280fb1655b1a140d8fbe569fec138d4e3d4dbb122484928849db1e6aa4be9e10824a1a25e3acd9f52b1a2100dba34bb5c77a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7e391e0e0cb9fa9da13d9f8b79e1094b

SHA1
bfe718d574ca53fe5dff9103e96a400d332697fe

SHA256
77c7a0e9a1a045aac196504e1847191d8036151484c66c84436c90e09e8382f0

SHA512
ea80422ef3fda5f3a1d0c3353bbc66f70d87ba0275727d6b2bad3b0a8ba9c4fe19f42c883f08dcae3a8827178f1b600e1aac3ad20db4937b26db1d0e7f9b6307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7b331f1822271c2137ff1b6ce93fceca

SHA1
7b43d314ecfdffaf38630cfe550c82bdaffd35e4

SHA256
c28cb6d23494cc2c066a91de70f2bbe453ed89c69db041cf5104e75b206f9822

SHA512
f1b23d0e5ae8f033d153631be27b4baa566c082f593308f59defb1457fbc33d0422b476f05ce1ad6c4b89f840ecef6203d93040431b5a758dbea5af56db400e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cbddd2fe2d5987274ad7946029133fe7

SHA1
3a14c4d0d6ae40baf4752199560efc2993f85c8b

SHA256
094ce3bf4039ab310410ec81ab02c0ae2851eaf9b9848726ecfbb3014067b1f2

SHA512
58581f3b87d9eaad1e4eb40c510b53b723aca656c197e37a63a2fd67b58b1cef8b5b9ecf3fda320bf73203017ea477da906efbcfb4b42d3e7bc2fafa17ee7e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
145999884aa32ceef9fe3ad203333355

SHA1
7d3a17bee82d955e19923b3d20aabcef0719f1c1

SHA256
59ff7d19ec033baeb4e8e9fdc83a2a64cce2fee45323db41f3be7e7b2c2d1bde

SHA512
85f2d7d63ac2676916d0c0c5cebe7ef6acef4b45c0bc34ab015d552584f3d26050080dbccc120e6c9fed3f6c7d29fd56d7b21c5d0dbbd2c5f838aa115cd612b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3911aae992f7d2249d7674e8409e04e8

SHA1
0d42cb168f3454a232f8ac1e3cc0a6ac07e06181

SHA256
721da1d728266d0114f92276de831a3acbb8ed28a7f116fa1f54b2b0c6d9e431

SHA512
613f212df21eb2607bd69605ef4a43d1abf91034fc56ee44eb93613bf69f41d80703736e9f84386ebfc1cd5a02b3bdeb4a085defefb4b66b9d5b121335e8d91f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
033e7472eb1b8716d2f337f6789dde88

SHA1
c3dc100c060e16088119508682adf6ed34df0fe6

SHA256
dab1505240c374ae97f01c9cb97a0b2201a192c4330b643469b1cedd15f98b82

SHA512
e4350f15a461ded3ff8b4d9985011c3a758cc1a29b6aec2ce6e179a122222995323dba5d461408cfcb319d92cdb5d2847f3a0c9588fbaa24837a8f499aaf7e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5dd4d0e20e82a512e33b3cf5891098e

SHA1
4720d64e7d88895c7f330a374fb237553612c454

SHA256
5190da797bd93207e4871ecabd4dcbb9aabde0fa0502329f9c9021362ea3b7e8

SHA512
3eebc4e9269002b44a177b724d50cce31cd71289916953c8c4e4be1f9a2d15e7f657761a895ab86e5901e6be3856518f66ddf28b4e5388271bd22483392756fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
135540ca52daae5750345f11a7601010

SHA1
7af287851178972c1bc6e1cd6177e67d07c2f74d

SHA256
303f25bc1b87befe7d034d2429a13325af9ca9d8a0804c4cf9ca131cf958ea30

SHA512
7cd968eb0d171a3173aec942853cd7d2897e8e48f346b57246bf28563ffa9ccc610dfad827388af1999e7846b585dd07ffb52f3c68c13e547af8c3f69c18ae00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49b94b1152862aad48972c3876887b1b

SHA1
9ee6336e716430841a9f6c00c089014b41b0baaa

SHA256
2f80613d290765d938d79f24da96df9d60ed670a956018f6cfb3351db28b14f9

SHA512
e0465efb446f4f3d1b29b5ed7d09da049cba379bbdf743db6d3dc58fe07408af91b8f42c287e77b3fd23d9cef283f2f9bf5372b11c7bd7d7dbbef97b927c01fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e437b0986d5fe702cf769ac3eefa6d32

SHA1
1be164ca0e45d5e914798369ef58ca9b19093a86

SHA256
1fb7b358a9b2e6af81e00834cc0cd55f19f2723c35b3819a1dd6f130232f60a4

SHA512
85c719e4cf17c17b53ac56f03b78d463ec774d2385ab7a954b5a0ee0797ff5429269573bd389a894ab996a68b907547a0e8323c690f38dc9f5acff60b3e190a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0d84f928a0494f9c18fd36497a7054a

SHA1
83b9cb9354f34eb2d85eba360b717d7a96e46aff

SHA256
6053b7a6e90615af861abd5ab4da7e027063a3cbdc6f3060031f8e68ab5dbf4c

SHA512
dd30a4b29462595d17580e3402e1c54cb3885eb683a21aacef44042a62a34ad235b7adf626a505d46aa1bddf0e492c790d1d5706a12e3a9c5d832920aa9ef4ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af19bf385deef817a1e7860db9523fbf

SHA1
68801599d7f4fbb515bc790278edf4bb658a56c5

SHA256
762e0c49a14afe245751df8919fc060e805bb8e5c0c2ed496e5b22eaaea24dae

SHA512
ca71aff62f046c0f83722cbb5142a92b71df3365c92cf45624cc20913408d33041eec4408972f0ab9e30912ab0207314a2b8e5f0040ff37410b6ec6c8a0fb5bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
91badb017aaa602a45e2f20bfb3a762c

SHA1
ddf740842cc1c1e5d91e33c8c8e07cb9c09bcb53

SHA256
0ab8e6ab5bd8da5b4111b549bdcf465138c83e9ff3f42349f873233f92b38c82

SHA512
b04f099bf7cc8a47123b15e8a1e52a1c1de9c675fbd5ca92469210820dd87212a3c9b135d16762355140a1d87da5fe23ecd12ff296ade0978dec190edc82b114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84797bce55a2dd65231f96068cb55129

SHA1
4210cbb33abbd6fc94c4f8d67d0ccafb16c6f9e2

SHA256
e914adb100f74d221be78a1d498e6a721fdfd9c62c8fa12a72abbe91fa709b9f

SHA512
9584f85a58af0ef2ec241d0b4778433d472fe3ac06a69ed3640c3f84a639ce81b8a1cd8366a508ebdc5f5f1aa0f59521f928a5229799558c348bccf2e8862248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0c4a12e8456c98c56e45a5ae342bb45

SHA1
8207d08f925cdb3d414703c517c09ab4365ace85

SHA256
da1f9e64efb8b7d0de8676be6b5c13791d314e31176b24913f0d2ddb431cf99c

SHA512
272cc5c583aed9ef9014a2e48519418f5652ee8b78b55cbca0b181d6fe140ba2e1bb0f696d9c02c60195378138d59b88eb743bcbcec67c6e5b303628f4998f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3fc9851f3a3f193e7c2acc57c4306ae0

SHA1
1235a7627b82b05f78e20cc8ed7a801c91d40ce1

SHA256
c649149ba49ef1d2efd65c0f652b61ba7cc17b02fbd02deabc86aea085fb6947

SHA512
be4d9975e0c614e619637b500dcffff20280f61e9ea4e97e7155a051f3353c2b9dc31dfccc735e1f8f180d84dcb756ba5652cb8ea4193fa418d710b7acf15616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15be5efd37266ab14be46d12e87de448

SHA1
e12c65e220c2831423ca5917e9de0c4095f8cbea

SHA256
74493532e06aa998cda8edf5babc1b131eb308c6749f4ce4ec2138bceeb346a3

SHA512
32d8550a40680c955f9049765f8533a7c5950f57e296b89944e1f8e51c1a672474a6e998a729d2615d2cddf75363c1c1c804e4404c94a68b998f25fdff6ac596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc9e01c1c6f3d6854c612931ab5e8f8d

SHA1
d5a746e1710bc236fd651dad7d05d89ef796916b

SHA256
5f0f30b4750de7c882486cbd1753089e79cf38d7c96755135217e6bbad7fd23c

SHA512
91fa42968504fb0f77381d73ccfc3cc19c60345f791d4e22cb87d246931764b135504685b77815a1345b8e4dd079536e7dd5e9f24a911f03fde77d9e07b891ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe58246b.TMP

Filesize
9KB

MD5
84e95d1ff5d20b3584131bd3877d821f

SHA1
420adba3238ad880699b0cffd64a99b5c7c55d3f

SHA256
0f3be2ec36e54329ee44049d31c831015bcd0fe76657924f06569df191e36631

SHA512
79928e9d401e0e7e1e45ff143d5ff2adb902b4198f50ddf742e96dd0e419d38d4a2066bfa3a0e07babd03259f6069947370a6dab3f42e9440bf165ae68a28696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b20492421208befb0979a30957919ef9

SHA1
dd197cb0dfcfe3b1924bfda3d7af0974e71fd908

SHA256
44d5a62e04365293b3a84fd68bee37bd30ddc32e3e6a73ef339f1b9f734dbc11

SHA512
8e75fe8082d6cc0cc45d3f4caa90bec912b0f90223b16d878947256d426804c628d0e409dfe25144a9bfdcd529b9cfeb3fbbb1aad4ac35f2ebd1893f8e153bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
08d58a79063350f8fcddc9f8ed943e51

SHA1
09b325cfb1e12c386f96615152d77c769e4cc581

SHA256
f9a5fde859e9407623a2363df43c075780f7e8e3c7522ceab22cf377aaeeef8a

SHA512
4efb666f6cea78e51cd6ef4f9e8dd178bf0d8ed86ff5f4572699c2bada223c0aa17bed5052dec9818f0b7fad2169988438e5bf62e6abd8e61916c96592b51128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
488f0af99793131fca76ff34e24cc564

SHA1
3312010d9840f71e054efb5802de570b7b2c8f9a

SHA256
7d1d43e576541f2c1eeb117306fab49f86a9c225c4a329e363e2c8b7377aea53

SHA512
9744e695a0262cc907560d7d4d6d8509423a21d32fdf2eaac7c32ef3b44640af2551fe0ef6bdeb1811713c41529656fb1f07820886a84c2604e11fad604e4f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
289837e746afe664926f7df80738415e

SHA1
6adba0267d5af460c05819ab589c67c6678562ee

SHA256
ac944abfe2ca59dc187f70b9b91d24e1734a4c748a576d187fdbb63e9722556d

SHA512
193a5895f936d5f94316853478f938061b62feed1c8007b50f11f1fbc96d2131991d81cfde8de0384eaa3d632f1e24c614ce0e9fc892bbab4804d5fb8e0c6f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5b575daf49d9361877b4d49ef989aa13

SHA1
5e5b075e0b0839f71efb4c7f0bb9bca29b6bfcb0

SHA256
956a7e306e29ec18717f48d01dc20d2decef0c8a10b879fb3561160ed54d02c6

SHA512
09899c1859e5defefa80cfa8a35cc05c47ccf4232e22c4695c5c2155beaf3a45f6bd1e54eff2f334f1eba6a2d7bae041d4c27c95c492c703f74dacc1d41d1632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
080de55873bb2836a0baae07502c3ad5

SHA1
f8c4a4e762dc45714926447ca75c95d490ef9f21

SHA256
49d49a2f314ae074534c4f7b4384ad3a8958e0f3c95fa53933a5cc69f8e626da

SHA512
82a95c80bd160a24cb578075f93101800f3aa887a8f626dc01fe5e5f2c600d427ce2ab16db0f414193c1bcee99c983cd81afc6bfce8469606bbbe9d7ea46c930

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5008_1954642451\36131e31-ea0d-4b5c-a4ec-2f38f9e36956.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5008_1954642451\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4580-585-0x00007FF828243000-0x00007FF828245000-memory.dmp

Filesize
8KB

Download
memory/4580-1234-0x0000027775C90000-0x0000027775D06000-memory.dmp

Filesize
472KB

Download
memory/4580-1233-0x00000277752A0000-0x000002777556A000-memory.dmp

Filesize
2.8MB

Download
memory/4580-1244-0x0000027774690000-0x00000277746A2000-memory.dmp

Filesize
72KB

Download
memory/4580-0-0x00007FF828243000-0x00007FF828245000-memory.dmp

Filesize
8KB

Download
memory/4580-1247-0x0000027775570000-0x00000277755C0000-memory.dmp

Filesize
320KB

Download
memory/4580-1245-0x0000027774EE0000-0x0000027774EFE000-memory.dmp

Filesize
120KB

Download
memory/4580-4-0x0000027775760000-0x0000027775C88000-memory.dmp

Filesize
5.2MB

Download
memory/4580-3-0x00007FF828240000-0x00007FF828D01000-memory.dmp

Filesize
10.8MB

Download
memory/4580-2-0x0000027774F60000-0x0000027775122000-memory.dmp

Filesize
1.8MB

Download
memory/4580-595-0x00007FF828240000-0x00007FF828D01000-memory.dmp

Filesize
10.8MB

Download
memory/4580-1-0x0000027772920000-0x0000027772938000-memory.dmp

Filesize
96KB

Download